Skip to content
Snippets Groups Projects
Commit 129551fc authored by Mika Perälä's avatar Mika Perälä
Browse files

If nginx config until letsencrypt certs are in place

parent 76cc9939
No related branches found
No related tags found
2 merge requests!14Test,!13If nginx config until letsencrypt certs are in place
Pipeline #87722 passed
Stage: puppet
Hide whitespace changes
Inline Side-by-side
Showing
with 26 additions and 24 deletions
manifests/init.pp
+ 26
24
View file @ 129551fc
...@@ -30,32 +30,34 @@ class ai4ca ( ...@@ -30,32 +30,34 @@ class ai4ca (
ensure => installed, ensure => installed,
} }
nginx::resource::server { fact('networking.fqdn'): if fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined") {
ensure => present, nginx::resource::server { fact('networking.fqdn'):
www_root => $www_root, ensure => present,
location_cfg_append => { www_root => $www_root,
'rewrite' => '^ https://$server_name$request_uri? permanent', location_cfg_append => {
}, 'rewrite' => '^ https://$server_name$request_uri? permanent',
} },
}
nginx::resource::server { "${fact('networking.fqdn')} HTTPS": nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
ensure => present, ensure => present,
listen_port => 443, listen_port => 443,
www_root => $www_root, www_root => $www_root,
index_files => $index_files, index_files => $index_files,
ssl => true, ssl => true,
ssl_cert => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"), ssl_cert => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
ssl_key => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"), ssl_key => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
ssl_protocols => 'TLSv1.3 TLSv1.2', ssl_protocols => 'TLSv1.3 TLSv1.2',
ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', # lint:ignore:140chars
} }
nginx::resource::location { '/va': nginx::resource::location { '/va':
ensure => present, ensure => present,
ssl => true, ssl => true,
ssl_only => true, ssl_only => true,
server => "${fact('networking.fqdn')} HTTPS", server => "${fact('networking.fqdn')} HTTPS",
proxy => 'http://localhost:8100/', proxy => 'http://localhost:8100/',
}
} }
firewalld_service { firewalld_service {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment