salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Copy over SSL configs after certification, fix using the wrong keys

Browse Source
This commit is contained in:
Salt 2020-02-05 22:59:14 -06:00
parent 230d8a2a92
commit 6612541a7b
3 changed files with 41 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
roles/nextcloud/tasks/main.yml
View File

@ -34,7 +34,7 @@
- { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" } - { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" }
- name: Set up Apache - name: Set up Apache
block: block:
- name: Configure virtual host - name: Configure insecure virtual host
template: template:
src: apache2-vhost.conf src: apache2-vhost.conf
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf" dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
@ -140,10 +140,20 @@
when: com_challenge is changed when: com_challenge is changed
- name: Create certificate - name: Create certificate
acme_certificate: acme_certificate:
account_key: /etc/pki/cert/private/account.key account_key: /etc/pki/cert/private/{{ nextcloud_url }}.key
csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr" csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr"
dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt" dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt"
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt" fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt" chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt"
data: "{{ com_challenge }}" data: "{{ com_challenge }}"
- name: Secure Apache
block:
- name: Copy over secure configs
template:
src: apache2-vhost-ssl.conf
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
- name: Reload Apache
service:
name: apache2
state: reloaded
become: yes become: yes

29
roles/nextcloud/templates/apache2-vhost-ssl.conf Normal file
View File

@ -0,0 +1,29 @@
# Configuration for {{ nextcloud_url }}
# vim:ft=apache:
# Listen for virtual host requests
NameVirtualHost *:443
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Website configuration
<VirtualHost *:80>
ServerName {{ nextcloud_url }}
# Uncomment me for HTTPS redirection
# Leaving it off for now for testing
#Redirect permanent / https://{{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName {{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }}
</VirtualHost>

18
roles/nextcloud/templates/apache2-vhost.conf
View File

@ -1,11 +1,6 @@
# Configuration for {{ nextcloud_url }} # Configuration for {{ nextcloud_url }}
# vim:ft=apache: # vim:ft=apache:
# Listen for virtual host requests
NameVirtualHost *:443
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Website configuration # Website configuration
<VirtualHost *:80> <VirtualHost *:80>
ServerName {{ nextcloud_url }} ServerName {{ nextcloud_url }}
@ -14,16 +9,3 @@ SSLStrictSNIVHostCheck off
#Redirect permanent / https://{{ nextcloud_url }} #Redirect permanent / https://{{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }} DocumentRoot {{ nextcloud_webroot }}
</VirtualHost> </VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName {{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }}
</VirtualHost>