From 7e4177451e482a696e2d7364dcf0d8dbad50754d Mon Sep 17 00:00:00 2001 From: Alexander Dahl <alex@netz39.de> Date: Fri, 28 Mar 2025 06:38:16 +0100 Subject: [PATCH] roles: apache_letsencrypt: Rename variable for challenge dir The previous variable name is the same as in the role 24367dfa.dehydrated but had a different meaning here. While in the dehydrated role it means the directory where the working copy of the dehydrated git repo is cloned to, in here it meant the directory for the challenges which is known as "wellknown" dir in the dehydrated project and role. Setting this variable before using both roles would most certainly lead to unexpected results?! The whole playbook does not set `dehydrated_location` so it goes with its defaults in both roles currently, probably. Consistent with the role setup_http_site_proxy now, which configures the path in the reverse proxy, while this configures the same path in the actual webserver behind the proxy. Running the playbooks using both roles yields no change in target configuration after this changeset. Link: https://github.com/24367dfa/ansible-role-dehydrated/blob/main/defaults/main.yml Fixes: 1fe65268987e (":sparkles: Add a role to allow letsencrypt access in Apache2") --- roles/apache_letsencrypt/defaults/main.yml | 3 ++- .../apache_letsencrypt/templates/letsencrypt-directory.conf.j2 | 2 +- roles/setup_http_site_proxy/defaults/main.yml | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/apache_letsencrypt/defaults/main.yml b/roles/apache_letsencrypt/defaults/main.yml index 6967d14..2bee48b 100644 --- a/roles/apache_letsencrypt/defaults/main.yml +++ b/roles/apache_letsencrypt/defaults/main.yml @@ -1,3 +1,4 @@ # Defaults for role apache_letsencrypt --- -dehydrated_location: "/usr/local/etc/dehydrated" +# These match https://github.com/24367dfa/ansible-role-dehydrated +dehydrated_wellknown_dir: "{{ dehydrated_config_dir }}/challenge" diff --git a/roles/apache_letsencrypt/templates/letsencrypt-directory.conf.j2 b/roles/apache_letsencrypt/templates/letsencrypt-directory.conf.j2 index a514c34..c52af9e 100644 --- a/roles/apache_letsencrypt/templates/letsencrypt-directory.conf.j2 +++ b/roles/apache_letsencrypt/templates/letsencrypt-directory.conf.j2 @@ -1,3 +1,3 @@ -<Directory {{ dehydrated_location }}/challenge> +<Directory {{ dehydrated_wellknown_dir }}> Require all granted </Directory> diff --git a/roles/setup_http_site_proxy/defaults/main.yml b/roles/setup_http_site_proxy/defaults/main.yml index e6171ff..dca3596 100644 --- a/roles/setup_http_site_proxy/defaults/main.yml +++ b/roles/setup_http_site_proxy/defaults/main.yml @@ -1,4 +1,4 @@ -# Defaults for setup-http-dehydrated +# Defaults for role setup_http_site_proxy --- # These match https://github.com/24367dfa/ansible-role-dehydrated dehydrated_config_dir: "/usr/local/etc/dehydrated"