diff --git a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp index 15c9da1..2cff94e 100644 --- a/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp +++ b/global/overlay/etc/puppet/modules/cdn/manifests/cache.pp @@ -70,6 +70,34 @@ class cdn::cache( mode => '0750', } + file { "/opt/sunet-cdn/customers/$customer/certs-private": + ensure => directory, + owner => $customer_uid, + group => $customer_uid, + mode => '0750', + } + + $combined_pem = "/opt/sunet-cdn/customers/$customer/certs-private/combined.pem" + + concat { $combined_pem: + ensure => present, + owner => $customer_uid, + group => $customer_uid, + mode => '0640'. + } + + concat::fragment { "$customer-fullchain-${$cache_secrets['customers'][$customer]['host']}": + target => $combined_pem, + source => "/etc/letsencrypt/live/$cache_secrets['customers'][$customer]['host']/fullchain.pem", + order => '01' + } + + concat::fragment { "$customer-privkey-${$cache_secrets['customers'][$customer]['host']}": + target => $combined_pem, + source => "/etc/letsencrypt/live/$cache_secrets['customers'][$customer]['host']/privkey.pem", + order => '02' + } + file { "/opt/sunet-cdn/customers/$customer/conf/haproxy.cfg": ensure => file, owner => $customer_uid, diff --git a/global/overlay/etc/puppet/modules/cdn/templates/cache/haproxy.cfg.erb b/global/overlay/etc/puppet/modules/cdn/templates/cache/haproxy.cfg.erb index 7822d49..f632368 100644 --- a/global/overlay/etc/puppet/modules/cdn/templates/cache/haproxy.cfg.erb +++ b/global/overlay/etc/puppet/modules/cdn/templates/cache/haproxy.cfg.erb @@ -29,7 +29,7 @@ defaults frontend customer bind <%= @customer_ip %>:80 - bind <%= @customer_ip %>:443 ssl crt /certs-private/customer.pem + bind <%= @customer_ip %>:443 ssl crt /certs-private/combined.pem default_backend varnish backend varnish