diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index 7f9b95d..cb1419b 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -65,6 +65,13 @@ remote_src: yes dest: "{{ nextcloud_webroot }}" extra_opts: [--strip-components=1] + - name: Chown webroot + file: + path: "{{ nextcloud_webroot }}" + state: directory + recurse: yes + owner: root + group: root - name: Cleanup file: path: /var/www/nextcloud.tar.bz2 @@ -75,6 +82,10 @@ loop: - "a2enmod rewrite" - "a2enmod ssl" + - name: Reload Apache + service: + name: apache2 + state: reloaded - name: Register certificates block: - name: Set up our filesystem heirarchy @@ -82,13 +93,15 @@ path: "{{ item.dir }}" mode: "{{ item.mode }}" recurse: yes + owner: root + group: www-data state: directory loop: - - { dir: "/etc/pki", mode: "0700" } - - { dir: "/etc/pki/cert", mode: "0700" } - - { dir: "/etc/pki/cert/crt", mode: "0700" } - - { dir: "/etc/pki/cert/csr", mode: "0700" } - - { dir: "/etc/pki/cert/private", mode: "0700" } + - { dir: "/etc/pki", mode: "0750" } + - { dir: "/etc/pki/cert", mode: "0750" } + - { dir: "/etc/pki/cert/crt", mode: "0750" } + - { dir: "/etc/pki/cert/csr", mode: "0750" } + - { dir: "/etc/pki/cert/private", mode: "0750" } - name: Create ACME account key openssl_privatekey: path: "/etc/pki/cert/private/account.key" diff --git a/roles/nextcloud/templates/apache2-vhost.conf b/roles/nextcloud/templates/apache2-vhost.conf index f6c152c..f8677c1 100644 --- a/roles/nextcloud/templates/apache2-vhost.conf +++ b/roles/nextcloud/templates/apache2-vhost.conf @@ -1,8 +1,6 @@ # Configuration for {{ nextcloud_url }} # vim:ft=apache: -# Ensure we listen on required ports -Listen 80 -Listen 443 + # Listen for virtual host requests NameVirtualHost *:443 # Accept connections from non-SNI clients