Changeset 8fab56d2 in darkpeak-services


Ignore:
Timestamp:
Jul 21, 2018, 1:31:05 PM (2 years ago)
Author:
Mat Booth <mat.booth@…>
Branches:
ansible, keycloak, master, matrix, pleroma
Children:
b907c119
Parents:
7b5eabdf
git-author:
Mat Booth <mat.booth@…> (07/21/18 13:29:59)
git-committer:
Mat Booth <mat.booth@…> (07/21/18 13:31:05)
Message:

Refs #7 - Refactor to allow each service to have its own cert

Precursor to letsencrypt

Location:
roles
Files:
2 deleted
4 edited
1 moved

Legend:

Unmodified
Added
Removed
  • roles/apache2/tasks/configure-apache-site.yml

    r7b5eabdf r8fab56d2  
    1111  notify:
    1212    - reload apache2
     13
     14- name: Configure a TLS certificate for this site
     15  include: ../../tls/tasks/configure-tls-cert.yml
    1316
    1417# The default vhost *must* be the first lexigraphically, so for the default service
     
    4548  notify:
    4649    - reload apache2
     50
  • roles/apache2/templates/apache.vhost.conf.j2

    r7b5eabdf r8fab56d2  
    3030                #   If both key and certificate are stored in the same file, only the
    3131                #   SSLCertificateFile directive is needed.
    32                 SSLCertificateFile /etc/ssl/private/server.pem
    33                 #SSLCertificateKeyFile /etc/ssl/private/server.key
     32{% if service_name == 'default' %}
     33                SSLCertificateFile /etc/ssl/private/{{ domain_name }}.pem
     34                #SSLCertificateKeyFile /etc/ssl/private/{{ domain_name }}.key
     35{% else %}
     36                SSLCertificateFile /etc/ssl/private/{{ domain }}.pem
     37                #SSLCertificateKeyFile /etc/ssl/private/{{ domain }}.key
     38{% endif %}
    3439
    3540                #   Server Certificate Chain:
  • roles/tls/tasks/configure-tls-cert.yml

    r7b5eabdf r8fab56d2  
    1717    mode: 0710
    1818
    19 - name: Install server TLS certificate
     19- name: Install server TLS certificate for default domain
    2020  copy:
    21     src: "ssl/{{ domain_name }}.pem"
    22     dest: /etc/ssl/private/server.pem
     21    src: "../../tls/files/ssl/{{ domain_name }}.pem"
     22    dest: /etc/ssl/private/{{ domain_name }}.pem
    2323    owner: root
    2424    group: ssl-cert
    2525    mode: 0640
     26  when:
     27    - service_name == 'default'
     28
     29- name: Install server TLS certificate for service-specific domain
     30  copy:
     31    src: "../../tls/files/ssl/{{ domain_name }}.pem"
     32    dest: /etc/ssl/private/{{ domain }}.pem
     33    owner: root
     34    group: ssl-cert
     35    mode: 0640
     36  when:
     37    - service_name != 'default'
     38
  • roles/znc/meta/main.yml

    r7b5eabdf r8fab56d2  
    11dependencies:
    2   - role: tls
    32  - role: sssd
    43  - role: apache2
  • roles/znc/templates/znc.conf.j2

    r7b5eabdf r8fab56d2  
    1212LoadModule = cyrusauth saslauthd
    1313LoadModule = webadmin
    14 SSLCertFile = /etc/ssl/private/server.pem
     14SSLCertFile = /etc/ssl/private/{{ domain }}.pem
    1515Version = 1.6.0
    1616
Note: See TracChangeset for help on using the changeset viewer.