source: darkpeak-services/roles/apache2/tasks/configure-apache-site.yml @ 04d89726

keycloak
Last change on this file since 04d89726 was 04d89726, checked in by Mat Booth <mat.booth@…>, 2 years ago

Workaround certificate requisition problem when domain is null

  • Property mode set to 100644
File size: 2.5 KB
Line 
1- name: Create site directories
2  file:
3    state: directory
4    path:  "{{ item.path }}"
5    group: "{{ item.group }}"
6    owner: "{{ item.owner }}"
7    mode:  "{{ item.mode }}"
8  with_items:
9    - { path: '/var/log/apache2/{{ service_name }}', group: 'adm', owner: 'www-data', mode: '0750' }
10    - { path: '{{ web_root }}', group: 'www-data', owner: 'root', mode: '0751' }
11  notify:
12    - reload apache2
13
14- name: Configure a TLS certificate for this site
15  include: ../../tls/tasks/configure-tls-cert.yml
16
17# The default vhost *must* be the first lexigraphically, so for the default service
18# we add a filename prefix of '0-' to ensure that is the case
19
20- name: Install vhost
21  template:
22    src: ../../apache2/templates/apache.vhost.conf.j2
23    dest: "/etc/apache2/sites-available/{{ '0-default' if service_name == 'default' else service_name }}.conf"
24    owner: root
25    group: root
26    mode: 0644
27  register: vhost_config
28
29- name: Enable vhost
30  file:
31    src: "/etc/apache2/sites-available/{{ '0-default' if service_name == 'default' else service_name }}.conf"
32    dest: "/etc/apache2/sites-enabled/{{ '0-default' if service_name == 'default' else service_name }}.conf"
33    state: link
34
35# This file is supplied by the calling role, and included in the apache configuration
36# by the above vhost file
37
38- name: Install custom site config
39  template:
40    src: apache.incl.conf.j2
41    dest: "/etc/apache2/includes/{{ service_name }}.incl.conf"
42    owner: root
43    group: root
44    mode: 0644
45  notify:
46    - reload apache2
47
48# We want to reload apache config _now_ instead of waiting for the notify
49# task to run so we can request certificates using certbot and have the
50# appropriate apache config in place for verification
51- name: Reload apache now if vhost config changed
52  service:
53    name: apache2
54    state: reloaded
55  when: vhost_config is changed
56
57- name: Check to see if a valid letsencrypt live directory is present
58  stat:
59    path: "/etc/letsencrypt/live/{{ domain }}/README"
60  register: letsencrypt_live
61  when:
62    - vhost_config is changed
63    - domain != ""
64
65- name: Remove letsencrypt live directory if it's not valid
66  file:
67    path: "/etc/letsencrypt/live/{{ domain }}"
68    state: absent
69  when:
70    - not letsencrypt_live.stat.exists
71    - development_mode != true
72    - domain != ""
73
74- name: Request letsencrypt certificate via certbot
75  command: "certbot certonly --non-interactive -m certificate@darkpeak.org --agree-tos --webroot -w /usr/share/certbot -d \"{{ domain }}\""
76  when:
77    - development_mode != true
78    - domain != ""
79 
Note: See TracBrowser for help on using the repository browser.