Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Switch java-deptools from certbot to mod_md

Browse source
This commit is contained in:
Mikolaj Izdebski 2018-10-17 20:54:48 +00:00
parent 17bff1a6ef
commit ccdce84c87
3 changed files with 5 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

1
playbooks/hosts/java-deptools.fedorainfracloud.org
View file

@ -30,7 +30,6 @@
roles:
- java-deptools
- certbot
handlers:
- import_tasks: "{{ handlers_path }}/restart_services.yml"

8
roles/java-deptools/tasks/main.yml
View file

@ -7,6 +7,7 @@
package: name={{ item }} state=present
with_items:
- httpd
- mod_md
- mod_ssl
- postgresql-server
- postgresql
@ -74,13 +75,6 @@
tags:
- service
- name: Obtain letsencrypt certificate
shell: certbot certonly -n --standalone --agree-tos -m sysadmin-koschei-members@fedoraproject.org -d {{ inventory_hostname }}
args:
creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
tags:
- config
- name: Install proxy config
template: src=proxy.conf.j2 dest=/etc/httpd/conf.d/java-deptools-proxy.conf
notify:

11
roles/java-deptools/templates/proxy.conf.j2
View file

@ -1,4 +1,8 @@
MDomain {{ inventory_hostname }}
ServerName {{ inventory_hostname }}
ServerAdmin mizdebsk@fedoraproject.org
MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
MDRequireHttps temporary
<Proxy *>
AddDefaultCharset off
@ -8,9 +12,6 @@ ServerName {{ inventory_hostname }}
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem
SSLHonorCipherOrder On
SSLCipherSuite {{ ssl_ciphers }}
SSLProtocol {{ ssl_protocols }}
@ -18,7 +19,3 @@ ServerName {{ inventory_hostname }}
ProxyPass / http://localhost:9000/
ProxyPassReverse / http://localhost:9000/
</VirtualHost>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]