Skip to content


The staticweb system can be used to serve web pages (like this one!) via many mirror servers.

There are two types of sites:

  • source sites, which are simply synced from a single source host too all the staticweb serve hosts.
  • published sites, where content generated in e.g. a CI job. These are synced to a single serve host ( which then is used like a source site source to sync the site to the remaining serve sites.


Set up a new source site

First, on the source host add a source definition in the relevant Puppet profile:

staticweb::source { 'apt':
  path => '/srv/reprepro/repository',

Then, in hieradata/roles/staticweb/serve.yaml you can add a site definition to the profile::staticweb::sites: Hiera value:

    source:  # this references the source resource name
    proxy: apt  # register in webproxy system with this name

Set up a new published site

For a published site, the hieradata/roles/staticweb/serve.yaml configuration will not have a source value. The most simple setup is thus this:

    proxy: admin-doc  # register in webproxy system with this name

Publish a new version of a published site


This is planned to have a much more DRY tool soon. For now we're waiting on to enable outbound IPv6 connectivity so the publishing can be done in a CI job.

Publishing a site can be done with these two commands:

$ rsync --rsync-path="sudo -u staticweb /usr/bin/rsync" -rP --delete SITE-LOCATION/
$ ssh sudo -u staticweb /usr/local/bin/staticweb-publish

This obviously requires that it is run with an account with enough access.


Site options

If true, the docroot will be /srv/staticweb/SITE/docroot and not just /srv/staticweb/SITE. This is mostly useful when using Tor with a separate docroot (see tor.separate_docroot below).
Publish this site via the web proxy system using this proxy name.
Redirect these non-canoncal names to this site.
Content is rsync-ed over SSH from this host.
If this is an object, this site will also be exposed as a Tor hidden service.
If true, the docroot for the Tor site will be in /srv/staticweb/SITE/docroot-tor instead of using the same docroot as the clearnet site uses.
HTTP Content-Security-Policy header to replace the default restrictive policy.
Object listing custom error pages to use per HTTP status code.
If true, this site will have directory indexes enabled.