Skip to content

Commit a91106b

Browse files
JacobCoffeeJacobCoffee
authored
fix(planet): remove lego in favor of haproxy (#477)
* fix: remove lego from pythonplanet in favor of haproxy * chore: clean up unused server blocks
1 parent 37e194a commit a91106b

File tree

2 files changed

+0
-50
lines changed

2 files changed

+0
-50
lines changed

salt/planet/config/nginx.planet.conf.jinja

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,5 @@
11
{% for site, info in salt["pillar.get"]("planet", {}).get("sites").items() %}
22

3-
server {
4-
listen 80 default_server;
5-
server_name {{ site }};
6-
7-
location /.well-known/acme-challenge/ {
8-
alias /etc/lego/.well-known/acme-challenge/;
9-
try_files $uri =404;
10-
}
11-
12-
location / {
13-
return 301 https://$host$request_uri;
14-
}
15-
}
16-
17-
server {
18-
listen 443 ssl;
19-
server_name {{ site }};
20-
error_log /var/log/nginx/{{ site }}.error.log;
21-
access_log /var/log/nginx/{{ site }}.access.log;
22-
ssl_certificate /etc/lego/certificates/{{ grains['fqdn'] }}.crt;
23-
ssl_certificate_key /etc/lego/certificates/{{ grains['fqdn'] }}.key;
24-
25-
root /srv/{{ site }}/;
26-
}
27-
283
server {
294
listen 9000 ssl;
305
server_name {{ site }};

salt/planet/init.sls

Lines changed: 0 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
include:
22
- nginx
3-
- tls.lego
43

54
git:
65
pkg.installed
@@ -33,30 +32,6 @@ planet-user:
3332
- require:
3433
- pkg: consul-pkgs
3534

36-
lego_bootstrap:
37-
cmd.run:
38-
- name: /usr/local/bin/lego -a --email="[email protected]" {% if pillar["dc"] == "vagrant" %}--server=https://salt-master.vagrant.psf.io:14000/dir{% endif %} --domains="{{ grains['fqdn'] }}" {%- for domain in pillar['planet']['subject_alternative_names'] %} --domains {{ domain }}{%- endfor %} --http --path /etc/lego --key-type ec256 run
39-
- creates: /etc/lego/certificates/{{ grains['fqdn'] }}.json
40-
41-
lego_renew:
42-
cron.present:
43-
- name: sudo -u nginx /usr/local/bin/lego -a --email="[email protected]" {% if pillar["dc"] == "vagrant" %}--server=https://salt-master.vagrant.psf.io:14000/dir{% endif %} --domains="{{ grains['fqdn'] }}" {%- for domain in pillar['planet']['subject_alternative_names'] %} --domains {{ domain }}{%- endfor %} --http --http.webroot /etc/lego --path /etc/lego --key-type ec256 renew --days 30 && /usr/sbin/service nginx reload
44-
- identifier: roundup_lego_renew
45-
- hour: 0
46-
- minute: random
47-
48-
lego_config:
49-
file.managed:
50-
- name: /etc/nginx/conf.d/lego.conf
51-
- source: salt://tls/config/lego.conf.jinja
52-
- template: jinja
53-
- user: root
54-
- group: root
55-
- mode: "0644"
56-
- require:
57-
- sls: tls.lego
58-
- cmd: lego_bootstrap
59-
6035
/srv/planet/:
6136
file.directory:
6237
- user: planet

0 commit comments

Comments
 (0)