diff --git a/roles/letsencrypt/defaults/main.yml b/roles/letsencrypt/defaults/main.yml new file mode 100644 index 0000000000..a7c53229af --- /dev/null +++ b/roles/letsencrypt/defaults/main.yml @@ -0,0 +1,2 @@ +--- +server_aliases: [] diff --git a/roles/pagure/frontend/tasks/main.yml b/roles/pagure/frontend/tasks/main.yml index 50d1892759..b345b9b57c 100644 --- a/roles/pagure/frontend/tasks/main.yml +++ b/roles/pagure/frontend/tasks/main.yml @@ -239,6 +239,12 @@ - web - pagure +- name: Letsencrypt for releases.stg.pagure.org + include_role: name=letsencrypt + vars: + site_name: releases.stg.pagure.org + when: env == 'pagure-staging' + - name: Install the SSL cert so that we can use https copy: > src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }} diff --git a/roles/pagure/frontend/templates/0_pagure.conf b/roles/pagure/frontend/templates/0_pagure.conf index b51d77cba2..cd10048455 100644 --- a/roles/pagure/frontend/templates/0_pagure.conf +++ b/roles/pagure/frontend/templates/0_pagure.conf @@ -32,6 +32,7 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na {% if env == 'pagure-staging' %} ServerName releases.stg.pagure.org #Redirect permanent / https://releases.stg.pagure.org/ + ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge" {% else %} ServerName releases.pagure.org #Redirect permanent / https://releases.pagure.org/ @@ -171,6 +172,13 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na DocumentRoot "/var/www/releases" {% if env == 'pagure-staging' %} ServerName releases.stg.pagure.org + SSLEngine on + SSLCertificateFile /etc/pki/tls/certs/releases.stg.pagure.org.cert + SSLCertificateKeyFile /etc/pki/tls/private/releases.stg.pagure.org.key + SSLCertificateChainFile /etc/pki/tls/certs/releases.stg.pagure.org.intermediate.cert + SSLHonorCipherOrder On + SSLProtocol {{ ssl_protocols }} + SSLCipherSuite {{ ssl_ciphers }} {% else %} ServerName releases.pagure.org {% endif %}