Fix some bad Apache configs, set up ability for apache to nab its keys

Getting there, step by step
This commit is contained in:
Salt 2020-02-05 22:48:21 -06:00
parent d0794d9abc
commit 230d8a2a92
2 changed files with 19 additions and 8 deletions

View File

@ -65,6 +65,13 @@
remote_src: yes remote_src: yes
dest: "{{ nextcloud_webroot }}" dest: "{{ nextcloud_webroot }}"
extra_opts: [--strip-components=1] extra_opts: [--strip-components=1]
- name: Chown webroot
file:
path: "{{ nextcloud_webroot }}"
state: directory
recurse: yes
owner: root
group: root
- name: Cleanup - name: Cleanup
file: file:
path: /var/www/nextcloud.tar.bz2 path: /var/www/nextcloud.tar.bz2
@ -75,6 +82,10 @@
loop: loop:
- "a2enmod rewrite" - "a2enmod rewrite"
- "a2enmod ssl" - "a2enmod ssl"
- name: Reload Apache
service:
name: apache2
state: reloaded
- name: Register certificates - name: Register certificates
block: block:
- name: Set up our filesystem heirarchy - name: Set up our filesystem heirarchy
@ -82,13 +93,15 @@
path: "{{ item.dir }}" path: "{{ item.dir }}"
mode: "{{ item.mode }}" mode: "{{ item.mode }}"
recurse: yes recurse: yes
owner: root
group: www-data
state: directory state: directory
loop: loop:
- { dir: "/etc/pki", mode: "0700" } - { dir: "/etc/pki", mode: "0750" }
- { dir: "/etc/pki/cert", mode: "0700" } - { dir: "/etc/pki/cert", mode: "0750" }
- { dir: "/etc/pki/cert/crt", mode: "0700" } - { dir: "/etc/pki/cert/crt", mode: "0750" }
- { dir: "/etc/pki/cert/csr", mode: "0700" } - { dir: "/etc/pki/cert/csr", mode: "0750" }
- { dir: "/etc/pki/cert/private", mode: "0700" } - { dir: "/etc/pki/cert/private", mode: "0750" }
- name: Create ACME account key - name: Create ACME account key
openssl_privatekey: openssl_privatekey:
path: "/etc/pki/cert/private/account.key" path: "/etc/pki/cert/private/account.key"

View File

@ -1,8 +1,6 @@
# Configuration for {{ nextcloud_url }} # Configuration for {{ nextcloud_url }}
# vim:ft=apache: # vim:ft=apache:
# Ensure we listen on required ports
Listen 80
Listen 443
# Listen for virtual host requests # Listen for virtual host requests
NameVirtualHost *:443 NameVirtualHost *:443
# Accept connections from non-SNI clients # Accept connections from non-SNI clients