and we have a ssl-conf file

2017-06-22 23:42:13 +00:00 · 2017-06-22 23:42:13 +00:00 · 41407ad951
commit 41407ad951
parent 5d28f51f55
2 changed files with 24 additions and 0 deletions
--- a/roles/nagios_server/tasks/main.yml
+++ b/roles/nagios_server/tasks/main.yml
@ -53,6 +53,13 @@
  tags:
  - nagios_server

+- name: Install the SSL apache module
+  yum: name={{ item }} state=present
+  with_items:
+  - mod_ssl
+  when: env == "production" and nagios_location == "external"
+
+
 ## Copy over the httpd SSL certs for external
 - name: Install the SSL cert so that we can use https
  copy: >
--- a/roles/nagios_server/templates/httpd/0_nagios-external.conf
+++ b/roles/nagios_server/templates/httpd/0_nagios-external.conf
@ -0,0 +1,17 @@
+<VirtualHost *:80>
+   ServerName nagios-external.fedoraproject.org
+   Redirect permanent / https://nagios-external.fedoraproject.org/
+</VirtualHost>
+
+<VirtualHost *:443>
+   ServerName nagios-external.fedoraproject.org:443
+
+   SSLEngine on
+   SSLProtocol {{ ssl_protocols }}
+   SSLCipherSuite {{ ssl_ciphers }}
+   Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+   SSLCertificateFile /etc/pki/tls/certs/noc02.fedoraproject.org.cert
+   SSLCertificateChainFile /etc/pki/tls/certs/noc02.fedoraproject.org.intermediate.cert
+   SSLCertificateKeyFile /etc/pki/tls/certs/noc02.fedoraproject.org.key
+</VirtualHost>