Guidelines

This site is for tech Q&A. Please keep your posts focused on the subject at hand.

Ask one question at a time. Don't conflate multiple problems into a single question.

Make sure to include all relevant information in your posts. Try to avoid linking to external sites.

Links to documentation are fine, but in addition you should also quote the relevant parts in your posts.

Related questions

Categories

Most popular tags

linux bash question2answer php puppet mysql devuan nginx css powershell array ubuntu puppet-bolt apt jq json ruby grafana docker certbot gitlab cron vim firefox goss ssh font disk partition lvm openssl dns password datetime postfix logger logging html puppet-provider service-management sync gog steam pod kubernetes laravel keepass vssadmin savegame pentiment prometheus promql minecraft-java pager azure bell fluxbox nfs pip locale python tun-device openvpn mirror hetzner-cloud web-search hiera nag-screen youtube responsive-design systemctl ssh-agent windows cups printer bind request-trace label gpg shared-folder virtualbox sector raid environment glue-record nis tcp foreman chroot volume mount powerdns puppetdb fact network-interface systemd network java hash sha256

"Duplicate resource declaration" error with different settings for same location in SSL and non-SSL vhost

0 votes
707 views
707 views

At work we're configuring Nginx servers with Puppet (using the Vox Pupuli Nginx module). Now we want to switch the SSL config to Let's Encrypt. I currently have the following settings (in hiera) for my vhosts:

nginx::nginx_servers:
  'www.example.com':
    ssl: true
    ssl_redirect: false
    locations:
      'www-letsencrypt':
        location: '~ ^/.well-known/acme-challenge'
        location_cfg_prepend:
          'default_type': 'text/plain'
        www_root: '/var/www/letsencrypt'
        ssl: false
      'www':
        location: '/'
        ssl: false
        location_custom_cfg:
          'return': '301 https://$host$request_uri'
      'www-ssl':
        location: '/'
        # other settings here ...

However, when I run the Puppet agent I'm getting a duplicate resource declaration error:

Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Evaluation Error: Error while evaluating a Resource Statement, Evaluation Error: Error while evaluating a Resource Statement, Duplicate declaration: Concat::Fragment[www.example.com-500-6666cd76f96956469e7be39d750cc7d9] is already declared in file /etc/puppetlabs/code/environments/production/modules/nginx/manifests/resource/location.pp:296; cannot redeclare at /etc/puppetlabs/code/environments/production/modules/nginx/manifests/resource/location.pp:296 at /etc/puppetlabs/code/environments/production/modules/nginx/manifests/resource/location.pp:296:7 at /etc/puppetlabs/code/environments/production/modules/nginx/manifests/resource/server.pp:454 on node server.example.com

If I change the SSL location for instance to location: '~ .*' the agent runs fine, but I'd prefer having / as the location for SSL as well.

The agent also runs with no error when I specify distinct vhosts for non-SSL and SSL:

nginx::nginx_servers:
  'www.example.com':
    ssl: true
    ssl_redirect: false
    locations:
      'www-letsencrypt':
        location: '~ ^/.well-known/acme-challenge'
        location_cfg_prepend:
          'default_type': 'text/plain'
        www_root: '/var/www/letsencrypt'
        ssl: false
      'www':
        location: '/'
        ssl: false
        location_custom_cfg:
          'return': '301 https://$host$request_uri'
  'www.example.com-ssl':
    ssl: true
    ssl_redirect: false
    locations:
      'www-ssl':
        location: '/'
        # other settings here ...

But then Puppet would create separate config files for each vhost, so I don't want that either.

How do I specify that the module should configure different / locations for the non-SSL vhost and the SSL vhost in the same file?

in Sysadmin
edited by
by (115)
2 19 33
edit history

Please log in or register to answer this question.

1 Answer

0 votes
 

You need to set the parameter ssl_only to "true" to restrict the location to the SSL vhost. That will prevent the module from trying to configure the location "www-ssl" with both vhosts (the location "www" is already tied to the non-SSL vhost only, because you already set ssl to "false"). Note that ssl_redirect must also be set to "false" (which you already have), otherwise you'd still be getting a duplicate resource declaration error.

nginx::nginx_servers:
  'www.example.com':
    ssl: true
    ssl_redirect: false
    locations:
      'www-letsencrypt':
        location: '~ ^/.well-known/acme-challenge'
        location_cfg_prepend:
          'default_type': 'text/plain'
        www_root: '/var/www/letsencrypt'
        ssl: false
      'www':
        location: '/'
        ssl: false
        location_custom_cfg:
          'return': '301 https://$host$request_uri'
      'www-ssl':
        location: '/'
        ssl_only: true
        # other settings here ...

edited by
by (115)
2 19 33
edit history
Powered by Question2Answer
...