From e38116fc0b2a58917b73627037c1940df3cd51ea Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Mon, 6 May 2024 15:11:52 +0200 Subject: [PATCH 1/3] attempt at adding ssl support to monit formula --- monit/files/monitrc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/monit/files/monitrc b/monit/files/monitrc index ac16b7b..00196b1 100644 --- a/monit/files/monitrc +++ b/monit/files/monitrc @@ -8,5 +8,12 @@ set httpd port {{ http_access.port }} and {%- for userdata in http_access.allowed.users %} allow {{ userdata[0] }}:{{ userdata[1] }} {%- endfor %} +{%- if http_access.ssl is defined %} + with ssl { +{%- for k,v in http_access.ssl -%} + {{ k }}: {{ v }} +{%- endfor -%} + } +{%- endif %} include {{ config_includes }}/* From 0d2df131803c132ece24737abfa3cd4515a8d284 Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Mon, 6 May 2024 16:06:39 +0200 Subject: [PATCH 2/3] get ssl support in a working state --- monit/files/monitrc | 21 ++++++++++++--------- pillar.example | 3 +++ 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/monit/files/monitrc b/monit/files/monitrc index 00196b1..7aa2e57 100644 --- a/monit/files/monitrc +++ b/monit/files/monitrc @@ -1,19 +1,22 @@ set daemon {{ daemon_check }} -set httpd port {{ http_access.port }} and - use address {{ http_access.bind }} +set httpd + port {{ http_access.port }} +{%- if http_access.ssl is defined %} + with ssl { +{%- for k,v in http_access.ssl.items() %} + {{ k }}: {{ v }} +{%- endfor %} + } +{%- endif %} + and + use address {{ http_access.bind }} {%- for host in http_access.allowed.hosts %} allow {{ host }} {%- endfor %} {%- for userdata in http_access.allowed.users %} allow {{ userdata[0] }}:{{ userdata[1] }} {%- endfor %} -{%- if http_access.ssl is defined %} - with ssl { -{%- for k,v in http_access.ssl -%} - {{ k }}: {{ v }} -{%- endfor -%} - } -{%- endif %} + include {{ config_includes }}/* diff --git a/pillar.example b/pillar.example index 9e4049f..bb2d547 100644 --- a/pillar.example +++ b/pillar.example @@ -13,6 +13,9 @@ monit: http_access: port: 2812 bind: 127.0.0.1 + ssl: + pemchain: /etc/monit/chain.pem + pemkey: /etc/monit/key.pem allowed: users: - ['user1', 'pass1'] From aafa3fbaf1ada9c17cc8a2fb8298d384d1492a57 Mon Sep 17 00:00:00 2001 From: Thomas Thorburn Date: Tue, 7 May 2024 17:29:57 +0200 Subject: [PATCH 3/3] ensure that monitrc has no changes if ssl is not defined --- monit/files/monitrc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/monit/files/monitrc b/monit/files/monitrc index 7aa2e57..30c01a1 100644 --- a/monit/files/monitrc +++ b/monit/files/monitrc @@ -1,16 +1,17 @@ set daemon {{ daemon_check }} -set httpd - port {{ http_access.port }} -{%- if http_access.ssl is defined %} +{% if http_access.ssl is defined %} +set httpd port {{ http_access.port }} with ssl { {%- for k,v in http_access.ssl.items() %} {{ k }}: {{ v }} {%- endfor %} } -{%- endif %} - and - use address {{ http_access.bind }} + use address {{ http_access.bind }} +{%- else -%} +set httpd port {{ http_access.port }} and + use address {{ http_access.bind }} +{%- endif -%} {%- for host in http_access.allowed.hosts %} allow {{ host }} {%- endfor %} @@ -18,5 +19,4 @@ set httpd allow {{ userdata[0] }}:{{ userdata[1] }} {%- endfor %} - include {{ config_includes }}/*