tom/ansible_apache_vhost
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

aoache_vhost: include LE certificate generation - WIP

Browse Source
This commit is contained in:
Thomas Constans
2020-05-09 22:24:32 +02:00
parent ac6c75c19f
commit 65c00099ef
4 changed files with 49 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -19,6 +19,7 @@ apache_access_log: {{ apache_base_dir}}/logs/access_log
apache_php_socket: {{ apache_base_dir }}/php-fpm.sock apache_php_socket: {{ apache_base_dir }}/php-fpm.sock
apache_use_php: true apache_use_php: true
apache_use_ssl: true apache_use_ssl: true
apache_use_certbot: true
apache_stats: true apache_stats: true
apache_ssl_certificate: /etc/letsencrypt/live/{{ apache_server_name }}/cert.pem apache_ssl_certificate: /etc/letsencrypt/live/{{ apache_server_name }}/cert.pem
apache_ssl_chain: /etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem apache_ssl_chain: /etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem

1
defaults/main.yml
View File

@@ -6,6 +6,7 @@ apache_access_log: "{{ apache_base_dir}}/logs/access_log"
apache_php_socket: "{{ apache_base_dir }}/php-fpm.sock" apache_php_socket: "{{ apache_base_dir }}/php-fpm.sock"
apache_use_php: true apache_use_php: true
apache_use_ssl: true apache_use_ssl: true
apache_use_certbot: true
apache_ssl_certificate: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem" apache_ssl_certificate: "/etc/letsencrypt/live/{{ apache_server_name }}/cert.pem"
apache_ssl_chain: "/etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem" apache_ssl_chain: "/etc/letsencrypt/live/{{ apache_server_name }}/fullchain.pem"
apache_ssl_key: "/etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem " apache_ssl_key: "/etc/letsencrypt/live/{{ apache_server_name }}/privkey.pem "

34
tasks/certbot.yml Normal file
View File

@@ -0,0 +1,34 @@
---
- name: install certbot
yum:
name: certbot
state: present
- name: install apache config file without ssl
vars:
apache_use_ssl: false
template:
src: vhost.conf.jj
dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
mode: 0644
notify: restart apache
- name: if needed, we restart apache
meta: flush_handlers
- name: generate certificates
vars:
subdomains: "{{ apache_server_alias | join( ' -d ' ) }}"
command: certbot certonly --webroot --webroot-path {{ apache_document_root }} -d {{ subdomains }}
args:
creates: "{{ apache_ssl_chain }}"
- name: create cronjob for renewal
cron:
name: certbot
cron_file: certbot
user: root
hour: "01"
minute: "00"
weekday: "6"
job: "/usr/bin/certbot renew && /sbin/apachectl graceful"

21
tasks/main.yml
View File

@@ -1,5 +1,6 @@
--- ---
# tasks file for apache_vhost # tasks file for apache_vhost
- name: create dedicated user - name: create dedicated user
user: user:
name: "{{ apache_user }}" name: "{{ apache_user }}"
@@ -9,13 +10,6 @@
home: "{{ apache_base_dir }}" home: "{{ apache_base_dir }}"
shell: /bin/bash shell: /bin/bash
- name: vhost config file
template:
src: vhost.conf.jj
dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
mode: 0644
notify: restart apache
- name: php-fpm config file - name: php-fpm config file
template: template:
src: pool.conf.jj src: pool.conf.jj
@@ -37,10 +31,21 @@
- "{{ apache_base_dir }}/session" - "{{ apache_base_dir }}/session"
- "{{ apache_base_dir }}/wsdlcache" - "{{ apache_base_dir }}/wsdlcache"
- name: generate cert
include_tasks: certbot.yml
when: apache_use_certbot
- name: vhost config file
template:
src: vhost.conf.jj
dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
mode: 0644
notify: restart apache
- name: logrotate config file - name: logrotate config file
template: template:
src: logrotate.conf.jj src: logrotate.conf.jj
dest: "/etc/logrotate.d/{{ apache_server_name }}.conf" dest: "/etc/logrotate.d/vhost.conf"
mode: 0644 mode: 0644
- name: goaccess - name: goaccess