Add a role that sets up an Apache site for Dehydrated validation

2021-03-07 16:31:39 +01:00 · 2021-03-07 16:31:39 +01:00 · 08577a2636
commit 08577a2636
parent cc7bbd2935
4 changed files with 50 additions and 0 deletions
--- a/roles/setup-http-dehydrated/handlers/main.yml
+++ b/roles/setup-http-dehydrated/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: restart apache2
+  service:
+    name: apache2
+    state: restarted
--- a/roles/setup-http-dehydrated/meta/main.yml
+++ b/roles/setup-http-dehydrated/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+- role: ansible-role-dehydrated
--- a/roles/setup-http-dehydrated/tasks/main.yml
+++ b/roles/setup-http-dehydrated/tasks/main.yml
@ -0,0 +1,12 @@
+---
+- name: Add or update Apache2 site
+  template:
+    src: templates/apache-dehydrated.j2
+    dest: /etc/apache2/sites-available/{{ site_name }}.conf
+  notify: restart apache2
+
+- name: Activate Apache2 site
+  command: a2ensite {{ site_name }}
+  args:
+    creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
+  notify: restart apache2
--- a/roles/setup-http-dehydrated/templates/apache-dehydrated.j2
+++ b/roles/setup-http-dehydrated/templates/apache-dehydrated.j2
@ -0,0 +1,30 @@
+<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address | default('::1') }}]:80>
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
+</VirtualHost>
+
+<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}>
+<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address | default('::1') }}]:80>
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    SSLEngine on
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+    SSLCertificateFile    /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
+    SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
+    SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
+
+    Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
+
+    Redirect 404 /
+</VirtualHost>
+</IfFile>