diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-02-20 11:32:40 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2018-02-20 11:32:40 +0100 |
commit | 73bca64c33744027a0e800ce6c98a549ec924c6e (patch) | |
tree | 42cc09c283a7b0f6fce4f7dde22cd9213408111f /modules/role | |
parent | 428fcf14be3943fc01d234a5e622c7f8706bcb73 (diff) | |
parent | 5be7de41fe02fe60fbbac530e6729f74e206aea3 (diff) | |
download | Puppet-73bca64c33744027a0e800ce6c98a549ec924c6e.tar.gz Puppet-73bca64c33744027a0e800ce6c98a549ec924c6e.tar.zst Puppet-73bca64c33744027a0e800ce6c98a549ec924c6e.zip |
Merge branch 'letsencrypt'
Diffstat (limited to 'modules/role')
-rw-r--r-- | modules/role/manifests/cryptoportfolio.pp | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/modules/role/manifests/cryptoportfolio.pp b/modules/role/manifests/cryptoportfolio.pp index 0f26527..d2323a4 100644 --- a/modules/role/manifests/cryptoportfolio.pp +++ b/modules/role/manifests/cryptoportfolio.pp | |||
@@ -1,7 +1,9 @@ | |||
1 | class role::cryptoportfolio { | 1 | class role::cryptoportfolio { |
2 | include "base_installation" | 2 | include "base_installation" |
3 | 3 | ||
4 | include "profile::tools" | ||
4 | include "profile::postgresql" | 5 | include "profile::postgresql" |
6 | include "profile::apache" | ||
5 | 7 | ||
6 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } | 8 | $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } |
7 | 9 | ||
@@ -47,11 +49,24 @@ class role::cryptoportfolio { | |||
47 | order => "b0", | 49 | order => "b0", |
48 | } | 50 | } |
49 | 51 | ||
50 | class { 'nginx': } | 52 | letsencrypt::certonly { $cf_front_app_host: ; |
53 | default: * => $::profile::apache::letsencrypt_certonly_default; | ||
54 | } | ||
51 | 55 | ||
52 | nginx::resource::server { $cf_front_app_host: | 56 | class { 'apache::mod::headers': } |
53 | listen_port => 80, | 57 | apache::vhost { $cf_front_app_host: |
54 | proxy => 'http://localhost:8000', | 58 | port => '443', |
59 | docroot => false, | ||
60 | manage_docroot => false, | ||
61 | proxy_dest => "http://localhost:8000", | ||
62 | request_headers => 'set X-Forwarded-Proto "https"', | ||
63 | ssl => true, | ||
64 | ssl_cert => "/etc/letsencrypt/live/$cf_front_app_host/cert.pem", | ||
65 | ssl_key => "/etc/letsencrypt/live/$cf_front_app_host/privkey.pem", | ||
66 | ssl_chain => "/etc/letsencrypt/live/$cf_front_app_host/chain.pem", | ||
67 | require => Letsencrypt::Certonly[$cf_front_app_host], | ||
68 | proxy_preserve_host => true; | ||
69 | default: * => $::profile::apache::apache_vhost_default; | ||
55 | } | 70 | } |
56 | 71 | ||
57 | user { $cf_user: | 72 | user { $cf_user: |