paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-28 10:33:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

puppet: Only fix certbot certificates if https is enabled.

Browse Source 
This is a reprise of c97162e485, but for the case where certbot
certs are no longer in use by way of enabling `http_only` and letting
another server handle TLS termination.

Fixes: #22034.
This commit is contained in:
Alex Vandiver
2022-05-10 15:25:23 -07:00
parent 029b72c496
commit 345939dc64
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
puppet/zulip/manifests/profile/app_frontend.pp
View File

@@ -60,6 +60,7 @@ class zulip::profile::app_frontend {
source => 'puppet:///modules/zulip/letsencrypt/nginx-deploy-hook.sh', source => 'puppet:///modules/zulip/letsencrypt/nginx-deploy-hook.sh',
require => Package[certbot], require => Package[certbot],
} }
if ! $nginx_http_only {
exec { 'fix-standalone-certbot': exec { 'fix-standalone-certbot':
onlyif => @(EOT), onlyif => @(EOT),
test -L /etc/ssl/certs/zulip.combined-chain.crt && test -L /etc/ssl/certs/zulip.combined-chain.crt &&
@@ -69,6 +70,7 @@ class zulip::profile::app_frontend {
| EOT | EOT
command => "${::zulip_scripts_path}/lib/fix-standalone-certbot", command => "${::zulip_scripts_path}/lib/fix-standalone-certbot",
} }
}
# Restart the server regularly to avoid potential memory leak problems. # Restart the server regularly to avoid potential memory leak problems.
file { '/etc/cron.d/restart-zulip': file { '/etc/cron.d/restart-zulip':