diff options
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index eaeea8a..7c827de 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -21,6 +21,15 @@ class nginx inherits nginx::base( ) { include ssl + # See https://weakdh.org/ + exec { 'openssl-nginx-gendh-2048': + command => 'openssl dhparam -out /etc/ssl/private/dhparams.pem 2048', + user => root, + group => root, + creates => '/etc/ssl/private/dh_2048.pem', + notify => Service['nginx'], + } + case $deploy_certs { true: { ssl::cert { "$::domain": @@ -38,10 +47,10 @@ class nginx inherits nginx::base( } Service["nginx"] { - require => [ Package["nginx"], - File["/etc/nginx/sites-enabled/${::domain}"], - File["/etc/ssl/private/${::domain}.pem"], - File["/etc/ssl/certs/${::domain}.crt"] ], + require => [ Package["nginx"], + File["/etc/nginx/sites-enabled/${::domain}"], + File["/etc/ssl/private/${::domain}.pem"], + File["/etc/ssl/certs/${::domain}.crt"] ], } } } |