summaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2010-01-07 15:30:41 -0200
committerSilvio Rhatto <rhatto@riseup.net>2010-01-07 15:30:41 -0200
commit47149748246e56513e50a0a609d228c1785a9e55 (patch)
tree5785d0eba69c7335ec17f8f513da840dce0784c3 /manifests
parentea8f5409d318982cf714c40c01d94d2739217af8 (diff)
downloadpuppet-nginx-47149748246e56513e50a0a609d228c1785a9e55.tar.gz
puppet-nginx-47149748246e56513e50a0a609d228c1785a9e55.tar.bz2
Adding SSL support
Diffstat (limited to 'manifests')
-rw-r--r--manifests/init.pp56
1 files changed, 47 insertions, 9 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index b8fb5aa..4dc4183 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -16,19 +16,16 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-# TODO: check permission on SSL keys
class nginx {
- # Setup packages
- package { "nginx": ensure => installed, }
- # Nginx service
- service { "nginx":
- enable => true,
- ensure => running,
- hasrestart => true,
- require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"] ],
+ $ssl = $nginx_ssl {
+ false => false,
+ default => true,
}
+ # Setup packages
+ package { "nginx": ensure => installed, }
+
# Config folders, see http://projects.reductivelabs.com/issues/86
file { [ "/etc/nginx", "/etc/nginx/sites-available", "/etc/nginx/sites-enabled" ]:
ensure => directory,
@@ -36,6 +33,47 @@ class nginx {
group => "root",
}
+ if $ssl {
+ file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private" ]:
+ ensure => directory,
+ owner => "root",
+ group => "root",
+ }
+
+ file { "/etc/ssl/certs/cert.crt":
+ ensure => present,
+ owner => "root",
+ group => "root",
+ mode => 644,
+ source => "puppet://$server/files/keys/ssl/cert.crt",
+ require => File["/etc/ssl/certs"],
+ }
+
+ file { "/etc/ssl/private/cert.pem":
+ ensure => present,
+ owner => "root",
+ group => "root",
+ mode => 600,
+ source => "puppet://$server/files/keys/ssl/cert.pem",
+ require => File["/etc/ssl/private"],
+ }
+
+ service { "nginx":
+ enable => true,
+ ensure => running,
+ hasrestart => true,
+ require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"],
+ File["/etc/ssl/private/cert.pem"], File["/etc/ssl/private/cert.crt"] ],
+ }
+ } else {
+ service { "nginx":
+ enable => true,
+ ensure => running,
+ hasrestart => true,
+ require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"] ],
+ }
+ }
+
# Default site
site { "$domain": ensure => present, }