From 95da4e006a2bc31f409c78872472db3ac01250d4 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Wed, 22 Jun 2016 22:34:12 -0300
Subject: Uses snakeoil cert for default 403 site

---
 manifests/init.pp         | 1 -
 manifests/ssl.pp          | 1 +
 templates/default-ssl.erb | 4 ++--
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 23f4214..ef98597 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -22,7 +22,6 @@ class nginx inherits nginx::base {
   # Default site
   nginx::site { "default":
     ensure   => present,
-    ssl      => absent,
     source   => 'template',
     template => 'default',
     certbot  => false,
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 899f4ff..8dc3407 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -2,6 +2,7 @@ class nginx::ssl(
   $session_timeout = '5m'
 ) {
   include ssl
+  include ssl::snakeoil
 
   class { 'certbot':
     pre_hook  => '/usr/sbin/service nginx stop',
diff --git a/templates/default-ssl.erb b/templates/default-ssl.erb
index 7a0e58f..4413461 100644
--- a/templates/default-ssl.erb
+++ b/templates/default-ssl.erb
@@ -2,7 +2,7 @@ server {
   listen              443 default_server;
   server_name         _;
   ssl                 on;
-  ssl_certificate     /etc/ssl/certs/example.org.crt;
-  ssl_certificate_key /etc/ssl/private/example.org.pem;
+  ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
+  ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
   return              403;
 }
-- 
cgit v1.2.3