tom/ansible_apache_vhost
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

apache_vhost: now able to create certificates using certbot

Browse Source
This commit is contained in:
Thomas Constans
2020-05-10 01:04:08 +02:00
parent 65c00099ef
commit 6f6916136e
3 changed files with 24 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tasks/certbot.yml
View File

@@ -12,16 +12,28 @@
dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf dest: /etc/httpd/conf.d/{{ apache_server_name }}.conf
mode: 0644 mode: 0644
notify: restart apache notify: restart apache
register: result
# cant use meta / flush handlers in conditionnals
- name: if needed, we restart apache - name: if needed, we restart apache
meta: flush_handlers service:
name: httpd
state: restarted
when: result.changed
- name: generate certificates - name: generate certificates for domaine and subdomains
vars: vars:
subdomains: "{{ apache_server_alias | join( ' -d ' ) }}" subdomains: "-d {{ apache_server_alias | join( ' -d ' ) }}"
command: certbot certonly --webroot --webroot-path {{ apache_document_root }} -d {{ subdomains }} command: certbot certonly --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }} {{ subdomains }}
args: args:
creates: "{{ apache_ssl_chain }}" creates: "{{ apache_ssl_chain }}"
when: apache_server_alias is defined
- name: generate certificates
command: certbot certonly --webroot --webroot-path {{ apache_document_root }} -d {{ apache_server_name }}
args:
creates: "{{ apache_ssl_chain }}"
when: apache_server_alias is not defined
- name: create cronjob for renewal - name: create cronjob for renewal
cron: cron:

3
tasks/main.yml
View File

@@ -32,8 +32,9 @@
- "{{ apache_base_dir }}/wsdlcache" - "{{ apache_base_dir }}/wsdlcache"
- name: generate cert - name: generate cert
include_tasks: certbot.yml import_tasks: certbot.yml
when: apache_use_certbot when: apache_use_certbot
tags: certbot,ssl
- name: vhost config file - name: vhost config file
template: template:

6
templates/vhost.conf.jj
View File

@@ -1,8 +1,10 @@
<VirtualHost *:80> <VirtualHost *:80>
Servername {{ apache_server_name }} Servername {{ apache_server_name }}
{% if apache_server_alias is defined %}
{%for alias in apache_server_alias %} {%for alias in apache_server_alias %}
ServerAlias {{ alias }} ServerAlias {{ alias }}
{%endfor%} {%endfor%}
{%endif%}
DocumentRoot {{ apache_document_root }} DocumentRoot {{ apache_document_root }}
<Directory {{ apache_document_root }}> <Directory {{ apache_document_root }}>
require all granted require all granted
@@ -19,9 +21,11 @@
{%if apache_use_ssl %} {%if apache_use_ssl %}
<VirtualHost *:443> <VirtualHost *:443>
Servername {{ apache_server_name }} Servername {{ apache_server_name }}
{% if apache_server_alias is defined %}
{%for alias in apache_server_alias %} {%for alias in apache_server_alias %}
ServerAlias {{ alias }} ServerAlias {{ alias }}
{%endfor%} {%endfor%}
{%endif%}
DocumentRoot {{ apache_document_root }} DocumentRoot {{ apache_document_root }}
SSLEngine on SSLEngine on
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
@@ -36,8 +40,10 @@
Options +Indexes Options +Indexes
AllowOverride {{ apache_allowoverride }} AllowOverride {{ apache_allowoverride }}
</Directory> </Directory>
{%if apache_use_php %}
<FilesMatch \.php$> <FilesMatch \.php$>
SetHandler "proxy:unix:{{ apache_php_socket }}|fcgi://localhost/" SetHandler "proxy:unix:{{ apache_php_socket }}|fcgi://localhost/"
</FilesMatch> </FilesMatch>
{% endif %}
</VirtualHost> </VirtualHost>
{%endif %} {%endif %}