sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Only bind certbot to machine-specific IP

Browse source 
Because there will be haproxy instances running next to this service we
can only listen to the machine-local address not the default of "all addreses":

Error seen:
```
Could not bind TCP port 80 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.
```
This commit is contained in:
Patrik Lundin 2024-11-04 09:26:42 +01:00
parent d4f938770a
commit b4261094a7
Signed by: patlu
GPG key ID: A0A812BA2249F294
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
global/overlay/etc/puppet/modules/cdn/manifests/mqtt.pp
View file

@ -50,7 +50,7 @@ class cdn::mqtt(
content => file('cdn/mqtt/sunet-cdn-mqtt'),
}
exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]}":
exec { "certbot certonly -n --email patlu@sunet.se --no-eff-email --agree-tos --standalone -d ${my_fqdn} --server ${acme_url[$environment]} --http-01-address ${facts['networking']['ip']}":
creates => "/etc/letsencrypt/live/${my_fqdn}/fullchain.pem"
}
}