Enable SSL on lists-dev

2015-08-04 09:04:59 +00:00 · 2015-08-04 09:04:59 +00:00 · d84d964972
commit d84d964972
parent d04dfc8750
3 changed files with 35 additions and 1 deletions
--- a/files/lists-dev/apache.conf.j2
+++ b/files/lists-dev/apache.conf.j2
@ -0,0 +1,17 @@
 <VirtualHost *:80>
    ServerAdmin admin@fedoraproject.org
    ServerName {{ ansible_hostname }}
 </VirtualHost>
 <VirtualHost *:443>
    ServerAdmin admin@fedoraproject.org
    ServerName {{ ansible_hostname }}
    SSLEngine on
    SSLCertificateFile    /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    #SSLCertificateChainFile /etc/pki/tls/cert.pem
    SSLHonorCipherOrder On
    SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
    SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
 </VirtualHost>
--- a/files/lists-dev/ssl.conf
+++ b/files/lists-dev/ssl.conf
@ -0,0 +1,2 @@
 LoadModule ssl_module modules/mod_ssl.so
 Listen 443
--- a/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
+++ b/playbooks/hosts/lists-dev.fedorainfracloud.org.yml
@ -34,7 +34,6 @@
  - hosts
  - apache
  - base
  - httpd/mod_ssl
  tasks:
  - include: "{{ tasks }}/postfix_basic.yml"
@ -42,6 +41,22 @@
  - include: "{{ tasks }}/motd.yml"
  - include: "{{ tasks }}/mod_wsgi.yml"
  # Basic Apache config
  - name: install mod_ssl
    yum: name=mod_ssl  state=present
  - name: copy ssl.conf
    copy: src="{{ files }}/lists-dev/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf
          owner=root group=root mode=0644
    notify:
    - restart httpd
  - name: basic apache virtualhost config
    template: src="{{ files }}/lists-dev/apache.conf.j2" dest=/etc/httpd/conf.d/lists-dev.conf
              owner=root group=root mode=0644
    notify:
    - restart httpd
  # Database
  - name: install postgresql server packages
    yum: name={{ item }}  state=present
		`@ -0,0 +1,2 @@`
							`LoadModule ssl_module modules/mod_ssl.so`
							`Listen 443`