Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Hubs: fix letsencrypt setup

Browse source
This commit is contained in:
Aurélien Bompard 2018-01-13 10:57:21 +00:00
parent 8c05e1685b
commit d548b86bef
3 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
playbooks/hosts/hubs-dev.fedorainfracloud.org.yml
View file

@ -58,7 +58,7 @@
hubs_secret_key: demotestinghubsmachine hubs_secret_key: demotestinghubsmachine
hubs_db_type: sqlite hubs_db_type: sqlite
hubs_dev_mode: false hubs_dev_mode: false
hubs_ssl_cert: /etc/letsencrypt/live/{{ ansible_fqdn }}/cert.pem hubs_ssl_cert: /etc/letsencrypt/live/{{ ansible_fqdn }}/fullchain.pem
hubs_ssl_key: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem hubs_ssl_key: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem

2
roles/hubs/tasks/webserver.yml
View file

@ -41,7 +41,7 @@
dnf: name=python2-certbot-nginx state=present dnf: name=python2-certbot-nginx state=present
- name: get the letencrypt cert - name: get the letencrypt cert
command: certbot certonly -n --nginx -d {{ ansible_fqdn }} command: certbot certonly -n --nginx -d {{ ansible_fqdn }} --agree-tos --email admin@fedoraproject.org
args: args:
creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem creates: /etc/letsencrypt/live/{{ ansible_fqdn }}/privkey.pem
notify: notify:

2
roles/hubs/templates/nginx_ssl_params
View file

@ -1,3 +1,5 @@
ssl on; ssl on;
ssl_certificate {{ hubs_ssl_cert }}; ssl_certificate {{ hubs_ssl_cert }};
ssl_certificate_key {{ hubs_ssl_key }}; ssl_certificate_key {{ hubs_ssl_key }};
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;