Commit ce2f1c28 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Adapt IP certificate to new directory structure

parent fa8a4f73
...@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b ...@@ -22,7 +22,7 @@ md5sum = c801b7f9f11f0965677c22e6bbe9281b
[template-apache-frontend] [template-apache-frontend]
filename = instance-apache-frontend.cfg.in filename = instance-apache-frontend.cfg.in
md5sum = 87558ff8adfebac0e53ebc797b5cdffa md5sum = ef1a1b0c1f2466ff81b8d19c212187cf
[template-apache-replicate] [template-apache-replicate]
filename = instance-apache-replicate.cfg.in filename = instance-apache-replicate.cfg.in
......
...@@ -117,21 +117,21 @@ recipe = plone.recipe.command ...@@ -117,21 +117,21 @@ recipe = plone.recipe.command
update-command = ${:command} update-command = ${:command}
ipv6 = ${slap-network-information:global-ipv6} ipv6 = ${slap-network-information:global-ipv6}
ipv4 = {{instance_parameter['ipv4-random']}} ipv4 = {{instance_parameter['ipv4-random']}}
key = ${caddy-directory:vh-ssl}/ip-access-${:ipv6}-${:ipv4}.key key = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.key
certificate = ${caddy-directory:vh-ssl}/ip-access-${:ipv6}-${:ipv4}.crt certificate = ${caddy-directory:master-autocert-dir}/ip-access-${:ipv6}-${:ipv4}.crt
stop-on-error = True stop-on-error = True
command = command =
[ -f ${:key} ] && [ -f ${:certificate} ] && exit 0 [ -f ${:key} ] && [ -f ${:certificate} ] && exit 0
rm -f ${:key} ${:certificate} rm -f ${:key} ${:certificate}
/bin/bash -c ' \ /bin/bash -c ' \
{{ parameter_dict['openssl'] }}/bin/openssl req \ {{ parameter_dict['openssl'] }} req \
-new -newkey rsa:2048 -sha256 \ -new -newkey rsa:2048 -sha256 \
-nodes -x509 -days 36500 \ -nodes -x509 -days 36500 \
-keyout ${:key} \ -keyout ${:key} \
-subj "/CN=Self Signed IP Access" \ -subj "/CN=Self Signed IP Access" \
-reqexts SAN \ -reqexts SAN \
-extensions SAN \ -extensions SAN \
-config <(cat {{ parameter_dict['openssl'] }}/etc/ssl/openssl.cnf \ -config <(cat {{ parameter_dict['openssl_cnf'] }} \
<(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \ <(printf "\n[SAN]\nsubjectAltName=IP:${:ipv6},IP:${:ipv4}")) \
-out ${:certificate}' -out ${:certificate}'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment