libravatar: preparation for libravatar.org switch

2019-02-17 15:06:42 +01:00 · 2019-02-17 15:06:42 +01:00 · c29b40f141
commit c29b40f141
parent f679a89eba
4 changed files with 18 additions and 13 deletions
--- a/inventory/group_vars/libravatar
+++ b/inventory/group_vars/libravatar
@ -1,2 +1,4 @@
 resolvconf: "resolv.conf/cloud"
 git_branch: master
+server_name: www.libravatar.org
+server_alias: libravatar.org
--- a/inventory/group_vars/libravatar-stg
+++ b/inventory/group_vars/libravatar-stg
@ -1,2 +1,4 @@
 resolvconf: "resolv.conf/cloud"
 git_branch: devel
+server_name: libravatar-stg.fedorainfracloud.org
+server_alias: libravatar-stg.fedorainfracloud.org
--- a/roles/libravatar/tasks/main.yml
+++ b/roles/libravatar/tasks/main.yml
@ -25,8 +25,8 @@
 - name: configure postfix for email encryption and not relaying to bastion
  command: "{{ item }}"
  with_items:
-  - postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem'
-  - postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem'
+  - postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/{{ server_name }}/fullchain.pem'
+  - postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/{{ server_name }}/privkey.pem'
  - postconf -e 'smtp_use_tls = yes'
  - postconf -e 'relayhost ='

--- a/roles/libravatar/templates/httpd/libravatar.conf
+++ b/roles/libravatar/templates/httpd/libravatar.conf
@ -6,17 +6,18 @@ RewriteEngine on
 </Directory>

 <VirtualHost *:80>
-    ServerName {{ inventory_hostname }}
+    ServerName  {{ server_name }}
+    ServerAlias {{ server_alias }}
    RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
-    RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
+    RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
 </VirtualHost>

 <VirtualHost *:443>
-    ServerName {{ inventory_hostname }}
+    ServerName {{ server_name }}

-    SSLCertificateFile    /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
-    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
+    SSLCertificateFile    /etc/letsencrypt/live/{{ server_name }}/cert.pem
+    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ server_name }}/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
    Header always add Strict-Transport-Security "max-age=31536000; preload"

    RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
@ -53,13 +54,13 @@ RewriteEngine on
 </VirtualHost>

 <VirtualHost *:443>
-    SSLCertificateFile    /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
-    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
-    SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
+    SSLCertificateFile    /etc/letsencrypt/live/{{ server_name }}/cert.pem
+    SSLCertificateKeyFile  /etc/letsencrypt/live/{{ server_name }}/privkey.pem
+    SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
    Header always add Strict-Transport-Security "max-age=31536000; preload"

-    #ServerName {{ inventory_hostname }}
-    #RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE]
+    ServerAlias {{ server_alias }}
+    RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
 </VirtualHost>

 <IfModule mod_status.c>