41 lines
1.1 KiB
Ruby
41 lines
1.1 KiB
Ruby
#
|
|
# Cookbook Name:: kosmos-parity
|
|
# Recipe:: letsencrypt
|
|
#
|
|
# Copyright 2017, Kosmos
|
|
#
|
|
# All rights reserved - Do Not Redistribute
|
|
#
|
|
|
|
include_recipe "kosmos-base::letsencrypt"
|
|
|
|
hostname = node['kosmos-parity']['hostname']
|
|
|
|
directory "/var/www/#{hostname}/.well-known/acme-challenge" do
|
|
owner node["nginx"]["user"]
|
|
group node["nginx"]["group"]
|
|
action :create
|
|
recursive true
|
|
end
|
|
|
|
template "#{node['nginx']['dir']}/sites-available/#{hostname}" do
|
|
source 'nginx_conf_parity_letsencrypt.erb'
|
|
owner 'www-data'
|
|
mode 0640
|
|
variables server_name: hostname,
|
|
ssl_cert: "/etc/letsencrypt/live/#{hostname}/fullchain.pem",
|
|
ssl_key: "/etc/letsencrypt/live/#{hostname}/privkey.pem"
|
|
notifies :reload, 'service[nginx]', :delayed
|
|
end
|
|
|
|
nginx_site "#{hostname}" do
|
|
action :enable
|
|
end
|
|
|
|
execute "letsencrypt cert for #{hostname}" do
|
|
command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{hostname} -d #{hostname} -n"
|
|
cwd "/usr/local/certbot"
|
|
not_if { File.exist? "/etc/letsencrypt/live/#{hostname}/fullchain.pem" }
|
|
notifies :reload, "service[nginx]", :delayed
|
|
end
|