Uses snakeoil cert for default 403 site

diff --git a/manifests/init.pp b/manifests/init.pp
index 23f42141f75e6456310b18d77b66919ae419b9f5..ef98597dd7076c78d42b466d5d69573797a48d2a 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -22,7 +22,6 @@ class nginx inherits nginx::base {
   # Default site
   nginx::site { "default":
     ensure   => present,
-    ssl      => absent,
     source   => 'template',
     template => 'default',
     certbot  => false,

diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 899f4ffa63973229e8cc9fe87d60a8039e831c55..8dc3407dbdadb57f1386ad76328a8349c8c4b004 100644 (file)
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -2,6 +2,7 @@ class nginx::ssl(
   $session_timeout = '5m'
 ) {
   include ssl
+  include ssl::snakeoil
 
   class { 'certbot':
     pre_hook  => '/usr/sbin/service nginx stop',

diff --git a/templates/default-ssl.erb b/templates/default-ssl.erb
index 7a0e58fb0583c5d4e7c71f0aefd5e84ab0b23f4d..44134611a7d33fd42718bd0bd0e1311a28fd6aaf 100644 (file)
--- a/templates/default-ssl.erb
+++ b/templates/default-ssl.erb
@@ -2,7 +2,7 @@ server {
   listen              443 default_server;
   server_name         _;
   ssl                 on;
-  ssl_certificate     /etc/ssl/certs/example.org.crt;
-  ssl_certificate_key /etc/ssl/private/example.org.pem;
+  ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
+  ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
   return              403;
 }