JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity

Use variables to configure dehydrated locations

Browse source 
These variables match https://github.com/24367dfa/ansible-role-dehydrated
This commit is contained in:
Stefan Haun 2022-09-08 15:41:36 +02:00
parent ac46e1dd7c
commit c4af7754b2
2 changed files with 13 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
roles/setup-http-site-proxy/defaults/main.yml Normal file
View file

@ -0,0 +1,6 @@
# Defaults for setup-http-dehydrated
---
# These match https://github.com/24367dfa/ansible-role-dehydrated
dehydrated_config_dir: "/usr/local/etc/dehydrated"
dehydrated_certs_dir: "{{ dehydrated_config_dir }}/certs"
dehydrated_wellknown_dir: "{{ dehydrated_config_dir }}/challenge"

14
roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
View file

@ -9,7 +9,7 @@
ErrorLog /var/log/apache2/{{ site_name }}-error.log
CustomLog /var/log/apache2/{{ site_name }}-access.log common
Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
<ifmodule mod_rewrite.c>
RewriteEngine On
@ -18,9 +18,9 @@
</ifmodule>
</VirtualHost>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem>
<IfFile {{dehydrated_certs_dir}/{{ site_name }}/cert.pem>
<IfFile {{dehydrated_certs_dir}/{{ site_name }}/privkey.pem>
<IfFile {{dehydrated_certs_dir}/{{ site_name }}/chain.pem>
{% if 'address' in ansible_default_ipv6 %}
<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
{% else %}
@ -35,9 +35,9 @@
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLCertificateFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
SSLCertificateFile {{dehydrated_certs_dir}/{{ site_name }}/cert.pem
SSLCertificateKeyFile {{dehydrated_certs_dir}/{{ site_name }}/privkey.pem
SSLCertificateChainFile {{dehydrated_certs_dir}/{{ site_name }}/chain.pem
AllowEncodedSlashes NoDecode
ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ nocanon