forked from Netz39_Admin/netz39-infra-ansible
Add a role that sets up an Apache site for Dehydrated validation
This commit is contained in:
parent
cc7bbd2935
commit
08577a2636
4 changed files with 50 additions and 0 deletions
5
roles/setup-http-dehydrated/handlers/main.yml
Normal file
5
roles/setup-http-dehydrated/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: restart apache2
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
state: restarted
|
3
roles/setup-http-dehydrated/meta/main.yml
Normal file
3
roles/setup-http-dehydrated/meta/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: ansible-role-dehydrated
|
12
roles/setup-http-dehydrated/tasks/main.yml
Normal file
12
roles/setup-http-dehydrated/tasks/main.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: Add or update Apache2 site
|
||||||
|
template:
|
||||||
|
src: templates/apache-dehydrated.j2
|
||||||
|
dest: /etc/apache2/sites-available/{{ site_name }}.conf
|
||||||
|
notify: restart apache2
|
||||||
|
|
||||||
|
- name: Activate Apache2 site
|
||||||
|
command: a2ensite {{ site_name }}
|
||||||
|
args:
|
||||||
|
creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
|
||||||
|
notify: restart apache2
|
30
roles/setup-http-dehydrated/templates/apache-dehydrated.j2
Normal file
30
roles/setup-http-dehydrated/templates/apache-dehydrated.j2
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address | default('::1') }}]:80>
|
||||||
|
ServerAdmin {{ server_admin }}
|
||||||
|
ServerName {{ site_name }}
|
||||||
|
ServerAlias {{ site_name }}
|
||||||
|
ErrorLog /var/log/apache2/{{ site_name }}-error.log
|
||||||
|
CustomLog /var/log/apache2/{{ site_name }}-access.log common
|
||||||
|
|
||||||
|
Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
|
||||||
|
</VirtualHost>
|
||||||
|
|
||||||
|
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}>
|
||||||
|
<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address | default('::1') }}]:80>
|
||||||
|
ServerAdmin {{ server_admin }}
|
||||||
|
ServerName {{ site_name }}
|
||||||
|
ServerAlias {{ site_name }}
|
||||||
|
|
||||||
|
ErrorLog /var/log/apache2/{{ site_name }}-error.log
|
||||||
|
CustomLog /var/log/apache2/{{ site_name }}-access.log common
|
||||||
|
|
||||||
|
SSLEngine on
|
||||||
|
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
|
||||||
|
SSLCertificateFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
|
||||||
|
SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
|
||||||
|
SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
|
||||||
|
|
||||||
|
Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
|
||||||
|
|
||||||
|
Redirect 404 /
|
||||||
|
</VirtualHost>
|
||||||
|
</IfFile>
|
Loading…
Reference in a new issue