From 6612541a7b5b8e8813a0ab7bb4276e8599702101 Mon Sep 17 00:00:00 2001 From: Salt Date: Wed, 5 Feb 2020 22:59:14 -0600 Subject: [PATCH] Copy over SSL configs after certification, fix using the wrong keys --- roles/nextcloud/tasks/main.yml | 14 +++++++-- .../templates/apache2-vhost-ssl.conf | 29 +++++++++++++++++++ roles/nextcloud/templates/apache2-vhost.conf | 18 ------------ 3 files changed, 41 insertions(+), 20 deletions(-) create mode 100644 roles/nextcloud/templates/apache2-vhost-ssl.conf diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml index cb1419b..85d9b47 100644 --- a/roles/nextcloud/tasks/main.yml +++ b/roles/nextcloud/tasks/main.yml @@ -34,7 +34,7 @@ - { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" } - name: Set up Apache block: - - name: Configure virtual host + - name: Configure insecure virtual host template: src: apache2-vhost.conf dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" @@ -140,10 +140,20 @@ when: com_challenge is changed - name: Create certificate acme_certificate: - account_key: /etc/pki/cert/private/account.key + account_key: /etc/pki/cert/private/{{ nextcloud_url }}.key csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr" dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt" fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt" chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt" data: "{{ com_challenge }}" + - name: Secure Apache + block: + - name: Copy over secure configs + template: + src: apache2-vhost-ssl.conf + dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" + - name: Reload Apache + service: + name: apache2 + state: reloaded become: yes diff --git a/roles/nextcloud/templates/apache2-vhost-ssl.conf b/roles/nextcloud/templates/apache2-vhost-ssl.conf new file mode 100644 index 0000000..f8677c1 --- /dev/null +++ b/roles/nextcloud/templates/apache2-vhost-ssl.conf @@ -0,0 +1,29 @@ +# Configuration for {{ nextcloud_url }} +# vim:ft=apache: + +# Listen for virtual host requests +NameVirtualHost *:443 +# Accept connections from non-SNI clients +SSLStrictSNIVHostCheck off + +# Website configuration + + ServerName {{ nextcloud_url }} + # Uncomment me for HTTPS redirection + # Leaving it off for now for testing + #Redirect permanent / https://{{ nextcloud_url }} + DocumentRoot {{ nextcloud_webroot }} + + + SSLEngine on + SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt + SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key + \ + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + ServerName {{ nextcloud_url }} + DocumentRoot {{ nextcloud_webroot }} + diff --git a/roles/nextcloud/templates/apache2-vhost.conf b/roles/nextcloud/templates/apache2-vhost.conf index f8677c1..db27ba6 100644 --- a/roles/nextcloud/templates/apache2-vhost.conf +++ b/roles/nextcloud/templates/apache2-vhost.conf @@ -1,11 +1,6 @@ # Configuration for {{ nextcloud_url }} # vim:ft=apache: -# Listen for virtual host requests -NameVirtualHost *:443 -# Accept connections from non-SNI clients -SSLStrictSNIVHostCheck off - # Website configuration ServerName {{ nextcloud_url }} @@ -14,16 +9,3 @@ SSLStrictSNIVHostCheck off #Redirect permanent / https://{{ nextcloud_url }} DocumentRoot {{ nextcloud_webroot }} - - SSLEngine on - SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt - SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key - \ - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - ServerName {{ nextcloud_url }} - DocumentRoot {{ nextcloud_webroot }} -