diff --git a/playbooks/groups/proxies-websites.yml b/playbooks/groups/proxies-websites.yml index 309eb482e1..d244fe3a30 100644 --- a/playbooks/groups/proxies-websites.yml +++ b/playbooks/groups/proxies-websites.yml @@ -61,13 +61,6 @@ - "[2607:f188::dead:beef:cafe:fed1]" - "192.168.122.2" - # This is just a handy default. If 'ips' is not specified to the - # httpd/website role below, then it will use the wildcard list, which most do. - - ips: "{{wildcard_fpo_ips}}" - - # This is another handy default. wildcard_cert_name is defined in group_vars - - cert_name: "{{wildcard_cert_name}}" - pre_tasks: - name: Create /srv/web/ for all the goodies. @@ -90,12 +83,15 @@ - role: httpd/website name: fedoraproject.org ips: "{{fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" server_aliases: [stg.fedoraproject.org] # This is for all the other domains we own # that redirect to http://fedoraproject.org - role: httpd/website name: fedoraproject.com + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" server_aliases: - fedora.redhat.com - fedora.com.my @@ -130,13 +126,19 @@ name: admin.fedoraproject.org server_aliases: [admin.stg.fedoraproject.org] sslonly: true + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: cloud.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: mirrors.fedoraproject.org server_aliases: [mirrors.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: download.fedoraproject.org @@ -152,25 +154,35 @@ - download09.fedoraproject.org - download10.fedoraproject.org - download.stg.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: translate.fedoraproject.org server_aliases: [translate.stg.fedoraproject.org] sslonly: true + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: spins.fedoraproject.org server_aliases: - spins.stg.fedoraproject.org - spins-test.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: boot.fedoraproject.org server_aliases: [boot.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: boot.fedoraproject.org server_aliases: [boot.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: smolts.org @@ -179,32 +191,44 @@ - smolt.fedoraproject.org - stg.smolts.org - www.smolts.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: docs.fedoraproject.org server_aliases: - doc.fedoraproject.org - docs.stg.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: bodhi.fedoraproject.org server_aliases: [bodhi.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: bugz.fedoraproject.org server_aliases: [bugz.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fas.fedoraproject.org server_aliases: - fas.stg.fedoraproject.org - accounts.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fas.fedoraproject.org server_aliases: - fas.stg.fedoraproject.org - accounts.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fedoracommunity.org @@ -212,10 +236,14 @@ - www.fedoracommunity.org - stg.fedoracommunity.org ssl: false + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: get.fedoraproject.org server_aliases: [get.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: help.fedoraproject.org @@ -224,34 +252,50 @@ - role: httpd/website name: it.fedoracommunity.org server_aliases: [it.fedoracommunity.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: uk.fedoracommunity.org server_aliases: - uk.fedoracommunity.org - www.uk.fedoracommunity.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: people.fedoraproject.org server_aliases: [people.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: join.fedoraproject.org server_aliases: [join.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: l10n.fedoraproject.org server_aliases: [l10n.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: start.fedoraproject.org server_aliases: [start.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: kde.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: nightly.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: port389.org @@ -260,45 +304,62 @@ - 389tcp.org - www.389tcp.org ssl: false + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fedoramagazine.org server_aliases: [www.fedoramagazine.org] cert_name: fedoramagazine.org SSLCertificateChainFile: fedoramagazine.org.intermediate.cert + ips: "{{wildcard_fpo_ips}}" - role: httpd/website name: k12linux.org server_aliases: - www.k12linux.org ssl: false + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fonts.fedoraproject.org server_aliases: [fonts.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: meetbot.fedoraproject.org server_aliases: [meetbot.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: fudcon.fedoraproject.org server_aliases: [fudcon.stg.fedoraproject.org] + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: ask.fedoraproject.org server_aliases: [ask.stg.fedoraproject.org] sslonly: true + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: badges.fedoraproject.org server_aliases: [badges.stg.fedoraproject.org] sslonly: true + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: darkserver.fedoraproject.org server_aliases: [darkserver.stg.fedoraproject.org] sslonly: true + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: paste.fedoraproject.org @@ -306,12 +367,16 @@ - paste.stg.fedoraproject.org - fpaste.org - www.fpaste.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: apps.fedoraproject.org server_aliases: [apps.stg.fedoraproject.org] sslonly: true gzip: true + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" # Kinda silly that we have two entries here, one for prod and one for stg. # This is inherited from our puppet setup -- we can collapse them as soon as @@ -320,6 +385,8 @@ name: taskotron.fedoraproject.org server_aliases: [taskotron.fedoraproject.org] sslonly: true + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: taskotron.stg.fedoraproject.org @@ -327,6 +394,8 @@ # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert sslonly: true + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website @@ -335,34 +404,40 @@ sslonly: true # Set this explicitly to stg here.. as per the original puppet config. SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" when: env == "staging" - role: httpd/website name: id.fedoraproject.org server_aliases: - "*.id.fedoraproject.org" - cert_name: wildcard-2014.id.fedoraproject.org + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" SSLCertificateChainFile: wildcard-2014.id.fedoraproject.org.intermediate.cert - when: env == "staging" + - role: httpd/website name: id.stg.fedoraproject.org server_aliases: - "*.id.stg.fedoraproject.org" + ips: "{{wildcard_fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" SSLCertificateChainFile: wildcard-2014.stg.fedoraproject.org.intermediate.cert when: env == "staging" - role: httpd/website name: getfedora.org - ips: "{{fpo_ips}}" server_aliases: [stg.getfedora.org] sslonly: true + ips: "{{fpo_ips}}" cert_name: getfedora.org SSLCertificateChainFile: getfedora.org.intermediate.cert - role: httpd/website name: qa.fedoraproject.org ips: "{{fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" server_aliases: [qa.stg.fedoraproject.org] sslonly: true @@ -371,8 +446,12 @@ server_aliases: [redirect.stg.fedoraproject.org] sslonly: true gzip: true + ips: "{{fpo_ips}}" + cert_name: "{{wildcard_cert_name}}" - role: httpd/website name: geoip.fedoraproject.org server_aliases: [geoip.stg.fedoraproject.org] sslonly: true + ips: "{{fpo_ips}}" + cert_name: "{{wildcard_cert_name}}"