# limitations under the License.
#
+require "ipaddr"
+
certificate = node[:tilecache][:ssl][:certificate]
node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ certificate ]
action [ :delete ]
end
+resolvers = node[:networking][:nameservers].map do |resolver|
+ IPAddr.new(resolver).ipv6? ? "[#{resolver}]" : "#{resolver}"
+end
+
nginx_site "tile-ssl" do
template "nginx_tile_ssl.conf.erb"
- variables :certificate => certificate
+ variables :certificate => certificate, :resolvers => resolvers
end
service "nginx-certificate-restart" do
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 15m;
ssl_stapling on;
- resolver <%= node[:networking][:nameservers].join(" ") %>;
+ resolver <%= @resolvers.join(" ") %>;
location / { proxy_pass http://127.0.0.1; proxy_set_header X-Forwarded-For $remote_addr; }
-
}
projects / chef.git / commitdiff