diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2010-01-07 15:30:41 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2010-01-07 15:30:41 -0200 |
| commit | 47149748246e56513e50a0a609d228c1785a9e55 (patch) | |
| tree | 5785d0eba69c7335ec17f8f513da840dce0784c3 /manifests | |
| parent | ea8f5409d318982cf714c40c01d94d2739217af8 (diff) | |
| download | puppet-nginx-47149748246e56513e50a0a609d228c1785a9e55.tar.gz puppet-nginx-47149748246e56513e50a0a609d228c1785a9e55.tar.bz2 | |
Adding SSL support
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/init.pp | 56 |
1 files changed, 47 insertions, 9 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index b8fb5aa..4dc4183 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -16,19 +16,16 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# TODO: check permission on SSL keys class nginx { - # Setup packages - package { "nginx": ensure => installed, } - # Nginx service - service { "nginx": - enable => true, - ensure => running, - hasrestart => true, - require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"] ], + $ssl = $nginx_ssl { + false => false, + default => true, } + # Setup packages + package { "nginx": ensure => installed, } + # Config folders, see http://projects.reductivelabs.com/issues/86 file { [ "/etc/nginx", "/etc/nginx/sites-available", "/etc/nginx/sites-enabled" ]: ensure => directory, @@ -36,6 +33,47 @@ class nginx { group => "root", } + if $ssl { + file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private" ]: + ensure => directory, + owner => "root", + group => "root", + } + + file { "/etc/ssl/certs/cert.crt": + ensure => present, + owner => "root", + group => "root", + mode => 644, + source => "puppet://$server/files/keys/ssl/cert.crt", + require => File["/etc/ssl/certs"], + } + + file { "/etc/ssl/private/cert.pem": + ensure => present, + owner => "root", + group => "root", + mode => 600, + source => "puppet://$server/files/keys/ssl/cert.pem", + require => File["/etc/ssl/private"], + } + + service { "nginx": + enable => true, + ensure => running, + hasrestart => true, + require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"], + File["/etc/ssl/private/cert.pem"], File["/etc/ssl/private/cert.crt"] ], + } + } else { + service { "nginx": + enable => true, + ensure => running, + hasrestart => true, + require => [ File["/etc/nginx/sites-enabled/$domain"], Package["nginx"] ], + } + } + # Default site site { "$domain": ensure => present, } |