pagure: Get and use a letsencrypt cert for pagure.org/stg.pagure.org

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2019-06-19 22:40:28 +00:00 · 2019-06-19 22:40:28 +00:00 · eeb020d7f1
commit eeb020d7f1
parent f9508750d1
2 changed files with 31 additions and 3 deletions
--- a/roles/pagure/frontend/tasks/main.yml
+++ b/roles/pagure/frontend/tasks/main.yml
@ -245,6 +245,17 @@
    site_name: releases.stg.pagure.org
  when: env == 'pagure-staging'

+- name: Letsencrypt for stg.pagure.org
+  include_role: name=letsencrypt
+  vars:
+    site_name: stg.pagure.org
+  when: env == 'pagure-staging'
+
+- name: Letsencrypt for pagure.org
+  include_role: name=letsencrypt
+  vars:
+    site_name: pagure.org
+
 - name: Install the SSL cert so that we can use https
  copy: >
      src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
--- a/roles/pagure/frontend/templates/0_pagure.conf
+++ b/roles/pagure/frontend/templates/0_pagure.conf
@ -38,6 +38,17 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
  #Redirect permanent / https://releases.pagure.org/
 {% endif %}

+<VirtualHost *:80>
+{% if env == 'pagure-staging' %}
+  ServerName stg.pagure.org
+  #Redirect permanent / https://releases.stg.pagure.org/
+  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
+{% else %}
+  ServerName pagure.org
+  #Redirect permanent / https://releases.pagure.org/
+  ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
+{% endif %}
+
 # Added until we can get the cert out
  DocumentRoot "/var/www/releases"

@ -119,9 +130,15 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
  # Use secure TLSv1.1 and TLSv1.2 ciphers
  Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

-  SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt
-  SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt
-  SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key
+{% if env == 'pagure-staging' %}
+  SSLCertificateFile /etc/pki/tls/certs/stg.pagure.org.crt
+  SSLCertificateChainFile /etc/pki/tls/certs/stg.pagure.org.intermediate.crt
+  SSLCertificateKeyFile /etc/pki/tls/certs/stg.pagure.org.key
+{% else %}
+  SSLCertificateFile /etc/pki/tls/certs/pagure.org.crt
+  SSLCertificateChainFile /etc/pki/tls/certs/pagure.org.intermediate.crt
+  SSLCertificateKeyFile /etc/pki/tls/certs/pagure.org.key
+{% endif %}
 {% if env == 'pagure-staging' %}
  Redirect permanent / https://stg.pagure.io/
 {% else %}