opuppet/module-nginx
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Fix SSL cert and key permissions

Browse source 
It is bad practice to use 644 on a private key so we
have migrated the key mode to 0400. The cert is already
avaliable publicly through nginx so we have allowed it
0444.

Nothing should need to write either the cert of the key
after puppet has run, so we have denied any writing.
This commit is contained in:
Tom Booth 2013-08-21 16:29:31 +01:00
parent 304c12974e
commit d149c43936
1 changed files with 4 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
manifests/resource/vhost.pp
View file

@ -213,11 +213,13 @@ define nginx::resource::vhost (
# Check if the file has been defined before creating the file to
# avoid the error when using wildcard cert on the multiple vhosts
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.crt", {
mode => '0644',
owner => $nginx::params::nx_daemon_user,
mode => '0444',
source => $ssl_cert,
})
ensure_resource('file', "${nginx::params::nx_conf_dir}/${cert}.key", {
mode => '0644',
owner => $nginx::params::nx_daemon_user,
mode => '0400',
source => $ssl_key,
})
}