From 28053a2c370840e2facfb04c0234249ef849e3fb Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 3 Nov 2019 13:32:08 +0800 Subject: [PATCH] Deploy `dhparams_4096.pem` & `ticket.key`. --- cookbooks/blog/ssl.rb | 6 ++++-- .../files/etc/lego}/dhparams_4096.pem | 0 cookbooks/nginx/lego.rb | 8 ++++++++ 3 files changed, 12 insertions(+), 2 deletions(-) rename cookbooks/{blog/files/etc/letsencrypt/live/blog.kazu634.com => nginx/files/etc/lego}/dhparams_4096.pem (100%) diff --git a/cookbooks/blog/ssl.rb b/cookbooks/blog/ssl.rb index 7a05379..ed9b535 100644 --- a/cookbooks/blog/ssl.rb +++ b/cookbooks/blog/ssl.rb @@ -1,6 +1,8 @@ -remote_file "/etc/letsencrypt/live/#{node['blog']['FQDN']}/dhparams_4096.pem" do +remote_file "/etc/lego/dhparams_4096.pem" do owner 'root' group 'root' + mode '444' end -execute "openssl rand 48 > /etc/letsencrypt/live/#{node['blog']['FQDN']}/ticket.key" +execute "openssl rand 48 > /etc/lego/ticket.key" + diff --git a/cookbooks/blog/files/etc/letsencrypt/live/blog.kazu634.com/dhparams_4096.pem b/cookbooks/nginx/files/etc/lego/dhparams_4096.pem similarity index 100% rename from cookbooks/blog/files/etc/letsencrypt/live/blog.kazu634.com/dhparams_4096.pem rename to cookbooks/nginx/files/etc/lego/dhparams_4096.pem diff --git a/cookbooks/nginx/lego.rb b/cookbooks/nginx/lego.rb index 43679d4..c1dc3da 100644 --- a/cookbooks/nginx/lego.rb +++ b/cookbooks/nginx/lego.rb @@ -98,3 +98,11 @@ encrypted_remote_file '/etc/cron.d/lego' do source 'files/etc/cron.d/lego' password ENV['ITAMAE_PASSWORD'] end + +remote_file "/etc/lego/dhparams_4096.pem" do + owner 'root' + group 'root' + mode '444' +end + +execute "openssl rand 48 > /etc/lego/ticket.key"