我在Vagrant VM中开发Puppet清单。 我想configuration一个SSL终止的networking服务器,但显然,当节点只在我的笔记本电脑上运行时,我们的encryptionvalidation将失败。
有没有一种很好的方式来configurationPuppet使用真正的Let's Encrypt只在真实的服务器上,并在开发环境中生成一个自签名证书? Let's Encrypt服务器可能使用自签名CA授予所有请求的假实现?
我在自己的Vagrant盒子上采取的一种方法是使用本地“snakeoil”证书,并在需要时参数化我的类,以便我可以传入不同的证书。
class custom::profile::apache( $vhost_domain = $::fqdn, $use_letsencrypt = true, ){ if $::custom::profile::apache::use_letsencrypt == true { $ssl_cert = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/cert.pem" $ssl_key = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/privkey.pem" $ssl_chain = "/etc/letsencrypt/live/${::custom::profile::apache::vhost_domain}/chain.pem" $require = Exec["letsencrypt certonly ${::fqdn}"] } else { $ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem' $ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key' $ssl_chain = undef $require = undef } include ::apache ::apache::vhost { "https-${::custom::profile::apache::vhost_domain}": ... ssl_cert => $ssl_cert, ssl_key => $ssl_key, ssl_chain => $ssl_chain, require => $require, } }