summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/site.pp16
-rw-r--r--manifests/site/config.pp11
-rw-r--r--templates/site-ssl.erb6
-rw-r--r--templates/site.erb6
4 files changed, 22 insertions, 17 deletions
diff --git a/manifests/site.pp b/manifests/site.pp
index f73ae30..851d471 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -5,28 +5,32 @@ define nginx::site(
$certbot = true,
$template = 'site',
$backend = 'weblocal',
+ $aliases = "*.${name}",
) {
nginx::site::config { $name:
ensure => $ensure,
source => $source,
template => $template,
backend => $backend,
+ aliases => $aliases,
}
if $certbot == true {
certbot::manage { $name:
+ aliases => $aliases,
pre_hook => '/usr/sbin/service nginx restart',
require => Nginx::Site::Config[$name],
}
}
nginx::site::config { "${name}-ssl":
- use_fqdn => $name,
- ensure => $ssl,
- source => $source,
- template => "${template}-ssl",
- backend => $backend,
- require => $certbot ? {
+ server_name => $name,
+ ensure => $ssl,
+ source => $source,
+ template => "${template}-ssl",
+ backend => $backend,
+ aliases => $aliases,
+ require => $certbot ? {
true => Certbot::Manage[$name],
default => undef,
}
diff --git a/manifests/site/config.pp b/manifests/site/config.pp
index 4bea495..ff8187e 100644
--- a/manifests/site/config.pp
+++ b/manifests/site/config.pp
@@ -1,9 +1,10 @@
define nginx::site::config(
- $use_fqdn = $name,
- $ensure = present,
- $source = 'template',
- $template = 'site',
- $backend = 'weblocal',
+ $server_name = $name,
+ $ensure = present,
+ $source = 'template',
+ $template = 'site',
+ $backend = 'weblocal',
+ $aliases = "*.${name}",
){
case $source {
'file': {
diff --git a/templates/site-ssl.erb b/templates/site-ssl.erb
index 57b285f..c0af188 100644
--- a/templates/site-ssl.erb
+++ b/templates/site-ssl.erb
@@ -1,10 +1,10 @@
server {
listen 443;
- server_name *.<%= @use_fqdn %> <%= @use_fqdn %>;
+ server_name <%= @server_name %> <%= @aliases %>;
ssl on;
- ssl_certificate /etc/letsencrypt/live/<%= @use_fqdn %>/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/<%= @use_fqdn %>/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/<%= @server_name %>/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/<%= @server_name %>/privkey.pem;
# enable HSTS header
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
diff --git a/templates/site.erb b/templates/site.erb
index 9c575cb..3fe5f81 100644
--- a/templates/site.erb
+++ b/templates/site.erb
@@ -1,9 +1,9 @@
server {
- listen 80;
- server_name *.<%= @use_fqdn %> <%= @use_fqdn %>;
+ listen 80;
+ server_name <%= @server_name %> <%= @aliases %>;
location /.well-known/acme-challenge {
- root /var/spool/certbot/<%= @use_fqdn %>;
+ root /var/spool/certbot/<%= @server_name %>;
}
location / {