projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
move incoming smtp to port 2025 on smit.d.o
[mirror/dsa-puppet.git]
/
modules
/
apache2
/
templates
/
ssl-key-pins.erb
diff --git
a/modules/apache2/templates/ssl-key-pins.erb
b/modules/apache2/templates/ssl-key-pins.erb
index
f79cfff
..
0b4b162
100644
(file)
--- a/
modules/apache2/templates/ssl-key-pins.erb
+++ b/
modules/apache2/templates/ssl-key-pins.erb
@@
-6,7
+6,7
@@
<IfModule mod_macro.c>
<%=
<IfModule mod_macro.c>
<%=
- $cert_dir_le =
'/srv/puppet.debian.org/from-letsencrypt'
+ $cert_dir_le =
scope().call_function('hiera', ['paths.letsencrypt_dir'])
$cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
def make_pin_macro(site)
$cert_dir_backup = '/srv/puppet.debian.org/backup-keys'
def make_pin_macro(site)
@@
-23,7
+23,8
@@
res << "<Macro http-pkp-#{site}>"
if pin_info.size >= 2 then
pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
res << "<Macro http-pkp-#{site}>"
if pin_info.size >= 2 then
pin_info = pin_info.map{ |x| x.gsub('"', '\"') }
- pin_info << "max-age=10800"
+ # 60 days
+ pin_info << "max-age=5184000"
pin_str = pin_info.join("; ")
res << " Header always set Public-Key-Pins \"#{pin_str}\""
else
pin_str = pin_info.join("; ")
res << " Header always set Public-Key-Pins \"#{pin_str}\""
else
@@
-37,7
+38,7
@@
end
macros = []
end
macros = []
- Dir.glob("#{$cert_dir_le}/*.pin") do |pinfile|
+ Dir.glob("#{$cert_dir_le}/*.pin")
.sort.each
do |pinfile|
site = File.basename(pinfile, '.pin')
macros << make_pin_macro(site)
end
site = File.basename(pinfile, '.pin')
macros << make_pin_macro(site)
end