kosmos/chef
8
3
Fork 0
Code Issues 32 Pull Requests 1 Projects 2 Activity

Create a nginx_certbot_site resource to remove duplication

Browse Source 
It creates a folder, the nginx vhost for certbot and HTTP redirects, and
also runs certbot and recreates the nginx vhost that includes the TLS
cert
This commit is contained in:
Greg Karékinian
2019-03-15 19:03:28 +01:00
parent b30dcab4da
commit 17f1b2a20a
23 changed files with 152 additions and 302 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
site-cookbooks/kosmos-mediawiki/templates/default/nginx.conf.erb
View File

@@ -1,21 +1,6 @@
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
server {
listen 80;
server_name <%= @server_name %>;
access_log /var/log/nginx/<%= @server_name %>.access.log;
error_log /var/log/nginx/<%= @server_name %>.error.log;
location /.well-known {
root <%= @docroot %>;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen 443 ssl;
<% end -%>
server_name <%= @server_name %>;
access_log /var/log/nginx/<%= @server_name %>.access.log;
@@ -38,9 +23,8 @@ server {
fastcgi_param HTTP_PROXY "";
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
<% end -%>
}
<% end -%>