Use variable instead of hardcoding domain
The domain name is hardcoded exactly 12 times in just the letsencrypt recipe.
This commit is contained in:
parent
c3135402ad
commit
a77580d6da
|
@ -1,3 +1,8 @@
|
|||
# Override to connect to the IPFS cluster proxy on port 9095
|
||||
# (https://cluster.ipfs.io/documentation/composite-clusters/)
|
||||
|
||||
# FIXME api_port should come from the ipfs cookbook/attributes
|
||||
# It has nothing to do with nginx
|
||||
node.default['kosmos-ipfs']['nginx']['api_port'] = 5001
|
||||
|
||||
node.default['kosmos-ipfs']['nginx']['domain'] = "ipfs.kosmos.org"
|
||||
|
|
|
@ -14,7 +14,7 @@ end
|
|||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
root_directory = "/var/www/ipfs.kosmos.org"
|
||||
root_directory = "/var/www/#{node["kosmos-ipfs"]["nginx"]["domain"]}"
|
||||
|
||||
directory "#{root_directory}/.well-known/acme-challenge" do
|
||||
owner node["nginx"]["user"]
|
||||
|
@ -23,21 +23,21 @@ directory "#{root_directory}/.well-known/acme-challenge" do
|
|||
recursive true
|
||||
end
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/ipfs.kosmos.org" do
|
||||
source 'nginx_conf_ipfs.kosmos.org.erb'
|
||||
template "#{node['nginx']['dir']}/sites-available/#{node["kosmos-ipfs"]["nginx"]["domain"]}" do
|
||||
source "nginx_conf_#{node["kosmos-ipfs"]["nginx"]["domain"]}.erb"
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: 'ipfs.kosmos.org',
|
||||
variables server_name: node["kosmos-ipfs"]["nginx"]["domain"],
|
||||
root_directory: root_directory,
|
||||
ssl_cert: "/etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/ipfs.kosmos.org/privkey.pem",
|
||||
ssl_cert: "/etc/letsencrypt/live/#{node["kosmos-ipfs"]["nginx"]["domain"]}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{node["kosmos-ipfs"]["nginx"]["domain"]}/privkey.pem",
|
||||
ipfs_api_port: node['kosmos-ipfs']['nginx']['api_port'],
|
||||
ipfs_external_api_port: 5444
|
||||
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site 'ipfs.kosmos.org' do
|
||||
nginx_site node["kosmos-ipfs"]["nginx"]["domain"] do
|
||||
enable true
|
||||
end
|
||||
|
||||
|
@ -51,12 +51,12 @@ unless node.chef_environment == "development"
|
|||
|
||||
# Generate a Let's Encrypt cert (only if the nginx vhost exists and no cert
|
||||
# has been generated before. The renew cron will take care of renewing
|
||||
execute "letsencrypt cert for ipfs.kosmos.org" do
|
||||
command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{root_directory} -d ipfs.kosmos.org -n"
|
||||
execute "letsencrypt cert for #{node["kosmos-ipfs"]["nginx"]["domain"]}" do
|
||||
command "/usr/bin/certbot certonly --webroot --agree-tos --email ops@5apps.com --webroot-path #{root_directory} -d #{node["kosmos-ipfs"]["nginx"]["domain"]} -n"
|
||||
only_if do
|
||||
File.exist?("#{node['nginx']['dir']}/sites-enabled/ipfs.kosmos.org") &&
|
||||
!File.exist?("/etc/letsencrypt/live/ipfs.kosmos.org/fullchain.pem")
|
||||
File.exist?("#{node['nginx']['dir']}/sites-enabled/#{node["kosmos-ipfs"]["nginx"]["domain"]}") &&
|
||||
!File.exist?("/etc/letsencrypt/live/#{node["kosmos-ipfs"]["nginx"]["domain"]}/fullchain.pem")
|
||||
end
|
||||
notifies :create, "template[#{node['nginx']['dir']}/sites-available/ipfs.kosmos.org]", :delayed
|
||||
notifies :create, "template[#{node['nginx']['dir']}/sites-available/#{node["kosmos-ipfs"]["nginx"]["domain"]}]", :delayed
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue