evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Add Let's Encrypt domains in the squid's whitelist

Browse source
This commit is contained in:
Jérémy Lecour 2017-05-19 19:54:12 +02:00 committed by Jérémy Lecour
parent 0c5cc59bc6
commit 6386509d3b
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
evoacme/tasks/certbot.yml
View file

@ -64,7 +64,15 @@
- name: Let's Encrypt OCSP server is authorized by squid
lineinfile:
dest: "{{ squid3_whitelist_files.stdout_lines | first }}"
line: "http://ocsp.int-x3.letsencrypt.org/.*"
line: "{{ item }}"
state: present
notify: reload squid3
with-items:
- "http://acme-staging.api.letsencrypt.org/.*"
- "http://ocsp.int-x1.letsencrypt.org/.*"
- "http://ocsp.int-x2.letsencrypt.org/.*"
- "http://ocsp.int-x3.letsencrypt.org/.*"
- "http://ocsp.int-x4.letsencrypt.org/.*"
- "http://ocsp.root-x1.letsencrypt.org/.*"
- "http://ocsp.staging-x1.letsencrypt.org/.*"
when: squid3_whitelist_files.stdout != ""

6
squid/files/whitelist-evolinux.conf
View file

@ -11,7 +11,13 @@ http://.*sa-update.*
http://pear.php.net/.*
# Let's Encrypt
http://acme-staging.api.letsencrypt.org/.*
http://ocsp.int-x1.letsencrypt.org/.*
http://ocsp.int-x2.letsencrypt.org/.*
http://ocsp.int-x3.letsencrypt.org/.*
http://ocsp.int-x4.letsencrypt.org/.*
http://ocsp.root-x1.letsencrypt.org/.*
http://ocsp.staging-x1.letsencrypt.org/.*
### CMS / Wordpress / Drupal / ...
# Wordpress