diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-02-07 21:57:35 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-02-07 21:57:35 -0400 |
| commit | efbb3d0e126721e0f9487f194379806c37f1988e (patch) | |
| tree | e962074d99210e22135dc4b19cdd2ae426f0248b /src/Propellor/Property/Apache.hs | |
| parent | c405edad6200319c35e2ac6a0ea7b83039c3835a (diff) | |
rethought how letsencrypt cert change is handled
Simply use onChange to let any other property by run after letsencrypt
gets/renews the cert. Much simpler and allows for revertable properties
too!
Diffstat (limited to 'src/Propellor/Property/Apache.hs')
| -rw-r--r-- | src/Propellor/Property/Apache.hs | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index c2c32a3b..d0bcadfa 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -161,12 +161,12 @@ httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos [ -- | Like `httpsVirtualHost` but with additional config lines added. httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo -httpsVirtualHost' domain docroot letos addedcfg = setup +httpsVirtualHost' domain docroot letos addedcfg = setuphttp `requires` modEnabled "rewrite" `requires` modEnabled "ssl" - `before` LetsEncrypt.letsEncrypt letos domain docroot certinstaller + `before` setuphttps where - setup = siteEnabled' domain $ + setuphttp = siteEnabled' domain $ -- The sslconffile is only created after letsencrypt gets -- the cert. The "*" is needed to make apache not error -- when the file doesn't exist. @@ -179,22 +179,21 @@ httpsVirtualHost' domain docroot letos addedcfg = setup -- Everything else redirects to https , "RewriteRule ^/(.*) https://" ++ domain ++ "/$1 [L,R,NE]" ] - certinstaller :: LetsEncrypt.CertInstaller - certinstaller newcert _domain certfile privkeyfile chainfile _fullchainfile = - combineProperties (domain ++ " ssl cert installed") + setuphttps = LetsEncrypt.letsEncrypt letos domain docroot + `onChange` combineProperties (domain ++ " ssl cert installed") [ File.dirExists (takeDirectory cf) , File.hasContent cf sslvhost `onChange` reloaded - -- always reload when the cert has changed - , check (return newcert :: IO Bool) reloaded + -- always reload since the cert has changed + , reloaded ] where cf = sslconffile "letsencrypt" sslvhost = vhost (Port 443) [ "SSLEngine on" - , "SSLCertificateFile " ++ certfile - , "SSLCertificateKeyFile " ++ privkeyfile - , "SSLCertificateChainFile " ++ chainfile + , "SSLCertificateFile " ++ LetsEncrypt.certFile domain + , "SSLCertificateKeyFile " ++ LetsEncrypt.privKeyFile domain + , "SSLCertificateChainFile " ++ LetsEncrypt.chainFile domain ] sslconffile s = "/etc/apache2/sites-available/ssl/" ++ domain ++ "/" ++ s ++ ".conf" vhost (Port p) ls = |