Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

put chain CA cert in copr-be as well

Browse source
This commit is contained in:
Miroslav Suchý 2014-04-01 13:45:58 +00:00
parent aa38d2bfc0
commit 51d3376a86
2 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
files/copr/lighttpd/lighttpd.conf
View file

@ -449,7 +449,7 @@ server.upload-dirs = ( "/var/tmp" )
$SERVER["socket"] == ":443" { $SERVER["socket"] == ":443" {
ssl.engine = "enable" ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem" ssl.pemfile = "/etc/lighttpd/copr-be.fedoraproject.org.pem"
ssl.ca-file = "/etc/lighttpd/copr-be.fedoraproject.org.crt" ssl.ca-file = "/etc/lighttpd/DigiCertCA.crt"
ssl.disable-client-renegotiation = "enable" ssl.disable-client-renegotiation = "enable"
ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM" ssl.cipher-list = "ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM"
} }

7
playbooks/hosts/copr-be.cloud.fedoraproject.org.yml
View file

@ -114,6 +114,13 @@
tags: tags:
- config - config
- name: copy httpd ssl certificates (CAcert)
action: copy src="{{ files }}/copr/DigiCertCA.crt" dest="/etc/lighttpd/" owner=root group=root mode=0600
tags:
- config
notify:
- restart lighttpd
# mime default to text/plain and enable dirlisting for indexes # mime default to text/plain and enable dirlisting for indexes
- name: update lighttpd configs - name: update lighttpd configs
action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644 action: copy src="{{ files }}/copr/lighttpd/{{ item }}" dest="/etc/lighttpd/conf.d/{{ item }}" owner=root group=root mode=0644