Skip to content
Snippets Groups Projects
Commit 2b021bea authored by Mika Perälä's avatar Mika Perälä
Browse files

Merge branch 'devel' into 'test' 

If nginx config until letsencrypt certs are in place

See merge request liu-puppet-modules/ai4ca!13
parents 76cc9939 129551fc
No related branches found
No related tags found
2 merge requests!14Test,!13If nginx config until letsencrypt certs are in place
Pipeline #87724 passed
Stage: puppet
Hide whitespace changes
Inline Side-by-side
Showing
with 26 additions and 24 deletions
manifests/init.pp
+ 26
24
View file @ 2b021bea
...@@ -30,32 +30,34 @@ class ai4ca ( ...@@ -30,32 +30,34 @@ class ai4ca (
ensure => installed, ensure => installed,
} }
nginx::resource::server { fact('networking.fqdn'): if fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined") {
ensure => present, nginx::resource::server { fact('networking.fqdn'):
www_root => $www_root, ensure => present,
location_cfg_append => { www_root => $www_root,
'rewrite' => '^ https://$server_name$request_uri? permanent', location_cfg_append => {
}, 'rewrite' => '^ https://$server_name$request_uri? permanent',
} },
}
nginx::resource::server { "${fact('networking.fqdn')} HTTPS": nginx::resource::server { "${fact('networking.fqdn')} HTTPS":
ensure => present, ensure => present,
listen_port => 443, listen_port => 443,
www_root => $www_root, www_root => $www_root,
index_files => $index_files, index_files => $index_files,
ssl => true, ssl => true,
ssl_cert => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"), ssl_cert => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.combined"),
ssl_key => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"), ssl_key => fact("letsencrypt_certs.\"${fact('networking.fqdn')}\".files.key"),
ssl_protocols => 'TLSv1.3 TLSv1.2', ssl_protocols => 'TLSv1.3 TLSv1.2',
ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', ssl_ciphers => 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384', # lint:ignore:140chars
} }
nginx::resource::location { '/va': nginx::resource::location { '/va':
ensure => present, ensure => present,
ssl => true, ssl => true,
ssl_only => true, ssl_only => true,
server => "${fact('networking.fqdn')} HTTPS", server => "${fact('networking.fqdn')} HTTPS",
proxy => 'http://localhost:8100/', proxy => 'http://localhost:8100/',
}
} }
firewalld_service { firewalld_service {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment