From 0a034c50d1be5d75c5742269b1df3d59de421ca4 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 5 May 2020 10:22:37 -0700 Subject: [PATCH] noc02: setup to use letsencrypt cert. Fixes ticket #8882 Signed-off-by: Kevin Fenzi --- playbooks/groups/noc.yml | 2 +- .../templates/httpd/0_nagios-external.conf.j2 | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/playbooks/groups/noc.yml b/playbooks/groups/noc.yml index db793bdb73..81b189f883 100644 --- a/playbooks/groups/noc.yml +++ b/playbooks/groups/noc.yml @@ -38,7 +38,7 @@ service: HTTP host: "nagios-external{{env_suffix}}.fedoraproject.org" when: datacenter != 'phx2' - + - { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') } tasks: - import_tasks: "{{ tasks_path }}/2fa_client.yml" diff --git a/roles/nagios_server/templates/httpd/0_nagios-external.conf.j2 b/roles/nagios_server/templates/httpd/0_nagios-external.conf.j2 index c9c3124792..6e47c47a23 100644 --- a/roles/nagios_server/templates/httpd/0_nagios-external.conf.j2 +++ b/roles/nagios_server/templates/httpd/0_nagios-external.conf.j2 @@ -1,5 +1,6 @@ ServerName nagios-external.fedoraproject.org + ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge" Redirect permanent / https://nagios-external.fedoraproject.org/ @@ -11,7 +12,7 @@ SSLCipherSuite {{ ssl_ciphers }} Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - SSLCertificateFile /etc/pki/tls/certs/noc02.fedoraproject.org.cert - SSLCertificateChainFile /etc/pki/tls/certs/noc02.fedoraproject.org.intermediate.cert - SSLCertificateKeyFile /etc/pki/tls/certs/noc02.fedoraproject.org.key + SSLCertificateFile /etc/pki/tls/certs/nagios-external.fedoraproject.org.cert + SSLCertificateChainFile /etc/pki/tls/certs/nagios-external.fedoraproject.org.intermediate.cert + SSLCertificateKeyFile /etc/pki/tls/certs/nagios-external.fedoraproject.org.key