hitch
: Manage the hitch TLS proxy
hitch::config
: Manage the hitch configuration, systemd configuration and default DH parameters.hitch::install
: Manage the hitch package and optionally a repositoryhitch::service
: Manage the hitch service
hitch::domain
: Add a TLS certificate and key for a domain
Manage the hitch TLS proxy
include hitch
hitch::domain { 'example.com':
cacert_source => '/etc/pki/tls/certs/ca.pem',
cert_source => '/etc/pki/tls/certs/example.com.pem',
key_source => '/etc/pki/tls/private_keys/example.com.pem',
}
The following parameters are available in the hitch
class:
package_name
service_name
user
group
backend
config_file
file_owner
dhparams_file
dhparams_content
config_root
purge_config_root
frontend
manage_repo
write_proxy_v2
ciphers
domains
workers
prefer_server_ciphers
alpn_protos
tls_protos
Data type: String
Package name for installing hitch.
Default value: 'hitch'
Data type: String
Service name for the hitch service.
Default value: 'hitch.service'
Data type: String
User running the service. Defaults vary by OS, see module hieradata.
Default value: 'hitch'
Data type: String
Group running the service. Defaults vary by OS, see module hieradata.
Default value: 'hitch'
Data type: String
Where to proxy requests.
Default value: '[::1]:80'
Data type: Stdlib::Absolutepath
Path to the hitch configuration file.
Default value: '/etc/hitch/hitch.conf'
Data type: String
User owning the configuration files. Defaults to "root".
Default value: 'root'
Data type: Stdlib::Absolutepath
Path to file for Diffie-Hellman parameters, which are shared by all domains.
Default value: '/etc/hitch/dhparams.pem'
Data type: Optional[String]
Content for the DH parameter file. If unset, DH parameters will be generated on the node, which may take a long time.
Default value: undef
Data type: Stdlib::Absolutepath
Configuration root directory. The hitch::domain defined type will place certificates here.
Default value: '/etc/hitch'
Data type: Boolean
If true, will delete all unmanaged files from the config_root. Defaults to false.
Default value: false
Data type: Variant[String, Array]
The listening frontend(s) for hitch.
Default value: '[*]:443'
Data type: Boolean
If true, install the EPEL repository on RedHat OS family. Defaults vary by OS, see module hieradata.
Default value: false
Data type: Enum['on', 'off']
Default value: 'off'
Data type: String
Default value: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
Data type: Optional[Hash]
Default value: {}
Data type: Variant[Integer, Enum['auto']]
Default value: 'auto'
Data type: Enum['on','off']
Default value: 'on'
Data type: Optional[String]
Default value: 'http/1.1'
Data type: Optional[String]
Default value: undef
This define installs pem files to the config root, and configures them in the hitch config file.
The CA certificate (if present), server certificate, key and DH parameters are concatenated, and placed in the hitch configuration.
You can specify cacert, cert and key with either _content or _source suffix.
hitch::domain { 'example.com':
cacert_source => '/etc/pki/tls/certs/ca.pem',
cert_source => '/etc/pki/tls/certs/example.com.pem',
key_source => '/etc/pki/tls/private_keys/example.com.pem',
}
class profile::hitch (
Hash $domains = {},
) {
$domains.each |$domain_title, $domain_params| {
hitch::domain { $domain_title:
* => $domain_params,
}
}
}
The following parameters are available in the hitch::domain
defined type:
Data type: Enum['present', 'absent']
The desired state of the hitch domain. Default is 'present'.
Default value: present
Data type: Boolean
If there are multiple domains, set this to true to make this the default domain used by hitch. If there is only one domain, it will be the default domain no matter what you set here. Defaults to false.
Default value: false
Data type: Optional[String]
A PEM encoded CA certificate.
Default value: undef
Data type: Optional[Stdlib::Filesource]
Path to a PEM encoded CA certificate.
Default value: undef
Data type: Optional[String]
A PEM encoded certificate. This must be a certificate matching the key.
Default value: undef
Data type: Optional[Stdlib::Filesource]
Path to a PEM encoded certificate. This must be a certificate matching the key.
Default value: undef
Data type: Optional[String]
A PEM encoded key. This must be a key matching the certificate.
Default value: undef
Data type: Optional[Stdlib::Filesource]
Path to a PEM encoded key. This must be a key matching the certificate.
Default value: undef