Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

libravatar: preparation for libravatar.org switch

Browse source
This commit is contained in:
clime 2019-02-17 15:06:42 +01:00
parent f679a89eba
commit c29b40f141
4 changed files with 18 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
inventory/group_vars/libravatar
View file

@ -1,2 +1,4 @@
resolvconf: "resolv.conf/cloud" resolvconf: "resolv.conf/cloud"
git_branch: master git_branch: master
server_name: www.libravatar.org
server_alias: libravatar.org

2
inventory/group_vars/libravatar-stg
View file

@ -1,2 +1,4 @@
resolvconf: "resolv.conf/cloud" resolvconf: "resolv.conf/cloud"
git_branch: devel git_branch: devel
server_name: libravatar-stg.fedorainfracloud.org
server_alias: libravatar-stg.fedorainfracloud.org

4
roles/libravatar/tasks/main.yml
View file

@ -25,8 +25,8 @@
- name: configure postfix for email encryption and not relaying to bastion - name: configure postfix for email encryption and not relaying to bastion
command: "{{ item }}" command: "{{ item }}"
with_items: with_items:
- postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem' - postconf -e 'smtpd_tls_cert_file = /etc/letsencrypt/live/{{ server_name }}/fullchain.pem'
- postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem' - postconf -e 'smtpd_tls_key_file = /etc/letsencrypt/live/{{ server_name }}/privkey.pem'
- postconf -e 'smtp_use_tls = yes' - postconf -e 'smtp_use_tls = yes'
- postconf -e 'relayhost =' - postconf -e 'relayhost ='

23
roles/libravatar/templates/httpd/libravatar.conf
View file

@ -6,17 +6,18 @@ RewriteEngine on
</Directory> </Directory>
<VirtualHost *:80> <VirtualHost *:80>
ServerName {{ inventory_hostname }} ServerName {{ server_name }}
ServerAlias {{ server_alias }}
RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L] RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE] RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
</VirtualHost> </VirtualHost>
<VirtualHost *:443> <VirtualHost *:443>
ServerName {{ inventory_hostname }} ServerName {{ server_name }}
SSLCertificateFile /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
Header always add Strict-Transport-Security "max-age=31536000; preload" Header always add Strict-Transport-Security "max-age=31536000; preload"
RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L] RewriteRule ^/\.well-known/(.*) /var/www/html/.well-known/$1 [L]
@ -53,13 +54,13 @@ RewriteEngine on
</VirtualHost> </VirtualHost>
<VirtualHost *:443> <VirtualHost *:443>
SSLCertificateFile /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem SSLCertificateFile /etc/letsencrypt/live/{{ server_name }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/{{ server_name }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem SSLCertificateChainFile /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
Header always add Strict-Transport-Security "max-age=31536000; preload" Header always add Strict-Transport-Security "max-age=31536000; preload"
#ServerName {{ inventory_hostname }} ServerAlias {{ server_alias }}
#RewriteRule "^/?(.*)" "https://%{HTTP_HOST}/$1" [L,R=301,NE] RewriteRule "^/?(.*)" "https://{{ server_name }}/$1" [L,R=301,NE]
</VirtualHost> </VirtualHost>
<IfModule mod_status.c> <IfModule mod_status.c>