Create a nginx_certbot_site resource to remove duplication

It creates a folder, the nginx vhost for certbot and HTTP redirects, and
also runs certbot and recreates the nginx vhost that includes the TLS
cert
This commit is contained in:
Greg Karékinian
2019-03-15 19:03:28 +01:00
parent b30dcab4da
commit 17f1b2a20a
23 changed files with 152 additions and 302 deletions

View File

@@ -0,0 +1 @@
node.default["kosmos-wordpress"]["nginx"]["domain"] = "blog.kosmos.org"

View File

@@ -34,23 +34,15 @@ include_recipe "kosmos-nginx"
include_recipe "wordpress::app"
unless node.chef_environment == "development"
include_recipe "kosmos-base::letsencrypt"
server_name = node['wordpress']['server_name']
execute "letsencrypt cert for blog.kosmos.org" do
command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{node['wordpress']['dir']} -d blog.kosmos.org -n"
not_if { File.exist? "/etc/letsencrypt/live/blog.kosmos.org/fullchain.pem" }
notifies :reload, "service[nginx]", :delayed
end
end
ssl_cert = "/etc/letsencrypt/live/blog.kosmos.org/fullchain.pem"
ssl_key = "/etc/letsencrypt/live/blog.kosmos.org/privkey.pem"
template "#{node['nginx']['dir']}/sites-available/wordpress" do
ssl_cert = "/etc/letsencrypt/live/#{server_name}/fullchain.pem"
ssl_key = "/etc/letsencrypt/live/#{server_name}/privkey.pem"
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
source "nginx.conf.erb"
variables(
docroot: node['wordpress']['dir'],
server_name: node['wordpress']['server_name'],
server_name: server_name,
server_aliases: node['wordpress']['server_aliases'],
server_port: node['wordpress']['server_port'],
ssl_cert: ssl_cert,
@@ -60,6 +52,8 @@ template "#{node['nginx']['dir']}/sites-available/wordpress" do
notifies :reload, "service[nginx]", :delayed
end
nginx_site 'wordpress' do
enable true
nginx_site server_name do
action :enable
end
nginx_certbot_site server_name