diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2016-06-17 09:14:02 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2016-06-17 09:14:02 -0300 |
commit | b1602fcad85d1c283d0f4da8d4166d3e17149344 (patch) | |
tree | f4ec24f515899bb6f1b0c26da699f051db085dc0 /manifests/ssl.pp | |
parent | f2f65ac3c75729004f0735c3a6e2bf64ff1db763 (diff) | |
download | puppet-nginx-b1602fcad85d1c283d0f4da8d4166d3e17149344.tar.gz puppet-nginx-b1602fcad85d1c283d0f4da8d4166d3e17149344.tar.bz2 |
Uses certbot module
Diffstat (limited to 'manifests/ssl.pp')
-rw-r--r-- | manifests/ssl.pp | 29 |
1 files changed, 5 insertions, 24 deletions
diff --git a/manifests/ssl.pp b/manifests/ssl.pp index 1fec72a..4b38332 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -3,6 +3,11 @@ class nginx::ssl( ) { include ssl + class { 'certbot': + pre_hook => '/usr/sbin/service nginx stop', + post_hook => '/usr/sbin/service nginx start', + } + # See https://weakdh.org/ ssl::dhparams { 'nginx-2048': notify => Service['nginx'], @@ -16,28 +21,4 @@ class nginx::ssl( 'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;'; 'ssl_dhparam': value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;'; } - - # Certbot support - file { '/var/www/certbot': - ensure => directory, - owner => 'root', - group => 'www-data', - mode => '0750', - require => Package['nginx'], - } - - package { 'certbot': - ensure => present, - require => File['/var/www/certbot'], - } - - cron { 'certbot-renew': - command => '/usr/bin/certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"', - user => 'root', - weekday => 1, - hour => "05", - minute => "30", - ensure => present, - require => Package['certbot'], - } } |