diff options
Diffstat (limited to 'manifests/ssl.pp')
-rw-r--r-- | manifests/ssl.pp | 29 |
1 files changed, 5 insertions, 24 deletions
diff --git a/manifests/ssl.pp b/manifests/ssl.pp index 1fec72a..4b38332 100644 --- a/manifests/ssl.pp +++ b/manifests/ssl.pp @@ -3,6 +3,11 @@ class nginx::ssl( ) { include ssl + class { 'certbot': + pre_hook => '/usr/sbin/service nginx stop', + post_hook => '/usr/sbin/service nginx start', + } + # See https://weakdh.org/ ssl::dhparams { 'nginx-2048': notify => Service['nginx'], @@ -16,28 +21,4 @@ class nginx::ssl( 'ssl_prefer_server_ciphers': value => 'ssl_prefer_server_ciphers on;'; 'ssl_dhparam': value => 'ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem;'; } - - # Certbot support - file { '/var/www/certbot': - ensure => directory, - owner => 'root', - group => 'www-data', - mode => '0750', - require => Package['nginx'], - } - - package { 'certbot': - ensure => present, - require => File['/var/www/certbot'], - } - - cron { 'certbot-renew': - command => '/usr/bin/certbot renew --standalone --pre-hook "service nginx stop" --post-hook "service nginx start"', - user => 'root', - weekday => 1, - hour => "05", - minute => "30", - ensure => present, - require => Package['certbot'], - } } |