summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Apache.hs
diff options
context:
space:
mode:
authorJoey Hess2016-02-07 21:57:35 -0400
committerJoey Hess2016-02-07 21:57:35 -0400
commitefbb3d0e126721e0f9487f194379806c37f1988e (patch)
treee962074d99210e22135dc4b19cdd2ae426f0248b /src/Propellor/Property/Apache.hs
parentc405edad6200319c35e2ac6a0ea7b83039c3835a (diff)
rethought how letsencrypt cert change is handled
Simply use onChange to let any other property by run after letsencrypt gets/renews the cert. Much simpler and allows for revertable properties too!
Diffstat (limited to 'src/Propellor/Property/Apache.hs')
-rw-r--r--src/Propellor/Property/Apache.hs21
1 files changed, 10 insertions, 11 deletions
diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs
index c2c32a3b..d0bcadfa 100644
--- a/src/Propellor/Property/Apache.hs
+++ b/src/Propellor/Property/Apache.hs
@@ -161,12 +161,12 @@ httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos [
-- | Like `httpsVirtualHost` but with additional config lines added.
httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo
-httpsVirtualHost' domain docroot letos addedcfg = setup
+httpsVirtualHost' domain docroot letos addedcfg = setuphttp
`requires` modEnabled "rewrite"
`requires` modEnabled "ssl"
- `before` LetsEncrypt.letsEncrypt letos domain docroot certinstaller
+ `before` setuphttps
where
- setup = siteEnabled' domain $
+ setuphttp = siteEnabled' domain $
-- The sslconffile is only created after letsencrypt gets
-- the cert. The "*" is needed to make apache not error
-- when the file doesn't exist.
@@ -179,22 +179,21 @@ httpsVirtualHost' domain docroot letos addedcfg = setup
-- Everything else redirects to https
, "RewriteRule ^/(.*) https://" ++ domain ++ "/$1 [L,R,NE]"
]
- certinstaller :: LetsEncrypt.CertInstaller
- certinstaller newcert _domain certfile privkeyfile chainfile _fullchainfile =
- combineProperties (domain ++ " ssl cert installed")
+ setuphttps = LetsEncrypt.letsEncrypt letos domain docroot
+ `onChange` combineProperties (domain ++ " ssl cert installed")
[ File.dirExists (takeDirectory cf)
, File.hasContent cf sslvhost
`onChange` reloaded
- -- always reload when the cert has changed
- , check (return newcert :: IO Bool) reloaded
+ -- always reload since the cert has changed
+ , reloaded
]
where
cf = sslconffile "letsencrypt"
sslvhost = vhost (Port 443)
[ "SSLEngine on"
- , "SSLCertificateFile " ++ certfile
- , "SSLCertificateKeyFile " ++ privkeyfile
- , "SSLCertificateChainFile " ++ chainfile
+ , "SSLCertificateFile " ++ LetsEncrypt.certFile domain
+ , "SSLCertificateKeyFile " ++ LetsEncrypt.privKeyFile domain
+ , "SSLCertificateChainFile " ++ LetsEncrypt.chainFile domain
]
sslconffile s = "/etc/apache2/sites-available/ssl/" ++ domain ++ "/" ++ s ++ ".conf"
vhost (Port p) ls =