noc02: setup to use letsencrypt cert. Fixes ticket #8882

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
2020-05-05 10:22:37 -07:00 · 2020-05-05 10:22:37 -07:00 · 0a034c50d1
commit 0a034c50d1
parent 8ccd6841fd
2 changed files with 5 additions and 4 deletions
--- a/playbooks/groups/noc.yml
+++ b/playbooks/groups/noc.yml
@ -38,7 +38,7 @@
    service: HTTP
    host: "nagios-external{{env_suffix}}.fedoraproject.org"
    when: datacenter != 'phx2' 
-   
+  - { role: letsencrypt, site_name: 'nagios-external.fedoraproject.org', when: inventory_hostname.startswith('noc02') }

  tasks:
  - import_tasks: "{{ tasks_path }}/2fa_client.yml"
--- a/roles/nagios_server/templates/httpd/0_nagios-external.conf.j2
+++ b/roles/nagios_server/templates/httpd/0_nagios-external.conf.j2
@ -1,5 +1,6 @@
 <VirtualHost *:80>
   ServerName nagios-external.fedoraproject.org
+   ProxyPass "/.well-known/acme-challenge" "http://certgetter01/.well-known/acme-challenge"
   Redirect permanent / https://nagios-external.fedoraproject.org/
 </VirtualHost>

@ -11,7 +12,7 @@
   SSLCipherSuite {{ ssl_ciphers }}
   Header always add Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

-   SSLCertificateFile /etc/pki/tls/certs/noc02.fedoraproject.org.cert
-   SSLCertificateChainFile /etc/pki/tls/certs/noc02.fedoraproject.org.intermediate.cert
-   SSLCertificateKeyFile /etc/pki/tls/certs/noc02.fedoraproject.org.key
+   SSLCertificateFile /etc/pki/tls/certs/nagios-external.fedoraproject.org.cert
+   SSLCertificateChainFile /etc/pki/tls/certs/nagios-external.fedoraproject.org.intermediate.cert
+   SSLCertificateKeyFile /etc/pki/tls/certs/nagios-external.fedoraproject.org.key
 </VirtualHost>