diff options
| author | Jesse Luehrs <doy@tozt.net> | 2018-10-14 19:09:45 -0400 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2018-10-14 19:09:45 -0400 |
| commit | d82a2f3b46d8320523b383249e3eda307ed13e14 (patch) | |
| tree | eb1570af5e0ee5c4b20eeb3f4292168b81e7056b /modules/nginx/manifests | |
| parent | e3d4e2e7bf93356fafaff2398cec60d65d6b3873 (diff) | |
| download | puppet-tozt-d82a2f3b46d8320523b383249e3eda307ed13e14.tar.gz puppet-tozt-d82a2f3b46d8320523b383249e3eda307ed13e14.zip | |
use a hardcoded dhparam.pem
it doesn't need to be secret, and generating a 4096-bit dhparam takes
quite a long time (long enough to make initial server provisioning
annoyingly long)
Diffstat (limited to 'modules/nginx/manifests')
| -rw-r--r-- | modules/nginx/manifests/config.pp | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/modules/nginx/manifests/config.pp b/modules/nginx/manifests/config.pp index 4987851..8a95edd 100644 --- a/modules/nginx/manifests/config.pp +++ b/modules/nginx/manifests/config.pp @@ -12,12 +12,7 @@ class nginx::config { source => 'puppet:///modules/nginx/mime.types.paste'; "/etc/nginx/nginx.conf": source => 'puppet:///modules/nginx/nginx.conf'; - } - - exec { 'openssl dhparam -out /etc/nginx/dhparam.pem 4096': - path => '/usr/bin', - creates => '/etc/nginx/dhparam.pem', - timeout => 3600, - require => Class["haveged"]; + "/etc/nginx/dhparam.pem": + source => 'puppet:///modules/nginx/dhparam.pem'; } } |