dns/dns-ops
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add LE SSL options

Browse source
This commit is contained in:
pettai 2024-06-14 12:04:35 +02:00
parent 3c956bbb01
commit d273d9db96
No known key found for this signature in database
GPG key ID: CDF2C381E9A751BD
2 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
global/overlay/etc/puppet/modules/dns/manifests/apache2.pp
View file

@ -32,6 +32,13 @@ class dns::apache2 (
refreshonly => true, refreshonly => true,
notify => Service['apache2'], notify => Service['apache2'],
} }
file {'/etc/letsencrypt/options-ssl-apache.conf':
ensure => present,
source => "cp /usr/lib/python3/dist-packages/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf",
}
# NFT rules
sunet::nftables::rule { 'apache-http': sunet::nftables::rule { 'apache-http':
rule => "add rule inet filter input tcp dport 80 counter accept comment \"allow-apache2-http\"" rule => "add rule inet filter input tcp dport 80 counter accept comment \"allow-apache2-http\""
} }

1
global/overlay/etc/puppet/modules/dns/templates/apache2/dns-rest-api.conf.erb
View file

@ -22,5 +22,6 @@
ServerName dns-rest-api.sunet.se ServerName dns-rest-api.sunet.se
SSLCertificateFile /etc/letsencrypt/live/dns-rest-api.sunet.se/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/dns-rest-api.sunet.se/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dns-rest-api.sunet.se/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/dns-rest-api.sunet.se/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost> </VirtualHost>
</IfModule> </IfModule>