evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Install LE cert. when there is none
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Mathieu Gauthier-Pilote 2023-01-12 16:27:00 -05:00
parent 6e0d6b8a32
commit 1c1bc2fe9f
2 changed files with 39 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
webapps/mastodon/tasks/main.yml
View file

@ -174,37 +174,42 @@
path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem" path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
register: ssl register: ssl
#- name: Generate certificate only if required (first time) - name: Generate certificate only if required (first time)
#block: block:
#- name: Template vhost without SSL for successfull LE challengce - name: Template vhost without SSL for successfull LE challengce
#template: template:
#src: "vhost.j2" src: "vhost.j2"
#dest: "/etc/nginx/sites-available/{{ service }}" dest: "/etc/nginx/sites-available/{{ service }}"
#- name: Enable temporary nginx vhost for LE - name: Enable temporary nginx vhost for LE
#file: file:
#src: "/etc/nginx/sites-available/{{ service }}" src: "/etc/nginx/sites-available/{{ service }}"
#dest: "/etc/nginx/sites-enabled/{{ service }}" dest: "/etc/nginx/sites-enabled/{{ service }}"
#state: link state: link
#- name: Reload nginx conf - name: Reload nginx conf
#service: service:
#name: nginx name: nginx
#state: reloaded state: reloaded
#- name: Generate certificate with certbot - name: Generate certificate with certbot
#shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ domains |first }} shell: certbot certonly --webroot --webroot-path /var/lib/letsencrypt -d {{ domains |first }}
#when: ssl.stat.exists == false when: ssl.stat.exists == false
#- name: (Re)template conf file for nginx vhost with SSL - name: (Re)check if SSL certificate is present and register result
#template: stat:
#src: "vhost.j2" path: "/etc/letsencrypt/live/{{ domains |first }}/fullchain.pem"
#dest: "/etc/nginx/sites-available/{{ service }}" register: ssl
#- name: Enable nginx vhost for mastodon - name: (Re)template conf file for nginx vhost with SSL
#file: template:
#src: "/etc/nginx/sites-available/{{ service }}" src: "vhost.j2"
#dest: "/etc/nginx/sites-enabled/{{ service }}" dest: "/etc/nginx/sites-available/{{ service }}"
#state: link
#- name: Reload nginx conf - name: Enable nginx vhost for mastodon
#service: file:
#name: nginx src: "/etc/nginx/sites-available/{{ service }}"
#state: reloaded dest: "/etc/nginx/sites-enabled/{{ service }}"
state: link
- name: Reload nginx conf
service:
name: nginx
state: reloaded

4
webapps/mastodon/templates/vhost.j2
View file

@ -19,8 +19,10 @@ server {
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name {{ domains |first }}; server_name {{ domains |first }};
include /etc/nginx/ssl/{{ service }}.conf;
include /etc/nginx/snippets/letsencrypt.conf; include /etc/nginx/snippets/letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/{{ domains |first }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ domains |first }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ domains |first }}/chain.pem;
# OCSP stapling # OCSP stapling
ssl_stapling on; ssl_stapling on;