put chain CA cert in copr-be as well

2014-04-01 13:45:58 +00:00 · 2014-04-01 13:45:58 +00:00 · 51d3376a86
commit 51d3376a86
parent aa38d2bfc0
2 changed files with 8 additions and 1 deletions
--- a/files/copr/lighttpd/lighttpd.conf
+++ b/files/copr/lighttpd/lighttpd.conf
@ -449,7 +449,7 @@ server.upload-dirs = ( "/var/tmp" )
 $SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem"
-  ssl.ca-file = "/etc/lighttpd/copr-be.fedoraproject.org.crt"
+  ssl.ca-file = "/etc/lighttpd/DigiCertCA.crt"
  ssl.disable-client-renegotiation = "enable"
  ssl.cipher-list             = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
 }
--- a/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
+++ b/playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
@ -114,6 +114,13 @@
    tags:
    - config 

+  - name: copy httpd ssl certificates (CAcert)
+    action: copy src="{{ files }}/copr/DigiCertCA.crt" dest="/etc/lighttpd/" owner=root group=root mode=0600
+    tags:
+    - config
+    notify:
+    - restart lighttpd
+
  # mime default to text/plain and enable dirlisting for indexes
  - name: update lighttpd configs
    action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644