Puppet Class: apache::mod::md

Defined in:
manifests/mod/md.pp

Summary

Installs and configures `mod_md`.

Overview

Note:

Unsupported platforms: CentOS: 6, 7; Debian: 8, 9; OracleLinux: all; RedHat: 6, 7; Scientific: all; SLES: all; Ubuntu: 14, 16, 18

Parameters:

  • md_activation_delay (Optional[String]) (defaults to: undef)

    -

  • md_base_server (Optional[Enum['on', 'off']]) (defaults to: undef)

    Control if base server may be managed or only virtual hosts.

  • md_ca_challenges (Optional[Array[Enum['dns-01', 'http-01', 'tls-alpn-01']]]) (defaults to: undef)

    Type of ACME challenge used to prove domain ownership.

  • md_certificate_agreement (Optional[Enum['accepted']]) (defaults to: undef)

    You confirm that you accepted the Terms of Service of the Certificate Authority.

  • md_certificate_authority (Optional[Stdlib::HTTPUrl]) (defaults to: undef)

    The URL of the ACME Certificate Authority service.

  • md_certificate_check (Optional[String]) (defaults to: undef)

    -

  • md_certificate_monitor (Optional[String]) (defaults to: undef)

    The URL of a certificate log monitor.

  • md_certificate_protocol (Optional[Enum['ACME']]) (defaults to: undef)

    The protocol to use with the Certificate Authority.

  • md_certificate_status (Optional[Enum['on', 'off']]) (defaults to: undef)

    Exposes public certificate information in JSON.

  • md_challenge_dns01 (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Define a program to be called when the ‘dns-01` challenge needs to be setup/torn down.

  • md_contact_email (Optional[String]) (defaults to: undef)

    The ACME protocol requires you to give a contact url when you sign up.

  • md_http_proxy (Optional[Stdlib::HTTPUrl]) (defaults to: undef)

    Define a proxy for outgoing connections.

  • md_members (Optional[Enum['auto', 'manual']]) (defaults to: undef)

    Control if the alias domain names are automatically added.

  • md_message_cmd (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Handle events for Manage Domains.

  • md_must_staple (Optional[Enum['on', 'off']]) (defaults to: undef)

    Control if new certificates carry the OCSP Must Staple flag.

  • md_notify_cmd (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Run a program when a Managed Domain is ready.

  • md_port_map (Optional[String]) (defaults to: undef)

    Map external to internal ports for domain ownership verification.

  • md_private_keys (Optional[String]) (defaults to: undef)

    Set type and size of the private keys generated.

  • md_renew_mode (Optional[Enum['always', 'auto', 'manual']]) (defaults to: undef)

    Controls if certificates shall be renewed.

  • md_renew_window (Optional[String]) (defaults to: undef)

    Control when a certificate will be renewed.

  • md_require_https (Optional[Enum['off', 'permanent', 'temporary']]) (defaults to: undef)

    Redirects http: traffic to https: for Managed Domains. An http: Virtual Host must nevertheless be setup for that domain.

  • md_server_status (Optional[Enum['on', 'off']]) (defaults to: undef)

    Control if Managed Domain information is added to server-status.

  • md_staple_others (Optional[Enum['on', 'off']]) (defaults to: undef)

    Enable stapling for certificates not managed by mod_md.

  • md_stapling (Optional[Enum['on', 'off']]) (defaults to: undef)

    Enable stapling for all or a particular MDomain.

  • md_stapling_keep_response (Optional[String]) (defaults to: undef)

    Controls when old responses should be removed.

  • md_stapling_renew_window (Optional[String]) (defaults to: undef)

    Control when the stapling responses will be renewed.

  • md_store_dir (Optional[Stdlib::Absolutepath]) (defaults to: undef)

    Path on the local file system to store the Managed Domains data.

  • md_warn_window (Optional[String]) (defaults to: undef)

    Define the time window when you want to be warned about an expiring certificate.

See Also:

[View source]

95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# File 'manifests/mod/md.pp', line 95

class apache::mod::md (
  Optional[String]                                          $md_activation_delay       = undef,
  Optional[Enum['on', 'off']]                               $md_base_server            = undef,
  Optional[Array[Enum['dns-01', 'http-01', 'tls-alpn-01']]] $md_ca_challenges          = undef,
  Optional[Enum['accepted']]                                $md_certificate_agreement  = undef,
  Optional[Stdlib::HTTPUrl]                                 $md_certificate_authority  = undef,
  Optional[String]                                          $md_certificate_check      = undef, # undocumented
  Optional[String]                                          $md_certificate_monitor    = undef,
  Optional[Enum['ACME']]                                    $md_certificate_protocol   = undef,
  Optional[Enum['on', 'off']]                               $md_certificate_status     = undef,
  Optional[Stdlib::Absolutepath]                            $md_challenge_dns01        = undef,
  Optional[String]                                          $md_contact_email          = undef,
  Optional[Stdlib::HTTPUrl]                                 $md_http_proxy             = undef,
  Optional[Enum['auto', 'manual']]                          $md_members                = undef,
  Optional[Stdlib::Absolutepath]                            $md_message_cmd            = undef,
  Optional[Enum['on', 'off']]                               $md_must_staple            = undef,
  Optional[Stdlib::Absolutepath]                            $md_notify_cmd             = undef,
  Optional[String]                                          $md_port_map               = undef,
  Optional[String]                                          $md_private_keys           = undef,
  Optional[Enum['always', 'auto', 'manual']]                $md_renew_mode             = undef,
  Optional[String]                                          $md_renew_window           = undef,
  Optional[Enum['off', 'permanent', 'temporary']]           $md_require_https          = undef,
  Optional[Enum['on', 'off']]                               $md_server_status          = undef,
  Optional[Enum['on', 'off']]                               $md_staple_others          = undef,
  Optional[Enum['on', 'off']]                               $md_stapling               = undef,
  Optional[String]                                          $md_stapling_keep_response = undef,
  Optional[String]                                          $md_stapling_renew_window  = undef,
  Optional[Stdlib::Absolutepath]                            $md_store_dir              = undef,
  Optional[String]                                          $md_warn_window            = undef,
) {
  include apache
  include apache::mod::watchdog

  apache::mod { 'md':
  }

  file { 'md.conf':
    ensure  => file,
    path    => "${apache::mod_dir}/md.conf",
    mode    => $apache::file_mode,
    content => epp('apache/mod/md.conf.epp'),
    require => Exec["mkdir ${apache::mod_dir}"],
    before  => File[$apache::mod_dir],
    notify  => Class['apache::service'],
  }
}