Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl_cert => 'puppet:///modules/sslkey/wildcard_mydomain.crt' doesn't work after upgrade #638

Closed
yarikdot opened this issue Jun 4, 2015 · 4 comments
Closed

ssl_cert => 'puppet:///modules/sslkey/wildcard_mydomain.crt' doesn't work after upgrade #638

yarikdot opened this issue Jun 4, 2015 · 4 comments

Comments

@yarikdot
Copy link

yarikdot commented Jun 4, 2015

We did upgrade to the latest version of your great plugin and unfortunately this construction stopped working:

nginx::resource::vhost { "${name}.${::domain} ${name}":
    ensure                => present,
    listen_port           => 443,
    www_root              => $tmp_www_root,
    proxy                 => $proxy,
    location_cfg_append   => $location_cfg_append,
    index_files           => [ 'index.php' ],
    ssl                   => true,
    ssl_cert              => 'puppet:///modules/sslkey/wildcard_mydomain.crt',
    ssl_key               => 'puppet:///modules/sslkey/wildcard_mydomain.key',
}

When applied the changes after module upgrade we see and of course nginx crashed:

-  ssl_certificate           /etc/nginx/myproject.crt;
-  ssl_certificate_key       /etc/nginx/myproject.key;
+  ssl_certificate           puppet:///modules/project_ssl/mydomain.tld/mydomain.tld.crt;
+  ssl_certificate_key       puppet:///modules/project_ssl/mydomain.tld/mydomain.tld.key;
@yarikdot yarikdot changed the title SSL cert/key from another module doesn't work anymore ssl_cert => 'puppet:///modules/sslkey/wildcard_mydomain.crt' doesn't work after upgrade Jun 4, 2015
@yarikdot
Copy link
Author

yarikdot commented Jun 4, 2015

It seems like that it was introduced in commit be4decd.

@3flex
Copy link
Contributor

3flex commented Jun 6, 2015

@yarikdot I'm sorry about that. This is one of the reasons we have removed any kind of SSL cert/key management from the module (because we don't know how everyone's doing it to start with). The module now requires any certificates, keys, and other SSL files to be copied in whatever manner the admin sees fit, and you then must specify the path to that file in the module.

In your case you will need a bit of boilerplate code that sits outside the module to copy the file from the server to the client.

There's a bit more about my rationale here: #599

@3flex 3flex closed this as completed Jun 6, 2015
@yarikdot
Copy link
Author

yarikdot commented Jul 2, 2015

Nothing to be sorry about. Evolution sometimes brings some victims. Would you mind updating the README file, section "Example puppet class calling nginx::vhost with HTTPS FastCGI and redirection of HTTP". The puppet:// is still there and it might be confusing for somebody.

3flex added a commit that referenced this issue Jul 3, 2015
@3flex
readme: fix example to reflect SSL key management changes
c1563a7 
Thanks @yarikdot

#638 (comment)
@benpriestman
Copy link

This one got me, too. Fair enough as a change, but should surely have been marked as a breaking change?

cegeka-jenkins pushed a commit to cegeka/puppet-nginx that referenced this issue Oct 23, 2017
@3flex
readme: fix example to reflect SSL key management changes
91c75ed 
Thanks @yarikdot

voxpupuli#638 (comment)
slm0n87 pushed a commit to slm0n87/puppet-nginx that referenced this issue Mar 7, 2019
@3flex
readme: fix example to reflect SSL key management changes
95a7ad9 
Thanks @yarikdot

voxpupuli#638 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@3flex @benpriestman @yarikdot