From 0a4eb939bd42696bfc6120137e6e4066064ab101 Mon Sep 17 00:00:00 2001 From: Salt Date: Wed, 5 Feb 2020 22:09:35 -0600 Subject: [PATCH] Refactor variable names, get SSL ready --- ec2.yml | 4 +-- roles/nextcloud/tasks/main.yml | 36 ++++++++++---------- roles/nextcloud/templates/apache2-vhost.conf | 22 ++++++++++-- 3 files changed, 39 insertions(+), 23 deletions(-) diff --git a/ec2.yml b/ec2.yml index a0b5fe6..be6b3b5 100755 --- a/ec2.yml +++ b/ec2.yml @@ -10,8 +10,8 @@ acme_directory: "https://acme-staging-v02.api.letsencrypt.org/directory" acme_version: 2 nextcloud_tarbz2: "https://download.nextcloud.com/server/releases/nextcloud-18.0.0.tar.bz2" - website_url: "nc.assburgers.club" - website_root: "/var/www/nextcloud" + nextcloud_url: "nc.assburgers.club" + nextcloud_webroot: "/var/www/nextcloud" roles: - nextcloud - hosts: tag_role_cockpit diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 699539f..389da83 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -37,16 +37,16 @@ - name: Configure virtual host template: src: apache2-vhost.conf - dest: "/etc/apache2/sites-enabled/{{ website_url }}.conf" + dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" - name: Create webroot file: - path: "{{ website_root }}" + path: "{{ nextcloud_webroot }}" mode: "0644" recurse: yes state: directory - name: Check for existing installation stat: - path: "{{ website_root }}/index.html" + path: "{{ nextcloud_webroot }}/index.html" register: stat_webroot_index - name: Install Nextcloud block: @@ -58,7 +58,7 @@ unarchive: src: /var/www/nextcloud.tar.bz2 remote_src: yes - dest: "{{ website_root }}" + dest: "{{ nextcloud_webroot }}" extra_opts: [--strip-components=1] - name: Cleanup file: @@ -79,24 +79,24 @@ - { dir: "/etc/pki/cert/crt", mode: "0600" } - { dir: "/etc/pki/cert/csr", mode: "0600" } - { dir: "/etc/pki/cert/private", mode: "0600" } - - { dir: "/etc/pki/cert/challenge/{{ website_url }}", mode: "0600" } + - { dir: "/etc/pki/cert/challenge/{{ nextcloud_url }}", mode: "0600" } - name: Create ACME account key openssl_privatekey: path: "/etc/pki/cert/private/account.key" size: 4096 - name: Create certificate key openssl_privatekey: - path: "/etc/pki/cert/private/{{ website_url }}.key" + path: "/etc/pki/cert/private/{{ nextcloud_url }}.key" size: 4096 - name: Create CSR openssl_csr: - path: "/etc/pki/cert/csr/{{ website_url }}.csr" - common_name: "{{ website_url }}" + path: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr" + common_name: "{{ nextcloud_url }}" privatekey_path: /etc/pki/cert/private/account.key email_address: "rehashedsalt@cock.li" - name: Create well-known directory file: - path: "{{ website_root }}/.well-known/acme-challenge" + path: "{{ nextcloud_webroot }}/.well-known/acme-challenge" mode: "0644" recurse: yes state: directory @@ -107,21 +107,21 @@ terms_agreed: yes account_email: "rehashedsalt@cock.li" account_key: "/etc/pki/cert/private/account.key" - csr: "/etc/pki/cert/csr/{{ website_url }}.csr" - dest: "/etc/pki/cert/crt/{{ website_url }}.crt" - fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt" + csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr" + dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt" + fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt" register: com_challenge - name: Fulfill challenge copy: - dest: "{{ website_root }}/{{ com_challenge['challenge_data'][website_url]['http-01']['resource'] }}" - content: "{{ com_challenge['challenge_data'][website_url]['http-01']['resource_value'] }}" + dest: "{{ nextcloud_webroot }}/{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource'] }}" + content: "{{ com_challenge['challenge_data'][nextcloud_url]['http-01']['resource_value'] }}" when: com_challenge is changed - name: Create certificate acme_certificate: account_key: /etc/pki/cert/private/account.key - csr: "/etc/pki/cert/csr/{{ website_url }}.csr" - dest: "/etc/pki/cert/crt/{{ website_url }}.crt" - fullchain_dest: "/etc/pki/cert/crt/{{ website_url }}-fullchain.crt" - chain_dest: "/etc/pki/cert/crt/{{ website_url }}-intermediate.crt" + csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr" + dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt" + fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt" + chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt" data: "{{ com_challenge }}" become: yes diff --git a/roles/nextcloud/templates/apache2-vhost.conf b/roles/nextcloud/templates/apache2-vhost.conf index 022cdeb..f1151ac 100644 --- a/roles/nextcloud/templates/apache2-vhost.conf +++ b/roles/nextcloud/templates/apache2-vhost.conf @@ -1,6 +1,22 @@ -# Configuration for {{ website_url }} +# Configuration for {{ nextcloud_url }} # vim:ft=apache: +# Ensure we listen on required ports +Listen 80 +Listen 443 +# Listen for virtual host requests +NameVirtualHost *:443 +# Accept connections from non-SNI clients +SSLStrictSNIVHostCheck off + +# Website configuration - ServerName {{ website_url }} - DocumentRoot {{ website_root }} + ServerName {{ nextcloud_url }} + DocumentRoot {{ nextcloud_webroot }} + + + SSLEngine on + SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt + SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key + ServerName {{ nextcloud_url }} + DocumentRoot {{ nexcloud_webroot }}