From cb85333343b3d014517c9812eb2947db951395cb Mon Sep 17 00:00:00 2001 From: Pierre-Yves Chibon Date: Wed, 13 May 2015 15:13:35 +0200 Subject: [PATCH] Install the SSL certs and redirect pagure.io to https://pagure.io --- roles/pagure/files/0_pagure.conf | 17 +++++++++++++++++ roles/pagure/tasks/main.yml | 25 +++++++++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 roles/pagure/files/0_pagure.conf diff --git a/roles/pagure/files/0_pagure.conf b/roles/pagure/files/0_pagure.conf new file mode 100644 index 0000000000..7e2c0bd045 --- /dev/null +++ b/roles/pagure/files/0_pagure.conf @@ -0,0 +1,17 @@ + + ServerName pagure.io + Redirect permanent / https://pagure.io/ + + + + ServerName pagure.io:443 + + SSLEngine on + SSLProtocol all -SSLv2 -SSLv3 + # Use secure TLSv1.1 and TLSv1.2 ciphers + Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" + + SSLCertificateFile /etc/pki/tls/certs/pagure.io.cert + SSLCertificateChainFile /etc/pki/tls/certs/pagure.io.intermediate.cert + SSLCertificateKeyFile /etc/pki/tls/certs/pagure.io.key + diff --git a/roles/pagure/tasks/main.yml b/roles/pagure/tasks/main.yml index 70c1ab2271..337eb721ff 100644 --- a/roles/pagure/tasks/main.yml +++ b/roles/pagure/tasks/main.yml @@ -151,6 +151,31 @@ - web - pagure +- name: Install the SSL cert so that we can use https + copy: > + src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }} + owner=root group=root mode=0600 + with_items: + - pagure.io.cert + - pagure.io.key + - pagure.io.intermediate.cert + tags: + - config + - pagure + +- name: Install the configuration file to activate https + copy: > + src={{ item }} dest=/etc/httpd/conf.d/{{ item }} + owner=root group=root mode=0644 + with_items: + - 0_releasemonitoring.conf + tags: + - files + - config + - pagure + notify: + - restart apache + - name: Install all the configuration files of pagure template: src={{ item.file }} dest={{ item.location }}/{{ item.file }}