wip
eric
parent
cfa971eb79
commit
de88fa12b2
|
|
@ -11,7 +11,7 @@ server_name: "m.unglue.it"
|
|||
wsgi_home: "/opt/regluit/venv"
|
||||
wsgi_python_path: "/opt/regluit/venv/bin/python"
|
||||
git_repo: "https://github.com/EbookFoundation/regluit.git"
|
||||
git_branch: "master"
|
||||
git_branch: "lencrypt"
|
||||
|
||||
### Variables in settings.prod.py ###
|
||||
mysql_db_name: "{{ vault_mysql_db_name }}"
|
||||
|
|
|
|||
|
|
@ -2,12 +2,8 @@
|
|||
- name: Install apache
|
||||
become: yes
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
name: ['apache2', 'libapache2-mod-wsgi', 'cronolog']
|
||||
state: present
|
||||
with_items:
|
||||
- 'apache2'
|
||||
- 'libapache2-mod-wsgi'
|
||||
- 'cronolog'
|
||||
|
||||
- name: Ensure apache is running and enabled
|
||||
become: yes
|
||||
|
|
|
|||
|
|
@ -1,8 +1,38 @@
|
|||
---
|
||||
|
||||
- name: Make sure account exists and has given contacts. We agree to TOS.
|
||||
acme_account:
|
||||
account_key_src: certs/account-key.pem
|
||||
state: present
|
||||
terms_agreed: yes
|
||||
contact:
|
||||
- mailto: support@ebookfoundation.org
|
||||
|
||||
- name: Create a challenge for server_name using a account key file.
|
||||
acme_certificate:
|
||||
account_key_src: certs/account-key.pem
|
||||
csr: "certs/{{ server_name }}.csr"
|
||||
dest: /etc/ssl/certs/server.crt
|
||||
fullchain_dest: /etc/ssl/certs/server-fullchain.crt
|
||||
register: acme_challenge
|
||||
|
||||
- copy:
|
||||
dest: /var/www/static/lencrypt/{{ acme_challenge['challenge_data'][server_name]['http-01']['resource'] }}
|
||||
content: "{{ acme_challenge['challenge_data'][server_name]['http-01']['resource_value'] }}"
|
||||
when: acme_challenge is changed
|
||||
|
||||
- name: Create a challenge for server_name using a account key file.
|
||||
acme_certificate:
|
||||
account_key_src: certs/account-key.pem
|
||||
csr: "certs/{{ server_name }}.csr"
|
||||
dest: /etc/ssl/certs/server.crt
|
||||
fullchain_dest: /etc/ssl/certs/server-fullchain.crt"
|
||||
data: "{{ acme_challenge }}"
|
||||
|
||||
- name: Copy server key
|
||||
become: yes
|
||||
copy:
|
||||
src: certs/server.key
|
||||
src: certs/m.unglue.it.key
|
||||
dest: /etc/ssl/private/server.key
|
||||
owner: "{{ user_name }}"
|
||||
group: "{{ user_name }}"
|
||||
|
|
@ -12,28 +42,3 @@
|
|||
tags:
|
||||
- certs
|
||||
|
||||
- name: Copy STAR_unglue_it.crt
|
||||
become: yes
|
||||
copy:
|
||||
src: certs/STAR_unglue_it.crt
|
||||
dest: /etc/ssl/certs/server.crt
|
||||
owner: "{{ user_name }}"
|
||||
group: "{{ user_name }}"
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart apache
|
||||
tags:
|
||||
- certs
|
||||
|
||||
- name: Copy STAR_unglue_it.ca-bundle
|
||||
become: yes
|
||||
copy:
|
||||
src: certs/STAR_unglue_it.ca-bundle
|
||||
dest: /etc/ssl/certs/STAR_unglue_it.ca-bundle
|
||||
owner: "{{ user_name }}"
|
||||
group: "{{ user_name }}"
|
||||
mode: 0600
|
||||
notify:
|
||||
- restart apache
|
||||
tags:
|
||||
- certs
|
||||
|
|
@ -25,7 +25,7 @@ SSLProtocol All -SSLv2 -SSLv3
|
|||
|
||||
SSLCertificateFile /etc/ssl/certs/server.crt
|
||||
SSLCertificateKeyFile /etc/ssl/private/server.key
|
||||
SSLCertificateChainFile /etc/ssl/certs/STAR_unglue_it.ca-bundle
|
||||
SSLCertificateChainFile /etc/ssl/certs/server.ca-bundle
|
||||
|
||||
#SSLCertificateChainFile /etc/ssl/certs/gd_bundle.crt
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue