Install the SSL certs and redirect pagure.io to https://pagure.io

2015-05-13 15:13:35 +02:00 · 2015-05-13 15:13:35 +02:00 · cb85333343
commit cb85333343
parent 177af74f42
2 changed files with 42 additions and 0 deletions
--- a/roles/pagure/files/0_pagure.conf
+++ b/roles/pagure/files/0_pagure.conf
@ -0,0 +1,17 @@
+<VirtualHost *:80>
+   ServerName pagure.io
+   Redirect permanent / https://pagure.io/
+</VirtualHost>
+
+<VirtualHost *:443>
+   ServerName pagure.io:443
+
+   SSLEngine on
+   SSLProtocol all -SSLv2 -SSLv3
+   # Use secure TLSv1.1 and TLSv1.2 ciphers
+   Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+   SSLCertificateFile /etc/pki/tls/certs/pagure.io.cert
+   SSLCertificateChainFile /etc/pki/tls/certs/pagure.io.intermediate.cert
+   SSLCertificateKeyFile /etc/pki/tls/certs/pagure.io.key
+</VirtualHost>
--- a/roles/pagure/tasks/main.yml
+++ b/roles/pagure/tasks/main.yml
@ -151,6 +151,31 @@
  - web
  - pagure

+- name: Install the SSL cert so that we can use https
+  copy: >
+      src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
+      owner=root group=root mode=0600
+  with_items:
+  - pagure.io.cert
+  - pagure.io.key
+  - pagure.io.intermediate.cert
+  tags:
+  - config
+  - pagure
+
+- name: Install the configuration file to activate https
+  copy: >
+    src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
+    owner=root group=root mode=0644
+  with_items:
+  - 0_releasemonitoring.conf
+  tags:
+  - files
+  - config
+  - pagure
+  notify:
+  - restart apache
+
 - name: Install all the configuration files of pagure
  template: src={{ item.file }}
            dest={{ item.location }}/{{ item.file }}