Add letsencrypt

[perso/Immae/Projets/Puppet.git] / modules / role / manifests / cryptoportfolio.pp

diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp
index 49ab57b669fe05ee646d0d914aab84001be2b9d8..d2323a45bc0213f8fdd933e577c9db7f4a80975a 100644 (file)
--- a/modules/role/manifests/cryptoportfolio.pp
+++ b/modules/role/manifests/cryptoportfolio.pp
@@ -49,23 +49,24 @@ class role::cryptoportfolio {
     order       => "b0",
   }
 
+  letsencrypt::certonly { $cf_front_app_host: ;
+    default: * => $::profile::apache::letsencrypt_certonly_default;
+  }
+
+  class { 'apache::mod::headers': }
   apache::vhost { $cf_front_app_host:
-    port                => '80',
+    port                => '443',
     docroot             => false,
     manage_docroot      => false,
     proxy_dest          => "http://localhost:8000",
-    proxy_preserve_host => true,
-    no_proxy_uris       => [
-      "/maintenance_immae.html",
-      "/googleb6d69446ff4ca3e5.html",
-      "/.well-known/acme-challenge"
-    ],
-    no_proxy_uris_match => [
-      '^/licen[cs]es?_et_tip(ping)?$',
-      '^/licen[cs]es?_and_tip(ping)?$',
-      '^/licen[cs]es?$',
-      '^/tip(ping)?$',
-    ]
+    request_headers     => 'set X-Forwarded-Proto "https"',
+    ssl                 => true,
+    ssl_cert            => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem",
+    ssl_key             => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem",
+    ssl_chain           => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem",
+    require             => Letsencrypt::Certonly[$cf_front_app_host],
+    proxy_preserve_host => true;
+    default: *          => $::profile::apache::apache_vhost_default;
   }
 
   user { $cf_user: