Permalink
Browse files

fixed ubuntu recipe: hetzner apt reps are now usable

  • Loading branch information...
1 parent 485b2e4 commit b92160c16ca928d6278852c0ef7b079b6f16761f Michael Schiller committed Jul 10, 2012
@@ -16,6 +16,12 @@ server {
server {
<% @listen_ports.each do |port| -%>
listen <%= port %>;
+
+ <% if port.to_s == '443' %>
+ ssl on;
+ ssl_certificate /etc/nginx/cert/jenkins_cert.pem;
+ ssl_certificate_key /etc/nginx/cert/jenkins_cert.key;
+ <% end -%>
<% end -%>
server_name <%= @host_name %><% @host_aliases.each do |a| %><%= " #{a}" %> <% end %>;
@@ -36,6 +36,35 @@
source 'iptables/drop_and_logging.erb'
end
+# ssl
+directory "#{node[:nginx][:dir]}/cert" do
+ owner "root"
+ group "root"
+ mode "0755"
+ action :create
+end
+node[:certificates].each do |cert|
+ name = cert[:name]
+
+ #With Startssl and Nginx:
+ #ssl on;
+ #ssl_certificate /etc/nginx/ssl/ssl.crt;
+ #ssl_certificate_key /etc/nginx/ssl/blog.key;
+ #
+ #Nginx doesn’t do SSL certificate chaining like Apache2 does. In order to get the ca.pem and sub.class1.server.ca.pem onto your install just append the two files to your certificate file.
+ #openssl rsa -in ssl.key -out /etc/nginx/conf/ssl.key
+ #curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>ssl.crt
+ #curl http://www.startssl.com/certs/ca.pem >>ssl.crt
+
+ cert[:files].each do |key, value|
+ user "root"
+ group "root"
+ template "#{node[:nginx][:dir]}/cert/#{name}_cert.#{key}" do
+ source value
+ end
+ end
+end if node[:certificates]
+
require_recipe "nginx::source"
require_recipe "unicorn"
require_recipe "memcached"
@@ -64,6 +93,7 @@
node[:jenkins][:http_proxy][:host_name] = "jenkins.#{node.application.domain}"
node[:jenkins][:http_proxy][:variant] = 'nginx'
+#node[:jenkins][:http_proxy][:listen_ports] = [ 443 ]
require_recipe "jenkins"
%w(xvfb).each do |pkg|
@@ -81,32 +111,3 @@
node[:tz] = 'Europe/Berlin'
require_recipe "timezone"
-
-# ssl
-directory "#{node[:nginx][:dir]}/cert" do
- owner "root"
- group "root"
- mode "0755"
- action :create
-end
-node[:certificates].each do |cert|
- name = cert[:name]
-
- #With Startssl and Nginx:
- #ssl on;
- #ssl_certificate /etc/nginx/ssl/ssl.crt;
- #ssl_certificate_key /etc/nginx/ssl/blog.key;
- #
- #Nginx doesn’t do SSL certificate chaining like Apache2 does. In order to get the ca.pem and sub.class1.server.ca.pem onto your install just append the two files to your certificate file.
- #openssl rsa -in ssl.key -out /etc/nginx/conf/ssl.key
- #curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>ssl.crt
- #curl http://www.startssl.com/certs/ca.pem >>ssl.crt
-
- cert[:files].each do |key, value|
- user "root"
- group "root"
- template "#{node[:nginx][:dir]}/cert/#{name}_cert.#{key}" do
- source value
- end
- end
-end if node[:certificates]
@@ -19,6 +19,6 @@
case platform
when "ubuntu"
- set[:ubuntu][:archive_url] = "http://us.archive.ubuntu.com/ubuntu"
- set[:ubuntu][:security_url] = "http://security.ubuntu.com/ubuntu"
+ default[:ubuntu][:archive_url] = "http://de.archive.ubuntu.com/ubuntu"
+ default[:ubuntu][:security_url] = "http://security.ubuntu.com/ubuntu"
end
@@ -3,13 +3,9 @@
#
deb <%= node['ubuntu']['archive_url'] %> <%= @code_name %> main restricted universe multiverse
-deb-src <%= node['ubuntu']['archive_url'] %> <%= @code_name %> main restricted universe multiverse
-
deb <%= node['ubuntu']['archive_url'] %> <%= @code_name %>-updates main restricted universe multiverse
-deb-src <%= node['ubuntu']['archive_url'] %> <%= @code_name %>-updates main restricted universe multiverse
#
# Security updates
#
deb <%= node['ubuntu']['security_url'] %> <%= @code_name %>-security main restricted universe multiverse
-deb-src <%= node['ubuntu']['security_url'] %> <%= @code_name %>-security main restricted universe multiverse

0 comments on commit b92160c

Please sign in to comment.