reversing steps to create cert

2017-07-22 12:38:36 +01:00
parent d5a5afcfc3
commit a38ace2f06
3 changed files with 12 additions and 7 deletions
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -208,6 +208,10 @@
 #   used for nagios itself as well as for certbot.
 # @param  [boolean] ng_enable_index Whether to create an index file to allow
 #   httpd checks with nagios on the nagios server.
+# @param  [string] ng_webserver_name the name of the web server nagios should
+#   listen to, i.e. 'nagios.example.net'. Unlike `ng_nagios_server`, this
+#   should not be the FQDN of the nagios host, but a web server domain name.
+#   required for certbot and used in the web templates.
 ###############################################################################
 class cd_nagios::params (

@@ -324,6 +328,7 @@ $ng_enable_index      = true,
 # certbot
 $ng_enable_certbot    = true,
 $ng_certbot_cert_path = '/var/www/html',
+$ng_webserver_name    = "nagios.${::domain}",

 ) {

--- a/templates/certbot/get_cert.erb
+++ b/templates/certbot/get_cert.erb
@@ -1,2 +1,2 @@
-certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_cert_path %>/ -d <%= @ng_nagios_server %> --email <%= @ng_mail_user %>
+certbot certonly -t -n --agree-tos --webroot -w <%= @ng_certbot_cert_path %>/ -d www.<%= @ng_webserver_name %> -d <%= @ng_webserver_name %> --email <%= @ng_mail_user %>
 touch /etc/httpd/conf.d/.cert_created
--- a/templates/httpd/forward_conf.erb
+++ b/templates/httpd/forward_conf.erb
@@ -1,17 +1,17 @@
 <VirtualHost *:<%= @ng_http_port %>>
    ServerAdmin root@localhost
    DocumentRoot /var/www/html
-    ServerName www.<%= @ng_nagios_server %>
-    ServerAlias <%= @ng_nagios_server %>
+    ServerName www.<%= @ng_webserver_name %>
+    ServerAlias <%= @ng_webserver_name %>
 <% if @ng_use_https == true -%>
-    Redirect permanent / https://<%= @ng_nagios_server %>/nagios
+    Redirect permanent / https://<%= @ng_webserver_name %>/nagios
 <% end -%>
 <% if @ng_use_https != true -%>
-    Redirect permanent / http://<%= @ng_nagios_server %>/nagios
+    Redirect permanent / http://<%= @ng_webserver_name %>/nagios
 <% end -%>
    <Directory />
    AllowOverride All
    </Directory>
-    ErrorLog /var/log/httpd/<%= @ng_nagios_server %>-error_log
-    CustomLog /var/log/httpd/<%= @ng_nagios_server %>-access_log common
+    ErrorLog /var/log/httpd/<%= @ng_webserver_name %>-error_log
+    CustomLog /var/log/httpd/<%= @ng_webserver_name %>-access_log common
 </VirtualHost>