33 lines
762 B
Ruby
33 lines
762 B
Ruby
#
|
|
# Cookbook Name:: kosmos-nginx
|
|
# Recipe:: with_perl
|
|
#
|
|
|
|
node.override['nginx']['default_site_enabled'] = false
|
|
node.override['nginx']['server_tokens'] = 'off'
|
|
|
|
node.override['nginx']['package_name'] = 'nginx-core'
|
|
include_recipe 'nginx'
|
|
|
|
package 'libnginx-mod-http-perl'
|
|
|
|
# Generate Strong Diffie-Hellman Group (increases security)
|
|
# https://weakdh.org/sysadmin.html
|
|
openssl_dhparam "/etc/ssl/private/dhparams.pem" do
|
|
key_length 2048
|
|
mode 0600
|
|
owner 'www-data'
|
|
end
|
|
|
|
cookbook_file "#{node['nginx']['dir']}/conf.d/tls_config.conf" do
|
|
source 'nginx_tls_config.conf'
|
|
owner 'root'
|
|
group 'root'
|
|
mode '0644'
|
|
notifies :restart, 'service[nginx]'
|
|
end
|
|
|
|
unless node.chef_environment == "development"
|
|
include_recipe 'kosmos-nginx::firewall'
|
|
end
|