From 09e86f797624a3b8356089d6e79c2debaa6b8055 Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Tue, 15 Apr 2014 10:58:30 +0100
Subject: [PATCH] tilecache: restart nginx on certificate change

---
 cookbooks/tilecache/attributes/default.rb            |  2 ++
 cookbooks/tilecache/recipes/default.rb               | 12 +++++++++++-
 .../templates/default/nginx_tile_ssl.conf.erb        |  4 ++--
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/cookbooks/tilecache/attributes/default.rb b/cookbooks/tilecache/attributes/default.rb
index e91bd9617..be6944bdc 100644
--- a/cookbooks/tilecache/attributes/default.rb
+++ b/cookbooks/tilecache/attributes/default.rb
@@ -11,3 +11,5 @@ default[:tilecache][:net_bucket_refill] = "32768"
 #Per Class C bucket size
 default[:tilecache][:net_bucket_size] = "33554432"
 
+default[:tilecache][:ssl][:certificate] = "tile.openstreetmap"
+
diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb
index 13f752cd1..4711428a2 100644
--- a/cookbooks/tilecache/recipes/default.rb
+++ b/cookbooks/tilecache/recipes/default.rb
@@ -17,7 +17,8 @@
 # limitations under the License.
 #
 
-node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ "tile.openstreetmap" ]
+certificate = node[:tilecache][:ssl][:certificate]
+node.default[:ssl][:certificates] = node[:ssl][:certificates] | [ certificate ]
 
 include_recipe "ssl"
 include_recipe "squid"
@@ -78,6 +79,15 @@ end
 
 nginx_site "tile-ssl" do
   template "nginx_tile_ssl.conf.erb"
+  variables :certificate => certificate
+end
+
+service "nginx-certificate-restart" do
+  service_name "nginx"
+  action :nothing
+  subscribes :restart, "cookbook_file[/etc/ssl/certs/rapidssl.pem]"
+  subscribes :restart, "cookbook_file[/etc/ssl/certs/#{certificate}.pem]"
+  subscribes :restart, "file[/etc/ssl/private/#{certificate}.key]"
 end
 
 tilerenders.each do |render|
diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index 284b3dfd5..180123245 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -2,8 +2,8 @@ server {
     listen       443 ssl;
     server_name  localhost;
 
-    ssl_certificate      /etc/ssl/certs/tile.openstreetmap.pem;
-    ssl_certificate_key  /etc/ssl/private/tile.openstreetmap.key;
+    ssl_certificate      /etc/ssl/certs/<%= @certificate %>.pem;
+    ssl_certificate_key  /etc/ssl/private/<%= @certificate %>.key;
 
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3;
     ssl_ciphers aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5;
-- 
2.43.2