Install certificate files

2024-10-11 11:38:58 +02:00 · 2024-10-11 11:38:58 +02:00 · 88e3771f6e
parent 3df9990cdc
commit 88e3771f6e
2 changed files with 29 additions and 1 deletions
--- a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
+++ b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp
@ -70,6 +70,34 @@ class cdn::cache(
          mode   => '0750',
        }

+        file { "/opt/sunet-cdn/customers/$customer/certs-private":
+          ensure => directory,
+          owner  => $customer_uid,
+          group  => $customer_uid,
+          mode   => '0750',
+        }
+
+        $combined_pem = "/opt/sunet-cdn/customers/$customer/certs-private/combined.pem"
+
+        concat { $combined_pem:
+          ensure => present,
+          owner => $customer_uid,
+          group => $customer_uid,
+          mode => '0640'.
+        }
+
+        concat::fragment { "$customer-fullchain-${$cache_secrets['customers'][$customer]['host']}":
+          target  => $combined_pem,
+          source => "/etc/letsencrypt/live/$cache_secrets['customers'][$customer]['host']/fullchain.pem",
+          order   => '01'
+        }
+
+        concat::fragment { "$customer-privkey-${$cache_secrets['customers'][$customer]['host']}":
+          target  => $combined_pem,
+          source => "/etc/letsencrypt/live/$cache_secrets['customers'][$customer]['host']/privkey.pem",
+          order   => '02'
+        }
+
        file { "/opt/sunet-cdn/customers/$customer/conf/haproxy.cfg":
          ensure  => file,
          owner   => $customer_uid,
--- a/global/overlay/etc/puppet/modules/cdn/templates/cache/haproxy.cfg.erb
+++ b/global/overlay/etc/puppet/modules/cdn/templates/cache/haproxy.cfg.erb
@ -29,7 +29,7 @@ defaults

 frontend customer
 	bind <%= @customer_ip %>:80
-        bind <%= @customer_ip %>:443 ssl crt /certs-private/customer.pem
+        bind <%= @customer_ip %>:443 ssl crt /certs-private/combined.pem
 	default_backend varnish

 backend varnish