Enable SSL on lists-dev
This commit is contained in:
Aurélien Bompard
parent
d04dfc8750
commit
d84d964972
3 changed files with 35 additions and 1 deletions
17
files/lists-dev/apache.conf.j2
Normal file
17
files/lists-dev/apache.conf.j2
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
<VirtualHost *:80>
|
||||
ServerAdmin admin@fedoraproject.org
|
||||
ServerName {{ ansible_hostname }}
|
||||
</VirtualHost>
|
||||
<VirtualHost *:443>
|
||||
ServerAdmin admin@fedoraproject.org
|
||||
ServerName {{ ansible_hostname }}
|
||||
|
||||
SSLEngine on
|
||||
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
|
||||
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
|
||||
#SSLCertificateChainFile /etc/pki/tls/cert.pem
|
||||
SSLHonorCipherOrder On
|
||||
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
|
||||
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
|
||||
</VirtualHost>
|
||||
|
||||
2
files/lists-dev/ssl.conf
Normal file
2
files/lists-dev/ssl.conf
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
LoadModule ssl_module modules/mod_ssl.so
|
||||
Listen 443
|
||||
|
|
@ -34,7 +34,6 @@
|
|||
- hosts
|
||||
- apache
|
||||
- base
|
||||
- httpd/mod_ssl
|
||||
|
||||
tasks:
|
||||
- include: "{{ tasks }}/postfix_basic.yml"
|
||||
|
|
@ -42,6 +41,22 @@
|
|||
- include: "{{ tasks }}/motd.yml"
|
||||
- include: "{{ tasks }}/mod_wsgi.yml"
|
||||
|
||||
# Basic Apache config
|
||||
- name: install mod_ssl
|
||||
yum: name=mod_ssl state=present
|
||||
|
||||
- name: copy ssl.conf
|
||||
copy: src="{{ files }}/lists-dev/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf
|
||||
owner=root group=root mode=0644
|
||||
notify:
|
||||
- restart httpd
|
||||
|
||||
- name: basic apache virtualhost config
|
||||
template: src="{{ files }}/lists-dev/apache.conf.j2" dest=/etc/httpd/conf.d/lists-dev.conf
|
||||
owner=root group=root mode=0644
|
||||
notify:
|
||||
- restart httpd
|
||||
|
||||
# Database
|
||||
- name: install postgresql server packages
|
||||
yum: name={{ item }} state=present
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue