1

I'm relatively new to puppet and currently working on 'puppetlabs-apache' module. I'm missing something while setting both ssl and non-ssl on a virtual-host.

Manifest applied:

include apache
include apache::mod::rewrite

#apache::vhost { 'site.mydomain.com':
# port         => '80',
# docroot      => '/var/www/site',
# rewrite_rule => '(.*) https://site.mydomain.com [R,L]',
#}

apache::vhost { 'site.mydomain.com':
  port          => '443',
  ssl           => true,
  docroot       => '/var/www/site',
  docroot_owner => 'www-data',
  docroot_group => 'www-data',
#  rewrite_rule  => '(.*) https://site.mydomain.com [R,L]',
}

The thing is I don't need the non-ssl (80 port), but all requests should redirect to 443.

If I comment out the first vhost definition of site.mydomain.com for port 80, it throws an error:

Error 400 on SERVER: Duplicate declaration: Apache::Vhost[site2.mydomain.com] is already declared in file..

Not sure what I'm missing here. What should I do to make this permanent redirect happen?

http://site2.mydomain.com/ => https://site2.mydomain.com/
Vineeth Vijayan
  • 15
  • 5

2 Answers2

1

To configure a virtual host to redirect unencrypted connections to SSL, declare them with separate apache::vhost defined types and redirect unencrypted requests to the virtual host with SSL enabled:

apache::vhost { 'site.mydomain.com:80':
  servername      => 'site.mydomain.com',
  port            => '80',
  docroot         => '/var/www/site',
  rewrite_rule    => '(.*) https://site.mydomain.com [R,L]',
  redirect_status => 'permanent',
  redirect_dest   => 'https://site.mydomain.com'
}

apache::vhost { 'site.mydomain.com:443':
  servername    => 'site.mydomain.com',
  port          => '443',
  ssl           => true,
  docroot       => '/var/www/site',
  docroot_owner => 'www-data',
  docroot_group => 'www-data',
  rewrite_rule  => '(.*) https://site.mydomain.com [R,L]',
}

You also needed those additional redirect attributes for the non-ssl virtualhost resource. Since apache::vhost is a defined resource type with no namevar, you can circumvent the multiple resource declaration issue by using two unique and purely cosmetic resource titles.

Matthew Schuchard
  • 25,172
  • 3
  • 47
  • 67
  • Thank you so much. I get the idea, but there is one slight problem with this. This will create 2 virtualhost configurations [site.mydomain.com_ssl.conf, site.mydomain.com_non-ssl.conf] with **ServerName site.mydomain.com non-ssl** and **ServerName site.mydomain.com ssl** , which will throw an error, `AH00526: Syntax error on line 7 of /etc/apache2/sites-enabled/25-site.mydomain.com_non-ssl.conf: ServerName takes one argument, The hostname and port of the server ` – Vineeth Vijayan Feb 14 '17 at 13:02
  • @VineethVijayan This is literally how the documentation for `puppetlabs-apache` says to solve your problem. Either that conf file syntax error stems from elsewhere or the module itself has an issue. Which does it seem is more likely here? – Matthew Schuchard Feb 14 '17 at 13:04
  • The error made sense, and putting port instead there works..!! `apache::vhost { 'site.mydomain.com:80' ... } apache::vhost { 'site.mydomain.com:443' : ...} ` – Vineeth Vijayan Feb 14 '17 at 13:09
  • @VineethVijayan That sounds like a problem with the module. You may want to report it to the maintainer on Github. I will update the answer. I hope that doing a resource title with `servername:port` format does not create a messed up file name. – Matthew Schuchard Feb 14 '17 at 13:11
  • Thanks, let me see if I can report it. – Vineeth Vijayan Feb 14 '17 at 13:13
0

Working out Matt's answer and error while running it made me come at following answer.

apache::vhost { 'site.mydomain.com:80' ... } 

apache::vhost { 'site.mydomain.com:443' : ...}

Thanks,

Vineeth Vijayan
  • 15
  • 5