Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

libravatar: differentiate between server_name and server_cert_name

Browse source 
the same for cdn
This commit is contained in:
clime 2019-03-08 11:15:16 +01:00
parent 402f64be39
commit 03153a2909
3 changed files with 13 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/group_vars/libravatar
View file

@ -4,3 +4,5 @@ server_name: www.libravatar.org
cdn_server_name: cdn.libravatar.org
cdn_server_alias: seccdn.libravatar.org
server_redirect_name: "libravatar.org libravatar.com www.libravatar.com"
server_cert_name: libravatar.org
cdn_server_cert_name: cdn.libravatar.org

2
inventory/group_vars/libravatar-stg
View file

@ -4,3 +4,5 @@ server_name: libravatar-stg.fedorainfracloud.org
cdn_server_name: libravatar-stg.fedorainfracloud.org
cdn_server_alias: libravatar-stg.fedorainfracloud.org
server_redirect_name: libravatar-stg.fedorainfracloud.org
server_cert_name: libravatar-stg.fedorainfracloud.org
cdn_server_cert_name: libravatar-stg.fedorainfracloud.org

18
roles/libravatar/templates/httpd/libravatar.conf
View file

@ -21,9 +21,9 @@ RewriteEngine on
ServerName {{ cdn_server_name }}
ServerAlias {{ cdn_server_alias }}
SSLCertificateFile /etc/letsencrypt/live/{{ cdn_server_name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ cdn_server_name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ cdn_server_name }}/fullchain.pem
SSLCertificateFile /etc/letsencrypt/live/{{ cdn_server_cert_name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ cdn_server_cert_name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ cdn_server_cert_name }}/fullchain.pem
Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains"
RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
@ -34,9 +34,9 @@ RewriteEngine on
<VirtualHost *:443>
ServerName {{ server_name }}
SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
SSLCertificateFile /etc/letsencrypt/live/{{ server_cert_name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_cert_name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ server_cert_name }}/fullchain.pem
Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains"
RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
@ -47,9 +47,9 @@ RewriteEngine on
<VirtualHost *:443>
ServerAlias {{ server_redirect_name }}
SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
SSLCertificateFile /etc/letsencrypt/live/{{ server_cert_name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_cert_name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ server_cert_name }}/fullchain.pem
Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains"
RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]