Deploy `dhparams_4096.pem` & `ticket.key`.

2019-11-03 13:32:08 +08:00 · 2019-11-03 13:32:08 +08:00 · 28053a2c37
parent 37e11592cd
commit 28053a2c37
3 changed files with 12 additions and 2 deletions
--- a/cookbooks/blog/ssl.rb
+++ b/cookbooks/blog/ssl.rb
@ -1,6 +1,8 @@
-remote_file "/etc/letsencrypt/live/#{node['blog']['FQDN']}/dhparams_4096.pem" do
+remote_file "/etc/lego/dhparams_4096.pem" do
  owner 'root'
  group 'root'
+  mode '444'
 end

-execute "openssl rand 48 > /etc/letsencrypt/live/#{node['blog']['FQDN']}/ticket.key"
+execute "openssl rand 48 > /etc/lego/ticket.key"
+
--- a/cookbooks/blog/files/etc/letsencrypt/live/blog.kazu634.com/dhparams_4096.pem
+++ b/cookbooks/blog/files/etc/letsencrypt/live/blog.kazu634.com/dhparams_4096.pem
--- a/cookbooks/nginx/lego.rb
+++ b/cookbooks/nginx/lego.rb
@ -98,3 +98,11 @@ encrypted_remote_file '/etc/cron.d/lego' do
  source   'files/etc/cron.d/lego'
  password ENV['ITAMAE_PASSWORD']
 end
+
+remote_file "/etc/lego/dhparams_4096.pem" do
+  owner 'root'
+  group 'root'
+  mode '444'
+end
+
+execute "openssl rand 48 > /etc/lego/ticket.key"