Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

pagure: Get and use a letsencrypt cert for pagure.org/stg.pagure.org

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2019-06-19 22:40:28 +00:00
parent f9508750d1
commit eeb020d7f1
2 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
roles/pagure/frontend/tasks/main.yml
View file

@ -245,6 +245,17 @@
site_name: releases.stg.pagure.org site_name: releases.stg.pagure.org
when: env == 'pagure-staging' when: env == 'pagure-staging'
- name: Letsencrypt for stg.pagure.org
include_role: name=letsencrypt
vars:
site_name: stg.pagure.org
when: env == 'pagure-staging'
- name: Letsencrypt for pagure.org
include_role: name=letsencrypt
vars:
site_name: pagure.org
- name: Install the SSL cert so that we can use https - name: Install the SSL cert so that we can use https
copy: > copy: >
src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }} src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}

23
roles/pagure/frontend/templates/0_pagure.conf
View file

@ -38,6 +38,17 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
#Redirect permanent / https://releases.pagure.org/ #Redirect permanent / https://releases.pagure.org/
{% endif %} {% endif %}
<VirtualHost *:80>
{% if env == 'pagure-staging' %}
ServerName stg.pagure.org
#Redirect permanent / https://releases.stg.pagure.org/
ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
{% else %}
ServerName pagure.org
#Redirect permanent / https://releases.pagure.org/
ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
{% endif %}
# Added until we can get the cert out # Added until we can get the cert out
DocumentRoot "/var/www/releases" DocumentRoot "/var/www/releases"
@ -119,9 +130,15 @@ WSGIDaemonProcess paguredocs user=git group=git maximum-requests=1000 display-na
# Use secure TLSv1.1 and TLSv1.2 ciphers # Use secure TLSv1.1 and TLSv1.2 ciphers
Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
SSLCertificateFile /etc/pki/tls/certs/docs.pagure.org.crt {% if env == 'pagure-staging' %}
SSLCertificateChainFile /etc/pki/tls/certs/docs.pagure.org.intermediate.crt SSLCertificateFile /etc/pki/tls/certs/stg.pagure.org.crt
SSLCertificateKeyFile /etc/pki/tls/certs/docs.pagure.org.key SSLCertificateChainFile /etc/pki/tls/certs/stg.pagure.org.intermediate.crt
SSLCertificateKeyFile /etc/pki/tls/certs/stg.pagure.org.key
{% else %}
SSLCertificateFile /etc/pki/tls/certs/pagure.org.crt
SSLCertificateChainFile /etc/pki/tls/certs/pagure.org.intermediate.crt
SSLCertificateKeyFile /etc/pki/tls/certs/pagure.org.key
{% endif %}
{% if env == 'pagure-staging' %} {% if env == 'pagure-staging' %}
Redirect permanent / https://stg.pagure.io/ Redirect permanent / https://stg.pagure.io/
{% else %} {% else %}