diff --git a/playbooks/hosts/java-deptools.fedorainfracloud.org b/playbooks/hosts/java-deptools.fedorainfracloud.org index 3ef559a0d1..4a48122589 100644 --- a/playbooks/hosts/java-deptools.fedorainfracloud.org +++ b/playbooks/hosts/java-deptools.fedorainfracloud.org @@ -30,7 +30,6 @@ roles: - java-deptools - - certbot handlers: - import_tasks: "{{ handlers_path }}/restart_services.yml" diff --git a/roles/java-deptools/tasks/main.yml b/roles/java-deptools/tasks/main.yml index 80d414459b..1e7430c2dd 100644 --- a/roles/java-deptools/tasks/main.yml +++ b/roles/java-deptools/tasks/main.yml @@ -7,6 +7,7 @@ package: name={{ item }} state=present with_items: - httpd + - mod_md - mod_ssl - postgresql-server - postgresql @@ -74,13 +75,6 @@ tags: - service -- name: Obtain letsencrypt certificate - shell: certbot certonly -n --standalone --agree-tos -m sysadmin-koschei-members@fedoraproject.org -d {{ inventory_hostname }} - args: - creates: /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem - tags: - - config - - name: Install proxy config template: src=proxy.conf.j2 dest=/etc/httpd/conf.d/java-deptools-proxy.conf notify: diff --git a/roles/java-deptools/templates/proxy.conf.j2 b/roles/java-deptools/templates/proxy.conf.j2 index ef5f914d97..6b26f90f0e 100644 --- a/roles/java-deptools/templates/proxy.conf.j2 +++ b/roles/java-deptools/templates/proxy.conf.j2 @@ -1,4 +1,8 @@ +MDomain {{ inventory_hostname }} ServerName {{ inventory_hostname }} +ServerAdmin mizdebsk@fedoraproject.org +MDCertificateAgreement https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf +MDRequireHttps temporary AddDefaultCharset off @@ -8,9 +12,6 @@ ServerName {{ inventory_hostname }} SSLEngine on - SSLCertificateFile /etc/letsencrypt/live/{{ inventory_hostname }}/cert.pem - SSLCertificateKeyFile /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem - SSLCertificateChainFile /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem SSLHonorCipherOrder On SSLCipherSuite {{ ssl_ciphers }} SSLProtocol {{ ssl_protocols }} @@ -18,7 +19,3 @@ ServerName {{ inventory_hostname }} ProxyPass / http://localhost:9000/ ProxyPassReverse / http://localhost:9000/ - -RewriteEngine On -RewriteCond %{HTTPS} off -RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]