Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
- Puppet >= 6.21.0 < 8.0.0
- , , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'ploperations-webhook_proxy', '3.0.0'Learn more about managing modules with a PuppetfileDocumentation
webhook_proxy
Proxy external webhook endpoints to internal hosts
Description
This module manages the parts of an Nginx config needed to proxy webhooks, such as those from GitHub, to arbitrary internal servers or Jeninks instances that are not directly accessible on the internet.
Setup
This module assumes you are using ploperations/ssl to manage certificates for Ngnix. Anything related to the base configuration of Nginx will need to be provided in Hiera or via a profile applied to the same server.
Usage
This module is documented via pdk bundle exec puppet strings generate --format markdown. Please see REFERENCE.md for more info.
Changelog
CHANGELOG.md is generated prior to each release via pdk bundle exec rake changelog. This process relies on labels that are applied to each pull request.
Development
Pull requests are welcome!
Reference
Table of Contents
Classes
webhook_proxy: Proxy external webhook endpoints to internal hosts
Defined types
webhook_proxy::endpoint: An external webhook endpoint
Classes
webhook_proxy
Proxy external webhook endpoints to internal hosts
Examples
Proxy a Jenkins server, Code Manager, and CD4PE
class { 'webhook_proxy':
cert_fqdn => 'webhook.example.com',
jenkins_fqdns => [ 'jenkins.internal.example.com' ],
endpoints => [
'https://pe-prod.internal.example.com:8170/code-manager/v1/webhook',
'http://cd4pe-prod.internal.example.com:8000/github/push',
],
}
A profile that provides additional configuration for Nginx
class profile::webhook::proxy (
String[1] $canonical_fqdn = $facts['networking']['fqdn'],
) {
include profile::nginx
profile::nginx::redirect { 'default':
destination => "https://${canonical_fqdn}",
default => true,
ssl => true,
}
class { 'webhook_proxy':
cert_fqdn => 'webhook.example.com',
jenkins_fqdns => [
'jenkins-prod.internal.example.com',
'jenkins-test.internal.example.com',
],
endpoints => [
'https://pe-prod.internal.example.com:8170/code-manager/v1/webhook',
'http://cd4pe-prod.internal.example.com:8000/github/push',
],
canonical_fqdn => $canonical_fqdn,
format_log => 'logstash_json',
server_cfg_append => {
error_page => '502 503 504 /private-maintenance.html',
proxy_intercept_errors => 'on',
},
ssl_name => 'webhook.example.com',
}
nginx::resource::location { 'webhook __maintenance':
server => 'webhook',
ssl => true,
ssl_only => true,
location => '= /private-maintenance.html',
internal => true,
www_root => '/var/nginx/maintenance',
}
}
Parameters
The following parameters are available in the webhook_proxy class:
cert_fqdn
Data type: Stdlib::Fqdn
The FQDN of the certificate to be used by the proxy
jenkins_fqdns
Data type: Array[Stdlib::Fqdn]
An array of FQDN's of Jenkins instances that need to receive webhooks from GitHub
Default value: []
endpoints
Data type: Array[Stdlib::Httpurl]
An array of url's that webhook will be able to be delivered to
Default value: []
canonical_fqdn
Data type: String[1]
The FQDN to be used by Nginx as the server name.
Default value: $facts['networking']['fqdn']
ssl_name
Data type: String[1]
The FQDN of the associated cert. Genrally this is the same as
$cert_fqdn but may also be something like wildcard.example.com
when you are using a wildcard cert to cover webhooks.example.com.
Default value: $cert_fqdn
format_log
Data type: Optional[String[1]]
The log format to be passed through to nginx::resource::server
Default value: undef
server_cfg_append
Data type: Optional[Hash]
Any additional configuration you wish to passed through to
nginx::resource::server
Default value: undef
Defined types
webhook_proxy::endpoint
If name is set to the internal webhook endpoint, this will automatically
generate a path in the form /$hostname/$url. For example, the name
'https://foo.internal.example.com/github-webhook/' will result in
an external endpoint path of /foo.internal.example.com/github-webhook/.
Examples
Send webhooks to Code Manager
webhook_proxy::endpoint { 'https://pe-prod.internal.example.com:8170/code-manager/v1/webhook': }
Parameters
The following parameters are available in the webhook_proxy::endpoint defined type:
path
Data type: Pattern[/^\//]
The location, or path under this proxy's fqdn, that will have data sent to it for the given target
Default value: regsubst($name, '^https?://', '/')
target
Data type: Pattern[/^https?:\/\/\w.+\//]
The internal destination for the traffic
Default value: $name
Change log
All notable changes to this project will be documented in this file. The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
3.0.0 (2021-08-30)
Changed
- (DIO-2232) Removes endpoint trailing / #10 (suckatrash)
2.0.0 (2021-06-08)
Changed
- (maint) replace spdy with http2 #6 (heathseals)
1.0.0 (2020-03-02)
* This Changelog was automatically generated by github_changelog_generator
Dependencies
- ploperations/ssl (>= 1.0.0 < 2.0.0)
- puppet/nginx (>= 1.0.0 < 2.0.0)
- puppetlabs/stdlib (>= 5.1.0 < 7.0.0)