puppet: apache configuration for an example SSO instance.

(imported from commit 0aa6c80e206a70efd481d710aa2a6c2431c662f3)
2013-11-12 21:05:29 +00:00 · 2013-11-12 21:05:29 +00:00 · aac6ee308d
parent dcb4487c56
commit aac6ee308d
3 changed files with 82 additions and 0 deletions
--- a/puppet/zulip/files/apache/ports.conf
+++ b/puppet/zulip/files/apache/ports.conf
@ -0,0 +1,10 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default
+# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
+# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
+# README.Debian.gz
+
+# Apache SSO for Zulip
+NameVirtualHost *:8888
+Listen 127.0.0.1:8888
--- a/puppet/zulip/files/apache/sites/zulip-sso.example
+++ b/puppet/zulip/files/apache/sites/zulip-sso.example
@ -0,0 +1,42 @@
+# This is an unpublished work of Zulip, Inc.
+# Copyright © 2013 Zulip, Inc. All rights reserved.
+
+# Copy, modify, and enable this site if you need to use an Apache httpd module
+# for user authentication.
+
+# Requests to /accounts/login/sso/ will be passed unchanged by the primary
+# Zulip web server to Apache. Once a request is authenticated, the REMOTE_USER
+# environment variable should be set by your authentication module.
+
+# The config below will then invoke the Zulip web app under Apache, which will
+# detect the presence of the variable, log the user in, and then redirect back
+# to the app (served by the primary web server). You should configure your
+# authentication module below.
+
+<VirtualHost 127.0.0.1:8888>
+	# As an example, we've configured this service to use HTTP basic auth.
+	# Season to taste.
+	<Location />
+		AuthType basic
+		AuthName "zulip.example.com"
+		AuthUserFile /home/zulip/zpasswd
+		Require valid-user
+	</Location>
+
+	ServerAdmin webmaster@localhost
+
+	ServerSignature Off
+	# You shouldn't need to edit anything below this line.
+
+	WSGIScriptAlias / /home/zulip/deployments/current/zproject/wsgi.py
+	WSGIDaemonProcess zulip threads=5 user=zulip python-path=/home/zulip/deployments/current/
+	WSGIProcessGroup zulip
+
+	ErrorLog ${APACHE_LOG_DIR}/zulip_auth_error.log
+
+	# Possible values include: debug, info, notice, warn, error, crit,
+	# alert, emerg.
+	LogLevel warn
+
+	CustomLog ${APACHE_LOG_DIR}/zulip_auth_access.log combined
+</VirtualHost>
--- a/puppet/zulip/manifests/apache_sso.pp
+++ b/puppet/zulip/manifests/apache_sso.pp
@ -0,0 +1,30 @@
+class zulip_internal::apache_sso {
+  include zulip::localhost_sso
+
+  $apache_packages = [ "apache2", "libapache2-mod-wsgi", ]
+  package { $apache_packages: ensure => "installed" }
+
+  apache2mod { [ "headers", "proxy", "proxy_http", "rewrite" ]:
+    ensure  => present,
+    require => Package['apache2'],
+  }
+
+  file { "/etc/apache2/ports.conf":
+    require => Package[apache2],
+    ensure => file,
+    owner  => "root",
+    group  => "root",
+    mode => 640,
+    source => "puppet:///modules/zulip/apache/ports.conf",
+  }
+
+  file { "/etc/apache2/sites-available/":
+    recurse => true,
+    require => Package[apache2],
+    owner  => "root",
+    group  => "root",
+    mode => 640,
+    source => "puppet:///modules/zulip/apache/sites/",
+  }
+
+}