Bump to v0.3.5

+# 0.3.5
+
+Include the openssl cookbook. Generating a dhparam file for
+each nginx virtual host is superfluous.
+
 # 0.3.4
 # 0.3.4
 
 
 Fix a typo in an nginx template
 Fix a typo in an nginx template

@@ -24,6 +24,12 @@ Ubuntu 14.04
     <td><tt>''</tt></td>
     <td><tt>''</tt></td>
   </tr>
   </tr>
   <tr>
   <tr>
+    <td><tt>['cfe-nginx-php-fpm']['openssl']['dh_modulus']</tt></td>
+    <td>Integer</td>
+    <td>Used if at least one virtual site uses TLS.</td>
+    <td><tt>4096</tt></td>
+  </tr>
+  <tr>
     <td><tt>['cfe-nginx-php-fpm']['nginx']['sites']</tt></td>
     <td><tt>['cfe-nginx-php-fpm']['nginx']['sites']</tt></td>
     <td>Array/Hash</td>
     <td>Array/Hash</td>
     <td>Values that define the virtual servers to be hosted by Nginx.</td>
     <td>Values that define the virtual servers to be hosted by Nginx.</td>

@@ -27,6 +27,8 @@ default['cfe-nginx-php-fpm']['postfix']['email_domain']  = 'example.com'
 # the default one ('www'), which is automatically installed by php-fpm
 # the default one ('www'), which is automatically installed by php-fpm
 default['cfe-nginx-php-fpm']['php-fpm']['delete_pool_www'] = true
 default['cfe-nginx-php-fpm']['php-fpm']['delete_pool_www'] = true
 
 
+default['cfe-nginx-php-fpm']['openssl']['dh_modulus'] = 4096
+
 # Uncomment to set custom locations
 # Uncomment to set custom locations
 #default['cfe-nginx-php-fpm']['nginx']['inc_dir'] =
 #default['cfe-nginx-php-fpm']['nginx']['inc_dir'] =
 #  "#{node['nginx']['dir']}/sites-available/include"
 #  "#{node['nginx']['dir']}/sites-available/include"
@@ -92,7 +94,6 @@ default['cfe-nginx-php-fpm']['nginx']['sites'] = [
     #
     #
     #  :self_signed     => false,
     #  :self_signed     => false,
     #  :cipher_suite    => 'medium', # or 'modern'
     #  :cipher_suite    => 'medium', # or 'modern'
-    #  :dh_modulus      => 4096,
     #  :hsts_max_age    => '15758000',
     #  :hsts_max_age    => '15758000',
     #  :hsts_subdomains => true
     #  :hsts_subdomains => true
     #},
     #},

@@ -4,9 +4,10 @@ maintainer_email 'sysadmin@chromedia.com'
 license          'Apache License'
 license          'Apache License'
 description      'Simplifies setup of Nginx+PHP-FPM in Chromedia.'
 description      'Simplifies setup of Nginx+PHP-FPM in Chromedia.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '0.3.4'
+version          '0.3.5'
 
 
 {
 {
+  'openssl' => '4.4.0',
   'php-fpm' => '0.7.5',
   'php-fpm' => '0.7.5',
   'mariadb' => '0.3.1',
   'mariadb' => '0.3.1',
   'postfix' => '3.6.2',
   'postfix' => '3.6.2',

@@ -18,9 +18,13 @@
 # limitations under the License.
 # limitations under the License.
 #
 #
 
 
+include_recipe 'openssl::upgrade'
+
+cb = 'cfe-nginx-php-fpm'
+
 # Create necessary directories
 # Create necessary directories
-inc_dir  = node['cfe-nginx-php-fpm']['nginx']['inc_dir']
-priv_dir = node['cfe-nginx-php-fpm']['nginx']['priv_dir']
+inc_dir  = node[cb]['nginx']['inc_dir']
+priv_dir = node[cb]['nginx']['priv_dir']
 
 
 [ inc_dir, priv_dir ].each do |ndir|
 [ inc_dir, priv_dir ].each do |ndir|
   directory ndir do
   directory ndir do
@@ -29,9 +33,18 @@ priv_dir = node['cfe-nginx-php-fpm']['nginx']['priv_dir']
 end
 end
 
 
 # Generate config files for each virtual server.
 # Generate config files for each virtual server.
-catch_all_def_false = node['cfe-nginx-php-fpm']['nginx']['sites'].length > 1
+catch_all_def_false = node[cb]['nginx']['sites'].length > 1
+
+# If at least one site is using TLS, configure a high modulus DH param
+path_dhparam = "#{priv_dir}/dhparam.pem"
+if node[cb]['nginx']['sites'].any? { |site| site[:ssl] }
+  openssl_dhparam path_dhparam do
+    key_length node[cb]['openssl']['dh_modulus']
+    generator  2
+  end
+end
 
 
-node['cfe-nginx-php-fpm']['nginx']['sites'].each do |site|
+node[cb]['nginx']['sites'].each do |site|
 
 
   if site.is_a?(Array)
   if site.is_a?(Array)
     site_sname = site[0]
     site_sname = site[0]
@@ -41,12 +54,12 @@ node['cfe-nginx-php-fpm']['nginx']['sites'].each do |site|
   end
   end
 
 
   # Assign default values to attributes
   # Assign default values to attributes
-  site_index    = site[:index] || nil
+  site_index    = site[:index]
   site_aliases  = site[:aliases] || []
   site_aliases  = site[:aliases] || []
-  site_doc_root = site[:doc_root] || nil
-  site_alo      = site[:access_log_options] || nil
-  site_ssl      = site[:ssl] || nil
-  site_auth     = site[:auth] || nil
+  site_doc_root = site[:doc_root]
+  site_alo      = site[:access_log_options]
+  site_ssl      = site[:ssl]
+  site_auth     = site[:auth]
   site_ins      = site[:init_statements] || []
   site_ins      = site[:init_statements] || []
   site_ss1      = site[:server_statements_1] || []
   site_ss1      = site[:server_statements_1] || []
   site_ss2      = site[:server_statements_2] || []
   site_ss2      = site[:server_statements_2] || []
@@ -66,7 +79,6 @@ node['cfe-nginx-php-fpm']['nginx']['sites'].each do |site|
 
 
   path_crt     = ''
   path_crt     = ''
   path_key     = ''
   path_key     = ''
-  path_dhparam = ''
   path_pass    = ''
   path_pass    = ''
 
 
   # If TLS/SSL is enabled, configure it:
   # If TLS/SSL is enabled, configure it:
@@ -105,13 +117,6 @@ node['cfe-nginx-php-fpm']['nginx']['sites'].each do |site|
         action    :create_if_missing
         action    :create_if_missing
       end
       end
     end
     end
-
-    # Configure a high modulus DH param
-    path_dhparam = "#{priv_dir}/#{site_sname}.dhparam"
-    dh_modulus   = site_ssl[:dh_modulus] || 4096
-    execute "openssl dhparam -out #{path_dhparam} #{dh_modulus}" do
-      not_if { ::File.exist?(path_dhparam) }
-    end
   end
   end
 
 
   # If basic auth is enabled, create htpasswd file
   # If basic auth is enabled, create htpasswd file