It's good practice to always use SSL encryption when serving websites. How to do so will depend on the webserver class you're using.


Set up two vhosts. One will listen on port 80 for unencrypted connections, then redirect them to a HTTPS version, the other will serve the actual content on port 443.

  apache::vhost {"${::hostname}-redirect":
    servername      => $::fqdn,
    port            => '80',
    redirect_status => 'permanent',
    redirect_dest   => "https://${::fqdn}/",
    docroot         => '/var/www/null', # Make sure no files are visible on port 80
  apache::vhost {"${::hostname}-ssl":
    servername      => $::fqdn,
    port            => '443',
    ssl             => true,
    custom_fragment => template('roles/webserver/apache-config.erb'),
    docroot         => '/var/www/html',

Apache will set up an unsigned SSL certificate by default that you can use for testing, user-facing sites should use a signed certificate (email NCI to arrange this)

Last modified 8 years ago Last modified on May 14, 2014 4:19:55 PM