diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2016-06-18 13:53:07 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2016-06-18 13:53:07 -0300 |
| commit | cf83d16606d96d461435d5cb5641fb1bf45e9c74 (patch) | |
| tree | c6c22c45f6771dc0c8613b12cc18836a0bdd2055 | |
| parent | cf6b8e9eac809bca6e558131a56ba55accb3b46c (diff) | |
| download | puppet-apache-cf83d16606d96d461435d5cb5641fb1bf45e9c74.tar.gz puppet-apache-cf83d16606d96d461435d5cb5641fb1bf45e9c74.tar.bz2 | |
Initial certbot support
| -rw-r--r-- | manifests/site.pp | 13 | ||||
| -rw-r--r-- | manifests/site/config.pp | 1 | ||||
| -rw-r--r-- | templates/site.erb | 12 |
3 files changed, 24 insertions, 2 deletions
diff --git a/manifests/site.pp b/manifests/site.pp index 6af019e..586d5c1 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -32,8 +32,8 @@ define apache::site( $hidden_service = false, $custom_directives = false, $allow_override = false, - $hosting_domain = hiera('apache::site::domain', $::domain) - + $hosting_domain = hiera('apache::site::domain', $::domain), + $certbot = false, ) { $vhost = $filename ? { '' => "${name}", @@ -118,6 +118,7 @@ define apache::site( custom_directives => $custom_directives, allow_override => $allow_override, hosting_domain => $hosting_domain, + certbot => $certbot, } # Enable or disable accordingly @@ -128,5 +129,13 @@ define apache::site( owner => $owner, group => $group, vhost => $vhost, + require => Apache::Site::Config[$name], + } + + if $certbot == true { + certbot::manage { $name: + pre_hook => '/usr/sbin/service apache2 reload', + require => Apache::Site::Manage[$name], + } } } diff --git a/manifests/site/config.pp b/manifests/site/config.pp index a723eab..063c08f 100644 --- a/manifests/site/config.pp +++ b/manifests/site/config.pp @@ -21,6 +21,7 @@ define apache::site::config( $custom_directives = false, $allow_override = false, $hosting_domain = hiera('apache::site::domain', $::domain) + $certbot = false, ) { case $source { true: { diff --git a/templates/site.erb b/templates/site.erb index 2ed5107..17ff13e 100644 --- a/templates/site.erb +++ b/templates/site.erb @@ -38,6 +38,18 @@ AllowOverride <%= @allow_override %> </Directory> <% end -%> +<% if @certbot != false -%> + # Add Alias For Lets Encrypt WebRoot Authentication Using ACME + # See https://ubuntu101.co.za/ssl/postfix-and-dovecot-on-ubuntu-with-a-lets-encrypt-ssl-certificate/ + AliasMatch ^/.well-known/acme-challenge/(.*)$ /var/spool/certbot/<%= @name %>/.well-known/acme-challenge/$1 + Alias /.well-known/acme-challenge/ /var/spool/certbot/<%= @name %>/.well-known/acme-challenge/ + <Directory "/var/spool/certbot/<%= @name %>/.well-known/acme-challenge/"> + Options None + AllowOverride None + ForceType text/plain + RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)" + </Directory> +<% end -%> </VirtualHost> # end vhost for <%= @title %> <% if @ssl == true %> |