$certbot = true,
$template = 'site',
$backend = 'weblocal',
+ $aliases = "*.${name}",
) {
nginx::site::config { $name:
ensure => $ensure,
source => $source,
template => $template,
backend => $backend,
+ aliases => $aliases,
}
if $certbot == true {
certbot::manage { $name:
+ aliases => $aliases,
pre_hook => '/usr/sbin/service nginx restart',
require => Nginx::Site::Config[$name],
}
}
nginx::site::config { "${name}-ssl":
- use_fqdn => $name,
- ensure => $ssl,
- source => $source,
- template => "${template}-ssl",
- backend => $backend,
- require => $certbot ? {
+ server_name => $name,
+ ensure => $ssl,
+ source => $source,
+ template => "${template}-ssl",
+ backend => $backend,
+ aliases => $aliases,
+ require => $certbot ? {
true => Certbot::Manage[$name],
default => undef,
}
define nginx::site::config(
- $use_fqdn = $name,
- $ensure = present,
- $source = 'template',
- $template = 'site',
- $backend = 'weblocal',
+ $server_name = $name,
+ $ensure = present,
+ $source = 'template',
+ $template = 'site',
+ $backend = 'weblocal',
+ $aliases = "*.${name}",
){
case $source {
'file': {
server {
listen 443;
- server_name *.<%= @use_fqdn %> <%= @use_fqdn %>;
+ server_name <%= @server_name %> <%= @aliases %>;
ssl on;
- ssl_certificate /etc/letsencrypt/live/<%= @use_fqdn %>/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/<%= @use_fqdn %>/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/<%= @server_name %>/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/<%= @server_name %>/privkey.pem;
# enable HSTS header
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
server {
- listen 80;
- server_name *.<%= @use_fqdn %> <%= @use_fqdn %>;
+ listen 80;
+ server_name <%= @server_name %> <%= @aliases %>;
location /.well-known/acme-challenge {
- root /var/spool/certbot/<%= @use_fqdn %>;
+ root /var/spool/certbot/<%= @server_name %>;
}
location / {
projects / puppet-nginx.git / commitdiff