diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index cb1419b..85d9b47 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -34,7 +34,7 @@
- { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" }
- name: Set up Apache
block:
- - name: Configure virtual host
+ - name: Configure insecure virtual host
template:
src: apache2-vhost.conf
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
@@ -140,10 +140,20 @@
when: com_challenge is changed
- name: Create certificate
acme_certificate:
- account_key: /etc/pki/cert/private/account.key
+ account_key: /etc/pki/cert/private/{{ nextcloud_url }}.key
csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr"
dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt"
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt"
data: "{{ com_challenge }}"
+ - name: Secure Apache
+ block:
+ - name: Copy over secure configs
+ template:
+ src: apache2-vhost-ssl.conf
+ dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
+ - name: Reload Apache
+ service:
+ name: apache2
+ state: reloaded
become: yes
diff --git a/roles/nextcloud/templates/apache2-vhost-ssl.conf b/roles/nextcloud/templates/apache2-vhost-ssl.conf
new file mode 100644
index 0000000..f8677c1
--- /dev/null
+++ b/roles/nextcloud/templates/apache2-vhost-ssl.conf
@@ -0,0 +1,29 @@
+# Configuration for {{ nextcloud_url }}
+# vim:ft=apache:
+
+# Listen for virtual host requests
+NameVirtualHost *:443
+# Accept connections from non-SNI clients
+SSLStrictSNIVHostCheck off
+
+# Website configuration
+
+ ServerName {{ nextcloud_url }}
+ # Uncomment me for HTTPS redirection
+ # Leaving it off for now for testing
+ #Redirect permanent / https://{{ nextcloud_url }}
+ DocumentRoot {{ nextcloud_webroot }}
+
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
+ SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
+ \
+ SSLOptions +StdEnvVars
+
+
+ SSLOptions +StdEnvVars
+
+ ServerName {{ nextcloud_url }}
+ DocumentRoot {{ nextcloud_webroot }}
+
diff --git a/roles/nextcloud/templates/apache2-vhost.conf b/roles/nextcloud/templates/apache2-vhost.conf
index f8677c1..db27ba6 100644
--- a/roles/nextcloud/templates/apache2-vhost.conf
+++ b/roles/nextcloud/templates/apache2-vhost.conf
@@ -1,11 +1,6 @@
# Configuration for {{ nextcloud_url }}
# vim:ft=apache:
-# Listen for virtual host requests
-NameVirtualHost *:443
-# Accept connections from non-SNI clients
-SSLStrictSNIVHostCheck off
-
# Website configuration
ServerName {{ nextcloud_url }}
@@ -14,16 +9,3 @@ SSLStrictSNIVHostCheck off
#Redirect permanent / https://{{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }}
-
- SSLEngine on
- SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
- SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
- \
- SSLOptions +StdEnvVars
-
-
- SSLOptions +StdEnvVars
-
- ServerName {{ nextcloud_url }}
- DocumentRoot {{ nextcloud_webroot }}
-