diff --git a/manifests/nginx.pp b/manifests/nginx.pp index 41f543397936ce0492b84071c9d67b888c9653c3..f4f524a74e5b02b09fc4e6dc7a4574f2cd176bfc 100644 --- a/manifests/nginx.pp +++ b/manifests/nginx.pp @@ -15,10 +15,12 @@ class egg::nginx () { notify => Service['nginx'], } file { '/etc/nginx/conf.d/egg.conf': - ensure => 'present', - source => "puppet:///modules/${module_name}/egg.conf", - notify => Service['nginx'], - require => Package['nginx'], + ensure => 'present', + content => epp("${module_name}/egg.conf.epp", { + cert_name => $hostname, + }), + notify => Service['nginx'], + require => Package['nginx'], } # Housekeeping @@ -31,9 +33,19 @@ class egg::nginx () { zone => 'liu', service => 'http', } + firewalld_service { 'Allow https from liu Zone': + ensure => present, + zone => 'liu', + service => 'https', + } firewalld_service { 'Allow http in the public Zone': ensure => present, zone => 'public', service => 'http', } + firewalld_service { 'Allow https from public Zone': + ensure => present, + zone => 'public', + service => 'https', + } } diff --git a/files/egg.conf b/templates/egg.conf.epp similarity index 91% rename from files/egg.conf rename to templates/egg.conf.epp index 470620adee127584b712d53e81a61ea4f6635f39..439f54f61d966cfe77d3c3a06d86f6d31105b6f0 100644 --- a/files/egg.conf +++ b/templates/egg.conf.epp @@ -1,3 +1,5 @@ +<%- | String[1] $cert_name, +| -%> server { server_name teman.it.liu.se; root /var/www/teman; @@ -34,8 +36,8 @@ server { listen 443 ssl ; server_name egg.it.liu.se; - ssl_certificate /etc/pki/tls/certs/letsencrypt-cert_chain-egg.devel.it.liu.se.pem ; - ssl_certificate_key /etc/pki/tls/private/letsencrypt-egg.devel.it.liu.se.key ; + ssl_certificate /etc/pki/tls/certs/letsencrypt-cert_chain-<%= $cert_name %>.pem ; + ssl_certificate_key /etc/pki/tls/private/letsencrypt-<%= $cert_name %>.key ; client_max_body_size 0;