chef/site-cookbooks/kosmos-nginx/recipes/with_perl.rb

node.override['nginx']['default_site_enabled'] = false
node.override['nginx']['server_tokens']        = 'off'

node.override['nginx']['package_name'] = 'nginx-core'
include_recipe 'nginx'

package 'libnginx-mod-http-perl'

# Generate Strong Diffie-Hellman Group (increases security)
# https://weakdh.org/sysadmin.html
openssl_dhparam "/etc/ssl/private/dhparams.pem" do
  key_length 2048
  mode 0600
  owner 'www-data'
end

cookbook_file "#{node['nginx']['dir']}/conf.d/tls_config.conf" do
  source 'nginx_tls_config.conf'
  owner  'root'
  group  'root'
  mode   '0644'
  notifies :restart, 'service[nginx]'
end

unless node.chef_environment == "development"
  include_recipe 'kosmos-base::firewall'

  firewall_rule 'http/https' do
    port     [80, 443]
    protocol :tcp
    command  :allow
  end
end