Add letsencrypt

[perso/Immae/Projets/Puppet.git] / modules / role / manifests / cryptoportfolio.pp

diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 0f26527e179f08f4dc078f661ec082b34e6e46ed..d2323a45bc0213f8fdd933e577c9db7f4a80975a 100644 (file)
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -1,7 +1,9 @@
 class role::cryptoportfolio {
   include "base_installation"
 
+  include "profile::tools"
   include "profile::postgresql"
+  include "profile::apache"
 
   $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} }
 
@@ -47,11 +49,24 @@ class role::cryptoportfolio {
     order       => "b0",
   }
 
-  class { 'nginx': }
+  letsencrypt::certonly { $cf_front_app_host: ;
+    default: * => $::profile::apache::letsencrypt_certonly_default;
+  }
 
-  nginx::resource::server { $cf_front_app_host:
-    listen_port => 80,
-    proxy       => 'http://localhost:8000',
+  class { 'apache::mod::headers': }
+  apache::vhost { $cf_front_app_host:
+    port                => '443',
+    docroot             => false,
+    manage_docroot      => false,
+    proxy_dest          => "http://localhost:8000",
+    request_headers     => 'set X-Forwarded-Proto "https"',
+    ssl                 => true,
+    ssl_cert            => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem",
+    ssl_key             => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
+    ssl_chain           => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem",
+    require             => Letsencrypt::Certonly[$cf_front_app_host],
+    proxy_preserve_host => true;
+    default: *          => $::profile::apache::apache_vhost_default;
   }
 
   user { $cf_user: