put in patches to use wildcard2020
This commit is contained in:
Stephen Smoogen
Pierre-Yves Chibon
parent
190439f2b8
commit
37915eaf25
9 changed files with 19 additions and 19 deletions
|
|
@ -14,9 +14,9 @@ Listen 44342 https
|
||||||
|
|
||||||
SSLEngine on
|
SSLEngine on
|
||||||
SSLUseStapling on
|
SSLUseStapling on
|
||||||
SSLCertificateFile /etc/pki/tls/certs/wildcard-2017.fedoraproject.org.cert
|
SSLCertificateFile /etc/pki/tls/certs/wildcard-2020.fedoraproject.org.cert
|
||||||
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2017.fedoraproject.org.key
|
SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2020.fedoraproject.org.key
|
||||||
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2017.fedoraproject.org.intermediate.cert
|
SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2020.fedoraproject.org.intermediate.cert
|
||||||
|
|
||||||
SSLHonorCipherOrder On
|
SSLHonorCipherOrder On
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -235,10 +235,10 @@ max_cpu: "{{ num_cpus * 5 }}"
|
||||||
|
|
||||||
# This is the wildcard certname for our proxies. It has a different name for
|
# This is the wildcard certname for our proxies. It has a different name for
|
||||||
# the staging group and is used in the proxies.yml playbook.
|
# the staging group and is used in the proxies.yml playbook.
|
||||||
wildcard_cert_name: wildcard-2017.fedoraproject.org
|
wildcard_cert_name: wildcard-2020.fedoraproject.org
|
||||||
wildcard_crt_file: wildcard-2017.fedoraproject.org.cert
|
wildcard_crt_file: wildcard-2020.fedoraproject.org.cert
|
||||||
wildcard_key_file: wildcard-2017.fedoraproject.org.key
|
wildcard_key_file: wildcard-2020.fedoraproject.org.key
|
||||||
wildcard_int_file: wildcard-2017.fedoraproject.org.intermediate.cert
|
wildcard_int_file: wildcard-2020.fedoraproject.org.intermediate.cert
|
||||||
|
|
||||||
# This is the openshift wildcard cert. Until it exists set it equal to wildcard
|
# This is the openshift wildcard cert. Until it exists set it equal to wildcard
|
||||||
os_wildcard_cert_name: wildcard-2017.app.os.fedoraproject.org
|
os_wildcard_cert_name: wildcard-2017.app.os.fedoraproject.org
|
||||||
|
|
|
||||||
|
|
@ -16,8 +16,8 @@
|
||||||
- role: httpd/mod_ssl
|
- role: httpd/mod_ssl
|
||||||
|
|
||||||
- role: httpd/certificate
|
- role: httpd/certificate
|
||||||
certname: wildcard-2017.fedoraproject.org
|
certname: wildcard-2020.fedoraproject.org
|
||||||
SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
|
SSLCertificateChainFile: wildcard-2020.fedoraproject.org.intermediate.cert
|
||||||
|
|
||||||
# - role: httpd/certificate
|
# - role: httpd/certificate
|
||||||
# certname: wildcard-2017.fedorahosted.org
|
# certname: wildcard-2017.fedorahosted.org
|
||||||
|
|
|
||||||
|
|
@ -903,7 +903,7 @@
|
||||||
- role: httpd/website
|
- role: httpd/website
|
||||||
site_name: nagios.fedoraproject.org
|
site_name: nagios.fedoraproject.org
|
||||||
server_aliases: [nagios.stg.fedoraproject.org]
|
server_aliases: [nagios.stg.fedoraproject.org]
|
||||||
SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
|
SSLCertificateChainFile: wildcard-2020.fedoraproject.org.intermediate.cert
|
||||||
sslonly: true
|
sslonly: true
|
||||||
cert_name: "{{wildcard_cert_name}}"
|
cert_name: "{{wildcard_cert_name}}"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -62,13 +62,13 @@
|
||||||
- selinux
|
- selinux
|
||||||
|
|
||||||
- name: Copy wildcard cert from puppet private
|
- name: Copy wildcard cert from puppet private
|
||||||
copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2017.fedoraproject.org.cert owner=root group=root mode=0644
|
copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.cert" dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.cert owner=root group=root mode=0644
|
||||||
|
|
||||||
- name: Copy wildcard key from puppet private
|
- name: Copy wildcard key from puppet private
|
||||||
copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2017.fedoraproject.org.key owner=root group=root mode=0600
|
copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.key" dest=/etc/pki/tls/private/wildcard-2020.fedoraproject.org.key owner=root group=root mode=0600
|
||||||
|
|
||||||
- name: Copy intermediate wildcard cert from puppet private
|
- name: Copy intermediate wildcard cert from puppet private
|
||||||
copy: src="{{private}}/files/httpd/wildcard-2017.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2017.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
|
copy: src="{{private}}/files/httpd/wildcard-2020.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.intermediate.cert owner=root group=root mode=0644
|
||||||
|
|
||||||
- name: Configure httpd dl main conf
|
- name: Configure httpd dl main conf
|
||||||
template: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf
|
template: src=httpd/dl.fedoraproject.org.conf dest=/etc/httpd/conf.d/dl.fedoraproject.org.conf
|
||||||
|
|
|
||||||
|
|
@ -98,8 +98,8 @@
|
||||||
|
|
||||||
- name: put our combined cert in place
|
- name: put our combined cert in place
|
||||||
copy: >
|
copy: >
|
||||||
src={{private}}/files/httpd/wildcard-2017.fedoraproject.org.combined.cert
|
src={{private}}/files/httpd/wildcard-2020.fedoraproject.org.combined.cert
|
||||||
dest=/etc/pki/tls/certs/wildcard-2017.fedoraproject.org.combined.cert
|
dest=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.combined.cert
|
||||||
owner=root group=root mode=0644
|
owner=root group=root mode=0644
|
||||||
notify: restart stunnel
|
notify: restart stunnel
|
||||||
tags:
|
tags:
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
cert = /etc/pki/tls/certs/wildcard-2017.fedoraproject.org.combined.cert
|
cert = /etc/pki/tls/certs/wildcard-2020.fedoraproject.org.combined.cert
|
||||||
key = /etc/pki/tls/private/wildcard-2017.fedoraproject.org.key
|
key = /etc/pki/tls/private/wildcard-2020.fedoraproject.org.key
|
||||||
pid = /var/run/stunnel.pid
|
pid = /var/run/stunnel.pid
|
||||||
|
|
||||||
[{{ stunnel_service }}]
|
[{{ stunnel_service }}]
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ server_admin: webmaster@fedoraproject.org
|
||||||
certbot: false
|
certbot: false
|
||||||
ssl: true
|
ssl: true
|
||||||
sslonly: false
|
sslonly: false
|
||||||
SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
|
SSLCertificateChainFile: wildcard-2020.fedoraproject.org.intermediate.cert
|
||||||
gzip: false
|
gzip: false
|
||||||
stssubdomains: true
|
stssubdomains: true
|
||||||
# set to true to enable the proxy to redirect the http01 challenge
|
# set to true to enable the proxy to redirect the http01 challenge
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
http_port 80 accel defaultsite=kojipkgs.fedoraproject.org
|
http_port 80 accel defaultsite=kojipkgs.fedoraproject.org
|
||||||
https_port 443 accel defaultsite=kojipkgs.fedoraproject.org cert=/etc/pki/tls/certs/wildcard-2017.squid.cert key=/etc/pki/tls/private/wildcard-2017.fedoraproject.org.key cipher=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA options=NO_SSLv2,NO_SSLv3
|
https_port 443 accel defaultsite=kojipkgs.fedoraproject.org cert=/etc/pki/tls/certs/wildcard-2020.fedoraproject.org.combined.cert key=/etc/pki/tls/private/wildcard-2020.fedoraproject.org.key cipher=ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA options=NO_SSLv2,NO_SSLv3
|
||||||
|
|
||||||
cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=kojipkgs
|
cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=kojipkgs
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue