[discourse_docker.git] / templates / web.letsencrypt.ssl.template.yml

env:
  LETSENCRYPT_DIR: "/shared/letsencrypt"

hooks:
  after_ssl:
    - exec:
       cmd:
         - cd /root && git clone https://github.com/Neilpang/le.git
         - touch /var/spool/cron/crontabs/root
         - install -d -m 0755 -g root -o root $LETSENCRYPT_DIR
         - cd /root/le && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./le.sh install

    - file:
       path: /etc/runit/1.d/letsencrypt
       chmod: "+x"
       contents: |
          #!/bin/bash
          set -e
          LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh issue no $$ENV_DISCOURSE_HOSTNAME no 4096
          LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh installcert $$ENV_DISCOURSE_HOSTNAME /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer "sv reload nginx"
          # After the initial install, switch to Webroot plugin
          LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh _setopt $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME/$$ENV_DISCOURSE_HOSTNAME.conf "Le_Webroot" "=" "/var/www/discourse/public"

    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: /ssl_certificate.+/
       to: |
         ssl_certificate /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer;

    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: /ssl_certificate_key.+/
       to: |
         ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key; # remember the certificate for 2 months and automatically connect to HTTPS for this domain

    - replace:
       filename: "/etc/nginx/conf.d/discourse.conf"
       from: /add_header.+/
       to: |
         add_header Strict-Transport-Security 'max-age=5184000';
Commit	Line	Data
a956d7ec GXT	1	env:
	2	LETSENCRYPT_DIR: "/shared/letsencrypt"
	3
6ca9e768 GXT	4	hooks:
	5	after_ssl:
	6	- exec:
	7	cmd:
	8	- cd /root && git clone https://github.com/Neilpang/le.git
	9	- touch /var/spool/cron/crontabs/root
	10	- install -d -m 0755 -g root -o root $LETSENCRYPT_DIR
	11	- cd /root/le && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./le.sh install
	12
	13	- file:
	14	path: /etc/runit/1.d/letsencrypt
	15	chmod: "+x"
	16	contents: \|
	17	#!/bin/bash
	18	set -e
	19	LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh issue no $$ENV_DISCOURSE_HOSTNAME no 4096
	20	LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh installcert $$ENV_DISCOURSE_HOSTNAME /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer "sv reload nginx"
	21	# After the initial install, switch to Webroot plugin
	22	LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh _setopt $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME/$$ENV_DISCOURSE_HOSTNAME.conf "Le_Webroot" "=" "/var/www/discourse/public"
	23
	24	- replace:
	25	filename: "/etc/nginx/conf.d/discourse.conf"
	26	from: /ssl_certificate.+/
	27	to: \|
	28	ssl_certificate /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer;
	29
	30	- replace:
	31	filename: "/etc/nginx/conf.d/discourse.conf"
	32	from: /ssl_certificate_key.+/
	33	to: \|
	34	ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key; # remember the certificate for 2 months and automatically connect to HTTPS for this domain
	35
	36	- replace:
	37	filename: "/etc/nginx/conf.d/discourse.conf"
	38	from: /add_header.+/
	39	to: \|
	40	add_header Strict-Transport-Security 'max-age=5184000';
a956d7ec	41
a956d7ec	42