Puppet Class: apache::mod::md

Defined in:
manifests/mod/md.pp

Summary

Installs and configures `mod_md`.

Overview

Note:

Unsupported platforms: CentOS: 6, 7; OracleLinux: all; RedHat: 6, 7; Scientific: all; SLES: all; Ubuntu: 18

Parameters:

  • md_activation_delay (Optional[String]) (defaults to: undef)

    -

  • md_base_server (Optional[Apache::OnOff]) (defaults to: undef)

    Control if base server may be managed or only virtual hosts.

  • md_ca_challenges (Optional[Array[Enum['dns-01', 'http-01', 'tls-alpn-01']]]) (defaults to: undef)

    Type of ACME challenge used to prove domain ownership.

  • md_certificate_agreement (Optional[Enum['accepted']]) (defaults to: undef)

    You confirm that you accepted the Terms of Service of the Certificate Authority.

  • md_certificate_authority (Optional[Stdlib::HTTPUrl]) (defaults to: undef)

    The URL of the ACME Certificate Authority service.

  • md_certificate_check (Optional[String]) (defaults to: undef)

    -

  • md_certificate_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Specify a static certificate file for the MD.

  • md_certificate_key_file (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Specify a static private key for for the static cerrtificate.

  • md_certificate_monitor (Optional[String]) (defaults to: undef)

    The URL of a certificate log monitor.

  • md_certificate_protocol (Optional[Enum['ACME']]) (defaults to: undef)

    The protocol to use with the Certificate Authority.

  • md_certificate_status (Optional[Apache::OnOff]) (defaults to: undef)

    Exposes public certificate information in JSON.

  • md_challenge_dns01 (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Define a program to be called when the ‘dns-01` challenge needs to be setup/torn down.

  • md_challenge_dns01_version (Optional[Integer[1,2]]) (defaults to: undef)

    Set the type of arguments to call MDChallengeDns01 with

  • md_check_interval (Optional[String]) (defaults to: undef)

    Determines how often certificates are checked

  • md_contact_email (Optional[String]) (defaults to: undef)

    The ACME protocol requires you to give a contact url when you sign up.

  • md_external_account_binding (Optional[String]) (defaults to: undef)

    Set the external account binding keyid and hmac values to use at CA

  • md_http_proxy (Optional[Stdlib::HTTPUrl]) (defaults to: undef)

    Define a proxy for outgoing connections.

  • md_initial_delay (Optional[String]) (defaults to: undef)

    How long to delay the first certificate check.

  • md_match_names (Optional[String]) (defaults to: undef)

    Determines how DNS names are matched to vhosts

  • md_members (Optional[Enum['auto', 'manual']]) (defaults to: undef)

    Control if the alias domain names are automatically added.

  • md_message_cmd (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Handle events for Manage Domains.

  • md_must_staple (Optional[Apache::OnOff]) (defaults to: undef)

    Control if new certificates carry the OCSP Must Staple flag.

  • md_notify_cmd (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Run a program when a Managed Domain is ready.

  • md_port_map (Optional[String]) (defaults to: undef)

    Map external to internal ports for domain ownership verification.

  • md_private_keys (Optional[String]) (defaults to: undef)

    Set type and size of the private keys generated.

  • md_profile (Optional[String]) (defaults to: undef)

    Use a specific ACME profile from the CA

  • md_profile_mandatory (Optional[Apache::OnOff]) (defaults to: undef)

    Control if an MDProfile is mandatory.

  • md_renew_mode (Optional[Enum['always', 'auto', 'manual']]) (defaults to: undef)

    Controls if certificates shall be renewed.

  • md_renew_via_ari (Optional[Apache::OnOff]) (defaults to: undef)

    usage of the ACME ARI extension (rfc9773).

  • md_renew_window (Optional[String]) (defaults to: undef)

    Control when a certificate will be renewed.

  • md_require_https (Optional[Enum['off', 'permanent', 'temporary']]) (defaults to: undef)

    Redirects http: traffic to https: for Managed Domains. An http: Virtual Host must nevertheless be setup for that domain.

  • md_retry_delay (Optional[String]) (defaults to: undef)

    Time length for first retry, doubled on every consecutive error.

  • md_retry_failover (Optional[Integer[0]]) (defaults to: undef)

    The number of errors before a failover to another CA is triggered

  • md_server_status (Optional[Apache::OnOff]) (defaults to: undef)

    Control if Managed Domain information is added to server-status.

  • md_staple_others (Optional[Apache::OnOff]) (defaults to: undef)

    Enable stapling for certificates not managed by mod_md.

  • md_stapling (Optional[Apache::OnOff]) (defaults to: undef)

    Enable stapling for all or a particular MDomain.

  • md_stapling_keep_response (Optional[String]) (defaults to: undef)

    Controls when old responses should be removed.

  • md_stapling_renew_window (Optional[String]) (defaults to: undef)

    Control when the stapling responses will be renewed.

  • md_store_dir (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path on the local file system to store the Managed Domains data.

  • md_store_locks (Optional[String]) (defaults to: undef)

    Configure locking of store for updates

  • md_warn_window (Optional[String]) (defaults to: undef)

    Define the time window when you want to be warned about an expiring certificate.

See Also:



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
 
# File 'manifests/mod/md.pp', line 134

class apache::mod::md (
  Optional[String]                                          $md_activation_delay       = undef,
  Optional[Apache::OnOff]                                   $md_base_server            = undef,
  Optional[Array[Enum['dns-01', 'http-01', 'tls-alpn-01']]] $md_ca_challenges          = undef,
  Optional[Enum['accepted']]                                $md_certificate_agreement  = undef,
  Optional[Stdlib::HTTPUrl]                                 $md_certificate_authority  = undef,
  Optional[String]                                          $md_certificate_check      = undef, # undocumented
  Optional[Stdlib::Absolutepath]                            $md_certificate_file       = undef,
  Optional[Stdlib::Absolutepath]                            $md_certificate_key_file   = undef,
  Optional[String]                                          $md_certificate_monitor    = undef,
  Optional[Enum['ACME']]                                    $md_certificate_protocol   = undef,
  Optional[Apache::OnOff]                                   $md_certificate_status     = undef,
  Optional[Stdlib::Absolutepath]                            $md_challenge_dns01        = undef,
  Optional[Integer[1,2]]                                    $md_challenge_dns01_version = undef,
  Optional[String]                                          $md_check_interval         = undef,
  Optional[String]                                          $md_contact_email          = undef,
  Optional[String]                                          $md_external_account_binding = undef,
  Optional[Stdlib::HTTPUrl]                                 $md_http_proxy             = undef,
  Optional[String]                                          $md_initial_delay          = undef,
  Optional[String]                                          $md_match_names            = undef,
  Optional[Enum['auto', 'manual']]                          $md_members                = undef,
  Optional[Stdlib::Absolutepath]                            $md_message_cmd            = undef,
  Optional[Apache::OnOff]                                   $md_must_staple            = undef,
  Optional[Stdlib::Absolutepath]                            $md_notify_cmd             = undef,
  Optional[String]                                          $md_port_map               = undef,
  Optional[String]                                          $md_private_keys           = undef,
  Optional[String]                                          $md_profile                = undef,
  Optional[Apache::OnOff]                                   $md_profile_mandatory      = undef,
  Optional[Enum['always', 'auto', 'manual']]                $md_renew_mode             = undef,
  Optional[Apache::OnOff]                                   $md_renew_via_ari          = undef,
  Optional[String]                                          $md_renew_window           = undef,
  Optional[Enum['off', 'permanent', 'temporary']]           $md_require_https          = undef,
  Optional[String]                                          $md_retry_delay            = undef,
  Optional[Integer[0]]                                      $md_retry_failover         = undef,
  Optional[Apache::OnOff]                                   $md_server_status          = undef,
  Optional[Apache::OnOff]                                   $md_staple_others          = undef,
  Optional[Apache::OnOff]                                   $md_stapling               = undef,
  Optional[String]                                          $md_stapling_keep_response = undef,
  Optional[String]                                          $md_stapling_renew_window  = undef,
  Optional[Stdlib::Absolutepath]                            $md_store_dir              = undef,
  Optional[String]                                          $md_store_locks            = undef,
  Optional[String]                                          $md_warn_window            = undef,
) {
  include apache
  include apache::mod::watchdog

  apache::mod { 'md':
  }

  file { 'md.conf':
    ensure  => file,
    path    => "${apache::mod_dir}/md.conf",
    mode    => $apache::file_mode,
    content => epp('apache/mod/md.conf.epp'),
    require => Exec["mkdir ${apache::mod_dir}"],
    before  => File[$apache::mod_dir],
    notify  => Class['apache::service'],
  }
}