bundles/nginx: support disabling ssl for each vhost individually
All checks were successful
bundlewrap/pipeline/head This commit looks good
All checks were successful
bundlewrap/pipeline/head This commit looks good
This commit is contained in:
parent
228786f6aa
commit
74d81eb7ba
GPG key ID:
12E3D2136B818350
5 changed files with 27 additions and 13 deletions
|
|
@ -47,12 +47,15 @@ svc_systemd = {
|
|||
},
|
||||
}
|
||||
|
||||
if node.metadata['nginx']['use_ssl_for_all_connections']:
|
||||
# TODO rework this to support specifying a certificate instead of
|
||||
# relying on letsencrypt for the specific domain (for example to
|
||||
# support wildcard certificates
|
||||
assert node.has_bundle('letsencrypt'), 'nginx needs letsencrypt'
|
||||
# Always redirect all traffic to HTTPS, except if there is only one
|
||||
# vhost and this vhost has ssl disabled.
|
||||
install_port80_redirect = True
|
||||
if len(node.metadata.get('nginx/vhosts', {})) == 1:
|
||||
vhost_name = list(node.metadata['nginx']['vhosts'].keys())[0]
|
||||
if node.metadata.get('nginx/vhosts/{}/ssl'.format(vhost_name), 'letsencrypt') == False:
|
||||
install_port80_redirect = False
|
||||
|
||||
if install_port80_redirect:
|
||||
files['/etc/nginx/sites/000-port80.conf'] = {
|
||||
'source': 'port80.conf',
|
||||
'triggers': {
|
||||
|
|
@ -88,5 +91,5 @@ for vhost, config in node.metadata.get('nginx/vhosts', {}).items():
|
|||
|
||||
directories['/var/www/{}'.format(vhost)].update(config.get('webroot_config', {}))
|
||||
|
||||
if node.metadata['nginx']['use_ssl_for_all_connections']:
|
||||
if config.get('ssl', 'letsencrypt') == 'letsencrypt':
|
||||
files['/etc/nginx/sites/{}'.format(vhost)]['needs'].add('action:letsencrypt_ensure-some-certificate_{}'.format(config['domain']))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue