Create a nginx_certbot_site resource to remove duplication
It creates a folder, the nginx vhost for certbot and HTTP redirects, and also runs certbot and recreates the nginx vhost that includes the TLS cert
This commit is contained in:
Greg Karékinian
@@ -119,13 +119,6 @@ end
|
||||
|
||||
include_recipe 'kosmos-nginx'
|
||||
|
||||
directory "/var/www/#{express_domain}/.well-known/acme-challenge" do
|
||||
owner node["nginx"]["user"]
|
||||
group node["nginx"]["group"]
|
||||
recursive true
|
||||
action :create
|
||||
end
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
|
||||
source 'nginx_conf_hubot.erb'
|
||||
owner node["nginx"]["user"]
|
||||
@@ -138,13 +131,7 @@ template "#{node['nginx']['dir']}/sites-available/#{express_domain}" do
|
||||
end
|
||||
|
||||
nginx_site express_domain do
|
||||
enable true
|
||||
action :enable
|
||||
end
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
execute "letsencrypt cert for #{express_domain}" do
|
||||
command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{express_domain} -d #{express_domain} -n"
|
||||
not_if { File.exist? "/etc/letsencrypt/live/#{express_domain}/fullchain.pem" }
|
||||
notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{express_domain}]", :immediately
|
||||
end
|
||||
end
|
||||
nginx_certbot_site express_domain
|
||||
|
||||
@@ -5,19 +5,6 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {
|
||||
server localhost:<%= @express_port %>;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
# For Let's Encrypt ACME verification
|
||||
location /.well-known {
|
||||
root "/var/www/<%= @server_name %>";
|
||||
}
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
listen 443 ssl http2;
|
||||
|
||||
Reference in New Issue
Block a user