diff options
| author | Micah <micah@leap.se> | 2016-05-03 13:21:17 -0400 |
|---|---|---|
| committer | Micah <micah@leap.se> | 2016-05-03 13:21:17 -0400 |
| commit | 3b5ce74f81bb56af0b94a119a85649446a3d6e19 (patch) | |
| tree | aa59351dc0600bfba69e9b5c84d69b3c1dd80dfd | |
| parent | e0e3bc3478b3b7ca1afe24ff7e44dbdfa384ea44 (diff) | |
migrate from obsolete SSLCertificateChainFile apache option (#8055)
Change-Id: I20a28ae77c98071aefc1933e0ea73e5f3b895acb
4 files changed, 7 insertions, 8 deletions
diff --git a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb index b24d1353..bf60e794 100644 --- a/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb +++ b/puppet/modules/site_apache/templates/vhosts.d/common.conf.erb @@ -16,7 +16,6 @@ CustomLog ${APACHE_LOG_DIR}/other_vhosts_access.log common SSLCACertificatePath /etc/ssl/certs - SSLCertificateChainFile <%= scope.lookupvar('x509::variables::local_CAs') %>/<%= scope.lookupvar('site_config::params::commercial_ca_name') %>.crt SSLCertificateKeyFile <%= scope.lookupvar('x509::variables::keys') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.key SSLCertificateFile <%= scope.lookupvar('x509::variables::certs') %>/<%= scope.lookupvar('site_config::params::commercial_cert_name') %>.crt diff --git a/puppet/modules/site_config/manifests/x509/commercial/cert.pp b/puppet/modules/site_config/manifests/x509/commercial/cert.pp index d71d9838..9dd6ffcd 100644 --- a/puppet/modules/site_config/manifests/x509/commercial/cert.pp +++ b/puppet/modules/site_config/manifests/x509/commercial/cert.pp @@ -4,9 +4,12 @@ class site_config::x509::commercial::cert { $x509 = hiera('x509') $cert = $x509['commercial_cert'] + $ca = $x509['commercial_ca_cert'] + + $cafile = "${cert}\n${ca}" x509::cert { $site_config::params::commercial_cert_name: - content => $cert + content => $cafile } } diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp index 8b9378f2..b26cc9e3 100644 --- a/puppet/modules/site_static/manifests/domain.pp +++ b/puppet/modules/site_static/manifests/domain.pp @@ -11,22 +11,20 @@ define site_static::domain ( $domain = $name $base_dir = '/srv/static' + $cafile = "${cert}\n${ca_cert}" + if is_hash($locations) { create_resources(site_static::location, $locations) } x509::cert { $domain: - content => $cert, + content => $cafile, notify => Service[apache] } x509::key { $domain: content => $key, notify => Service[apache] } - x509::ca { "${domain}_ca": - content => $ca_cert, - notify => Service[apache] - } apache::vhost::file { $domain: content => template('site_static/apache.conf.erb') diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb index 2853c5c7..6b969d1c 100644 --- a/puppet/modules/site_static/templates/apache.conf.erb +++ b/puppet/modules/site_static/templates/apache.conf.erb @@ -56,7 +56,6 @@ SSLCertificateKeyFile /etc/x509/keys/<%= @domain %>.key SSLCertificateFile /etc/x509/certs/<%= @domain %>.crt - SSLCertificateChainFile /etc/ssl/certs/<%= @domain %>_ca.pem RequestHeader set X_FORWARDED_PROTO 'https' |