Skip to content

staticweb

The staticweb system can be used to serve web pages (like this one!) via many mirror servers.

There are two types of sites:

  • source sites, which are simply synced from a single source host too all the staticweb serve hosts.
  • published sites, where content generated in e.g. a CI job. These are synced to a single serve host (staticweb-publish.discovery.majava.org) which then is used like a source site source to sync the site to the remaining serve sites.

How-to

Set up a new source site

First, on the source host add a source definition in the relevant Puppet profile: 

staticweb::source { 'apt':
  path => '/srv/reprepro/repository',
}

Then, in hieradata/roles/staticweb/serve.yaml you can add a site definition to the profile::staticweb::sites: Hiera value: 

profile::staticweb::sites:
  apt.majava.org:
    source: web01.srv.majava.org::apt  # this references the source resource name
    proxy: apt  # register in webproxy system with this name

Set up a new published site

For a published site, the hieradata/roles/staticweb/serve.yaml configuration will not have a source value. The most simple setup is thus this: 

profile::staticweb::sites:
  admin.majava.org:
    proxy: admin-doc  # register in webproxy system with this name

Publish a new version of a published site

Info

This is planned to have a much more DRY tool soon. For now we're waiting on builds.sr.ht to enable outbound IPv6 connectivity so the publishing can be done in a CI job.

Publishing a site can be done with these two commands: 

$ rsync --rsync-path="sudo -u staticweb /usr/bin/rsync" -rP --delete SITE-LOCATION/ staticweb-publish.discovery.majava.org:/srv/staticweb/SITE.majava.org/
$ ssh staticweb-publish.discovery.majava.org sudo -u staticweb /usr/local/bin/staticweb-publish SITE.majava.org

This obviously requires that it is run with an account with enough access.

Reference

Site options

docroot_subpath
If true, the docroot will be /srv/staticweb/SITE/docroot and not just /srv/staticweb/SITE. This is mostly useful when using Tor with a separate docroot (see tor.separate_docroot below).
proxy
Publish this site via the web proxy system using this proxy name.
redirects
Redirect these non-canoncal names to this site.
source
Content is rsync-ed over SSH from this host.
tor
If this is an object, this site will also be exposed as a Tor hidden service.
tor.separate_docroot:
If true, the docroot for the Tor site will be in /srv/staticweb/SITE/docroot-tor instead of using the same docroot as the clearnet site uses.
options.csp
HTTP Content-Security-Policy header to replace the default restrictive policy.
options.error_pages
Object listing custom error pages to use per HTTP status code.
options.index
If true, this site will have directory indexes enabled.