Commit | Line | Data |
---|---|---|
a956d7ec GXT |
1 | env: |
2 | LETSENCRYPT_DIR: "/shared/letsencrypt" | |
3 | ||
6ca9e768 GXT |
4 | hooks: |
5 | after_ssl: | |
6 | - exec: | |
7 | cmd: | |
8 | - cd /root && git clone https://github.com/Neilpang/le.git | |
9 | - touch /var/spool/cron/crontabs/root | |
10 | - install -d -m 0755 -g root -o root $LETSENCRYPT_DIR | |
11 | - cd /root/le && LE_WORKING_DIR="${LETSENCRYPT_DIR}" ./le.sh install | |
12 | ||
13 | - file: | |
14 | path: /etc/runit/1.d/letsencrypt | |
15 | chmod: "+x" | |
16 | contents: | | |
17 | #!/bin/bash | |
18 | set -e | |
19 | LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh issue no $$ENV_DISCOURSE_HOSTNAME no 4096 | |
20 | LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh installcert $$ENV_DISCOURSE_HOSTNAME /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer "sv reload nginx" | |
21 | # After the initial install, switch to Webroot plugin | |
22 | LE_WORKING_DIR="$$ENV_LETSENCRYPT_DIR" $$ENV_LETSENCRYPT_DIR/le.sh _setopt $$ENV_LETSENCRYPT_DIR/$$ENV_DISCOURSE_HOSTNAME/$$ENV_DISCOURSE_HOSTNAME.conf "Le_Webroot" "=" "/var/www/discourse/public" | |
23 | ||
24 | - replace: | |
25 | filename: "/etc/nginx/conf.d/discourse.conf" | |
26 | from: /ssl_certificate.+/ | |
27 | to: | | |
28 | ssl_certificate /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.cer; | |
29 | ||
30 | - replace: | |
31 | filename: "/etc/nginx/conf.d/discourse.conf" | |
32 | from: /ssl_certificate_key.+/ | |
33 | to: | | |
34 | ssl_certificate_key /shared/ssl/$$ENV_DISCOURSE_HOSTNAME.key; # remember the certificate for 2 months and automatically connect to HTTPS for this domain | |
35 | ||
36 | - replace: | |
37 | filename: "/etc/nginx/conf.d/discourse.conf" | |
38 | from: /add_header.+/ | |
39 | to: | | |
40 | add_header Strict-Transport-Security 'max-age=5184000'; | |
a956d7ec | 41 | |
a956d7ec | 42 |