kosmos/chef
8
3
Fork 0
Code Issues 32 Pull Requests 1 Projects 2 Activity

Create a nginx_certbot_site resource to remove duplication

Browse Source 
It creates a folder, the nginx vhost for certbot and HTTP redirects, and
also runs certbot and recreates the nginx vhost that includes the TLS
cert
This commit is contained in:
Greg Karékinian
2019-03-15 19:03:28 +01:00
parent b30dcab4da
commit 17f1b2a20a
23 changed files with 152 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
site-cookbooks/kosmos-hubot/templates/default/nginx_conf_hubot.erb
View File

@@ -5,24 +5,10 @@ upstream _express_<%= @server_name.gsub(".", "_") %> {
server localhost:<%= @express_port %>;
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
listen 80;
server_name <%= @server_name %>;
# For Let's Encrypt ACME verification
location /.well-known {
root "/var/www/<%= @server_name %>";
}
location / {
return 301 https://$host$request_uri;
}
}
server {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen 443 ssl http2;
add_header Strict-Transport-Security "max-age=15768000";
<% end -%>
server_name <%= @server_name %>;
@@ -37,8 +23,7 @@ server {
proxy_http_version 1.1;
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
<% end -%>
}
<% end -%>