From c1a240521c356528d9339ef6ce338081361d2b1f Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 22 Jan 2016 13:17:31 +0000 Subject: [PATCH] Add certs and enable SSL Signed-off-by: Patrick Uiterwijk --- roles/regcfp/files/regcfp.service | 2 +- roles/regcfp/tasks/main.yml | 15 +++++++++++++++ roles/regcfp/templates/config.json | 9 +++++---- 3 files changed, 21 insertions(+), 5 deletions(-) diff --git a/roles/regcfp/files/regcfp.service b/roles/regcfp/files/regcfp.service index 8dda387716..ea2276efc1 100644 --- a/roles/regcfp/files/regcfp.service +++ b/roles/regcfp/files/regcfp.service @@ -6,7 +6,7 @@ StandardError=syslog SyslogIdentifier=regcfp User=root Group=root -WorkinDirectory=/srv/regcfp +WorkingDirectory=/srv/regcfp Environment=NODE_ENV=production [Install] diff --git a/roles/regcfp/tasks/main.yml b/roles/regcfp/tasks/main.yml index a1ad29ac7c..0e15ddd653 100644 --- a/roles/regcfp/tasks/main.yml +++ b/roles/regcfp/tasks/main.yml @@ -26,7 +26,22 @@ template: src=config.json dest=/srv/regcfp/config/config.json mode=0640 notify: - restart regcfp + +- name: Copy over the ftf certs + copy: src="{{private}}/files/httpd/{{item}}" + dest=/etc/pki/tls/certs + with_items: + - flocktofedora.org.crt + - flocktofedora.org.intermediate.crt + notify: + - restart regcfp +- name: Copy over the ftf cert key + copy: src="{{private}}/files/httpd/flocktofedora.org.key" + dest=/etc/pki/tls/private + notify: + - restart regcfp + - name: copy over the systemd file copy: src=regcfp.service dest=/etc/systemd/system/regcfp.service mode=0640 notify: diff --git a/roles/regcfp/templates/config.json b/roles/regcfp/templates/config.json index 79f66273a6..9b3b4815d3 100644 --- a/roles/regcfp/templates/config.json +++ b/roles/regcfp/templates/config.json @@ -30,13 +30,14 @@ "port": 80 }, "https": { - "enabled": false, - "only": true, + "enabled": true, + "only": false, "url": "https://register.flocktofedora.org", "listenip": "0.0.0.0", "port": 443, - "cert": "certificate.crt", - "key": "certificate.key" + "cert": "/etc/pki/certs/flocktofedora.org.crt", + "ca": "/etc/pki/certs/flocktofedora.org.intermediate.crt", + "key": "/etc/pki/certs/flocktofedora.org.key" } },