action :run
end
-nginx_site "tile-ssl" do
- template "nginx_tile_ssl.conf.erb"
- variables :certificate => certificate, :resolvers => resolvers, :caches => tilecaches
+ssl_certificate "tile.openstreetmap.org" do
+ domains ["tile.openstreetmap.org",
+ "a.tile.openstreetmap.org",
+ "b.tile.openstreetmap.org",
+ "c.tile.openstreetmap.org"]
+ fallback_certificate "tile.openstreetmap"
+ notifies :restart, "service[nginx]"
end
-service "nginx-certificate-restart" do
- service_name "nginx"
- action :nothing
- subscribes :restart, "cookbook_file[/etc/ssl/certs/rapidssl.pem]"
- subscribes :restart, "file[/etc/ssl/certs/#{certificate}.pem]"
- subscribes :restart, "file[/etc/ssl/private/#{certificate}.key]"
+nginx_site "tile-ssl" do
+ template "nginx_tile_ssl.conf.erb"
+ variables :resolvers => resolvers, :caches => tilecaches
end
template "/etc/logrotate.d/nginx" do
proxy_buffers 8 64k;
- ssl_certificate /etc/ssl/certs/<%= @certificate %>.pem;
- ssl_certificate_key /etc/ssl/private/<%= @certificate %>.key;
+ ssl_certificate /etc/ssl/certs/tile.openstreetmap.org.pem;
+ ssl_certificate_key /etc/ssl/private/tile.openstreetmap.org.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers <%= node[:ssl][:ciphers] -%>;