From 03153a2909c73e43e0ff8f71d4710344ae00dbb4 Mon Sep 17 00:00:00 2001 From: clime Date: Fri, 8 Mar 2019 11:15:16 +0100 Subject: [PATCH] libravatar: differentiate between server_name and server_cert_name the same for cdn --- inventory/group_vars/libravatar | 2 ++ inventory/group_vars/libravatar-stg | 2 ++ .../libravatar/templates/httpd/libravatar.conf | 18 +++++++++--------- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/inventory/group_vars/libravatar b/inventory/group_vars/libravatar index 0cb711a92c..e8f3eff735 100644 --- a/inventory/group_vars/libravatar +++ b/inventory/group_vars/libravatar @@ -4,3 +4,5 @@ server_name: www.libravatar.org cdn_server_name: cdn.libravatar.org cdn_server_alias: seccdn.libravatar.org server_redirect_name: "libravatar.org libravatar.com www.libravatar.com" +server_cert_name: libravatar.org +cdn_server_cert_name: cdn.libravatar.org diff --git a/inventory/group_vars/libravatar-stg b/inventory/group_vars/libravatar-stg index 7ce0c6f41e..a536e3ddc3 100644 --- a/inventory/group_vars/libravatar-stg +++ b/inventory/group_vars/libravatar-stg @@ -4,3 +4,5 @@ server_name: libravatar-stg.fedorainfracloud.org cdn_server_name: libravatar-stg.fedorainfracloud.org cdn_server_alias: libravatar-stg.fedorainfracloud.org server_redirect_name: libravatar-stg.fedorainfracloud.org +server_cert_name: libravatar-stg.fedorainfracloud.org +cdn_server_cert_name: libravatar-stg.fedorainfracloud.org diff --git a/roles/libravatar/templates/httpd/libravatar.conf b/roles/libravatar/templates/httpd/libravatar.conf index e4791f1558..741fee9317 100644 --- a/roles/libravatar/templates/httpd/libravatar.conf +++ b/roles/libravatar/templates/httpd/libravatar.conf @@ -21,9 +21,9 @@ RewriteEngine on ServerName {{ cdn_server_name }} ServerAlias {{ cdn_server_alias }} - SSLCertificateFile /etc/letsencrypt/live/{{ cdn_server_name }}/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/{{ cdn_server_name }}/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/{{ cdn_server_name }}/fullchain.pem + SSLCertificateFile /etc/letsencrypt/live/{{ cdn_server_cert_name }}/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/{{ cdn_server_cert_name }}/privkey.pem + SSLCertificateChainFile /etc/letsencrypt/live/{{ cdn_server_cert_name }}/fullchain.pem Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains" RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L] @@ -34,9 +34,9 @@ RewriteEngine on ServerName {{ server_name }} - SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem + SSLCertificateFile /etc/letsencrypt/live/{{ server_cert_name }}/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_cert_name }}/privkey.pem + SSLCertificateChainFile /etc/letsencrypt/live/{{ server_cert_name }}/fullchain.pem Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains" RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L] @@ -47,9 +47,9 @@ RewriteEngine on ServerAlias {{ server_redirect_name }} - SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem + SSLCertificateFile /etc/letsencrypt/live/{{ server_cert_name }}/cert.pem + SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_cert_name }}/privkey.pem + SSLCertificateChainFile /etc/letsencrypt/live/{{ server_cert_name }}/fullchain.pem Header always add Strict-Transport-Security "max-age=31536000; preload; includeSubDomains" RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]