diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-10-14 19:09:45 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-10-14 19:09:45 -0400 |
commit | d82a2f3b46d8320523b383249e3eda307ed13e14 (patch) | |
tree | eb1570af5e0ee5c4b20eeb3f4292168b81e7056b /modules/nginx | |
parent | e3d4e2e7bf93356fafaff2398cec60d65d6b3873 (diff) | |
download | puppet-tozt-d82a2f3b46d8320523b383249e3eda307ed13e14.tar.gz puppet-tozt-d82a2f3b46d8320523b383249e3eda307ed13e14.zip |
use a hardcoded dhparam.pem
it doesn't need to be secret, and generating a 4096-bit dhparam takes
quite a long time (long enough to make initial server provisioning
annoyingly long)
Diffstat (limited to 'modules/nginx')
-rw-r--r-- | modules/nginx/files/dhparam.pem | 13 | ||||
-rw-r--r-- | modules/nginx/manifests/config.pp | 9 |
2 files changed, 15 insertions, 7 deletions
diff --git a/modules/nginx/files/dhparam.pem b/modules/nginx/files/dhparam.pem new file mode 100644 index 0000000..4aa2270 --- /dev/null +++ b/modules/nginx/files/dhparam.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEA2Ch/tJWN/Hm/Go2T9Ok542zBAJJxmrIn8ghj/etM1uVQ8viqqDy/ +2RRswFeVJE8S5tf7W7+rPWVp1NzK7Fbxn1eb0r/MdnwgCkzBK2YcbQ6skZZz7lyd +SXXac4YrdkaG60Bm2WtmHs73pptbxBTkt55yAdTyhm8fvVZewAn2a8GRgn/X9Nb6 +YcpbLa6yh0TA1YP/CckMN5yxI761IXpKXuDMMz/PjI9xK2NSXRCgknrHa71w7E9U +x86EyeA8VB2baZ2ct0KlaK5MaFPLSSCPBQYxigCvH6apH+U9pho4YSdZL3wLjtzO +mN7Z8FdhPr2P/Dk0HI4Y2LzJiAQoU2t7zMrGb4y/27zFrApUed6q1lbvJW46g+o0 +zy3fe1nwZ9Ibq0TA6FH0S+FRrSYrJEN1vqosoGJjLJteyddqLV8d6XRhrZaCJmWq +itlqbYlnbK+rlxlJyuDC6wLMTxa/zYMvYSM0Ez8KKDLh3GNMqiEbccCuS77gvPKP +hj4Gy0jslUSYSjJebot+wIQsGmAnL5CozEXdGMVahoqZWcqRRGsoVM/3vZ53uLgL +Cs027wnvkeAnX1sxV/KnrovpVPISkQvG0awCZkjroKMRq33fgymvvvcHo7pGcef+ +7S0XsFBit8LrBT1XGx3VknC8XZ6hAACY1FDMth2J4dx8kqVnd2PH1dMCAQI= +-----END DH PARAMETERS----- diff --git a/modules/nginx/manifests/config.pp b/modules/nginx/manifests/config.pp index 4987851..8a95edd 100644 --- a/modules/nginx/manifests/config.pp +++ b/modules/nginx/manifests/config.pp @@ -12,12 +12,7 @@ class nginx::config { source => 'puppet:///modules/nginx/mime.types.paste'; "/etc/nginx/nginx.conf": source => 'puppet:///modules/nginx/nginx.conf'; - } - - exec { 'openssl dhparam -out /etc/nginx/dhparam.pem 4096': - path => '/usr/bin', - creates => '/etc/nginx/dhparam.pem', - timeout => 3600, - require => Class["haveged"]; + "/etc/nginx/dhparam.pem": + source => 'puppet:///modules/nginx/dhparam.pem'; } } |