$hidden_service = false,
$custom_directives = false,
$allow_override = false,
- $hosting_domain = hiera('apache::site::domain', $::domain)
-
+ $hosting_domain = hiera('apache::site::domain', $::domain),
+ $certbot = false,
) {
$vhost = $filename ? {
'' => "${name}",
custom_directives => $custom_directives,
allow_override => $allow_override,
hosting_domain => $hosting_domain,
+ certbot => $certbot,
}
# Enable or disable accordingly
owner => $owner,
group => $group,
vhost => $vhost,
+ require => Apache::Site::Config[$name],
+ }
+
+ if $certbot == true {
+ certbot::manage { $name:
+ pre_hook => '/usr/sbin/service apache2 reload',
+ require => Apache::Site::Manage[$name],
+ }
}
}
AllowOverride <%= @allow_override %>
</Directory>
<% end -%>
+<% if @certbot != false -%>
+ # Add Alias For Lets Encrypt WebRoot Authentication Using ACME
+ # See https://ubuntu101.co.za/ssl/postfix-and-dovecot-on-ubuntu-with-a-lets-encrypt-ssl-certificate/
+ AliasMatch ^/.well-known/acme-challenge/(.*)$ /var/spool/certbot/<%= @name %>/.well-known/acme-challenge/$1
+ Alias /.well-known/acme-challenge/ /var/spool/certbot/<%= @name %>/.well-known/acme-challenge/
+ <Directory "/var/spool/certbot/<%= @name %>/.well-known/acme-challenge/">
+ Options None
+ AllowOverride None
+ ForceType text/plain
+ RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
+ </Directory>
+<% end -%>
</VirtualHost>
# end vhost for <%= @title %>
<% if @ssl == true %>
projects / puppet-apache.git / commitdiff