diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-02-20 11:32:40 +0100 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-02-20 11:32:40 +0100 |
| commit | 73bca64c33744027a0e800ce6c98a549ec924c6e (patch) | |
| tree | 42cc09c283a7b0f6fce4f7dde22cd9213408111f /modules/role/manifests/cryptoportfolio.pp | |
| parent | 428fcf14be3943fc01d234a5e622c7f8706bcb73 (diff) | |
| parent | 5be7de41fe02fe60fbbac530e6729f74e206aea3 (diff) | |
| download | Puppet-73bca64c33744027a0e800ce6c98a549ec924c6e.tar.gz Puppet-73bca64c33744027a0e800ce6c98a549ec924c6e.tar.zst Puppet-73bca64c33744027a0e800ce6c98a549ec924c6e.zip | |
Merge branch 'letsencrypt'
Diffstat (limited to 'modules/role/manifests/cryptoportfolio.pp')
| -rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 0f26527..d2323a4 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
| @@ -1,7 +1,9 @@ | |||
| 1 | class role::cryptoportfolio { | 1 | class role::cryptoportfolio { |
| 2 | include "base_installation" | 2 | include "base_installation" |
| 3 | 3 | ||
| 4 | include "profile::tools" | ||
| 4 | include "profile::postgresql" | 5 | include "profile::postgresql" |
| 6 | include "profile::apache" | ||
| 5 | 7 | ||
| 6 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | 8 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } |
| 7 | 9 | ||
| @@ -47,11 +49,24 @@ class role::cryptoportfolio { | |||
| 47 | order => "b0", | 49 | order => "b0", |
| 48 | } | 50 | } |
| 49 | 51 | ||
| 50 | class { 'nginx': } | 52 | letsencrypt::certonly { $cf_front_app_host: ; |
| 53 | default: * => $::profile::apache::letsencrypt_certonly_default; | ||
| 54 | } | ||
| 51 | 55 | ||
| 52 | nginx::resource::server { $cf_front_app_host: | 56 | class { 'apache::mod::headers': } |
| 53 | listen_port => 80, | 57 | apache::vhost { $cf_front_app_host: |
| 54 | proxy => 'http://localhost:8000', | 58 | port => '443', |
| 59 | docroot => false, | ||
| 60 | manage_docroot => false, | ||
| 61 | proxy_dest => "http://localhost:8000", | ||
| 62 | request_headers => 'set X-Forwarded-Proto "https"', | ||
| 63 | ssl => true, | ||
| 64 | ssl_cert => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem", | ||
| 65 | ssl_key => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem", | ||
| 66 | ssl_chain => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem", | ||
| 67 | require => Letsencrypt::Certonly[$cf_front_app_host], | ||
| 68 | proxy_preserve_host => true; | ||
| 69 | default: * => $::profile::apache::apache_vhost_default; | ||
| 55 | } | 70 | } |
| 56 | 71 | ||
| 57 | user { $cf_user: | 72 | user { $cf_user: |