first cut at using letsencrypt cert for fpaste.org. ticket 5784

2017-04-06 20:31:39 +00:00 · 2017-04-06 20:31:39 +00:00 · 38884a1b7c
commit 38884a1b7c
parent 170270f1cb
3 changed files with 15 additions and 0 deletions
--- a/files/httpd/fpaste.org.conf
+++ b/files/httpd/fpaste.org.conf
@ -0,0 +1,2 @@
+RewriteEngine on
+RewriteRule ^/\.well-known/(.*) /srv/web/acme-challenge/.well-known/$1 [L]
--- a/playbooks/groups/proxies.yml
+++ b/playbooks/groups/proxies.yml
@ -23,9 +23,14 @@
      when: env == "staging" or "'mirrorlist-proxy' in group_names" }
  - { role: openvpn/client,
      when: env != "staging" }
+  - { role: certbot,
+      when: inventory_hostname == 'proxy01.phx2.fedoraproject.org' }
  - apache

  tasks:
+  - name: install special fpaste.conf with letsencrypt info
+    copy: src={{ files }}/files/httpd/fpaste.conf dest=/etc/httpd/conf.d/fpaste.org/fpaste.org.conf
+    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
  - include: "{{ tasks }}/yumrepos.yml"
  - include: "{{ tasks }}/2fa_client.yml"
  - include: "{{ tasks }}/motd.yml"
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@ -463,11 +463,19 @@
 #
 # Make a website here so we can redirect it to paste.fedoraproject.org
 #
+  - role: httpd/website
+    name: fpaste.org
+    server_aliases:
+    - www.fpaste.org
+    cert_name: fpaste.org
+    when: inventory_hostname == 'proxy01.phx2.fedoraproject.org'
+
  - role: httpd/website
    name: fpaste.org
    server_aliases:
    - www.fpaste.org
    cert_name: "{{wildcard_cert_name}}"
+    when: inventory_hostname != 'proxy01.phx2.fedoraproject.org'

  - role: httpd/website
    name: koji.fedoraproject.org