Fix some bad Apache configs, set up ability for apache to nab its keys
Getting there, step by step
This commit is contained in:
parent
d0794d9abc
commit
230d8a2a92
@ -65,6 +65,13 @@
|
||||
remote_src: yes
|
||||
dest: "{{ nextcloud_webroot }}"
|
||||
extra_opts: [--strip-components=1]
|
||||
- name: Chown webroot
|
||||
file:
|
||||
path: "{{ nextcloud_webroot }}"
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: root
|
||||
group: root
|
||||
- name: Cleanup
|
||||
file:
|
||||
path: /var/www/nextcloud.tar.bz2
|
||||
@ -75,6 +82,10 @@
|
||||
loop:
|
||||
- "a2enmod rewrite"
|
||||
- "a2enmod ssl"
|
||||
- name: Reload Apache
|
||||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
- name: Register certificates
|
||||
block:
|
||||
- name: Set up our filesystem heirarchy
|
||||
@ -82,13 +93,15 @@
|
||||
path: "{{ item.dir }}"
|
||||
mode: "{{ item.mode }}"
|
||||
recurse: yes
|
||||
owner: root
|
||||
group: www-data
|
||||
state: directory
|
||||
loop:
|
||||
- { dir: "/etc/pki", mode: "0700" }
|
||||
- { dir: "/etc/pki/cert", mode: "0700" }
|
||||
- { dir: "/etc/pki/cert/crt", mode: "0700" }
|
||||
- { dir: "/etc/pki/cert/csr", mode: "0700" }
|
||||
- { dir: "/etc/pki/cert/private", mode: "0700" }
|
||||
- { dir: "/etc/pki", mode: "0750" }
|
||||
- { dir: "/etc/pki/cert", mode: "0750" }
|
||||
- { dir: "/etc/pki/cert/crt", mode: "0750" }
|
||||
- { dir: "/etc/pki/cert/csr", mode: "0750" }
|
||||
- { dir: "/etc/pki/cert/private", mode: "0750" }
|
||||
- name: Create ACME account key
|
||||
openssl_privatekey:
|
||||
path: "/etc/pki/cert/private/account.key"
|
||||
|
@ -1,8 +1,6 @@
|
||||
# Configuration for {{ nextcloud_url }}
|
||||
# vim:ft=apache:
|
||||
# Ensure we listen on required ports
|
||||
Listen 80
|
||||
Listen 443
|
||||
|
||||
# Listen for virtual host requests
|
||||
NameVirtualHost *:443
|
||||
# Accept connections from non-SNI clients
|
||||
|
Loading…
Reference in New Issue
Block a user