Copy over SSL configs after certification, fix using the wrong keys

This commit is contained in:
Salt 2020-02-05 22:59:14 -06:00
parent 230d8a2a92
commit 6612541a7b
3 changed files with 41 additions and 20 deletions

View File

@ -34,7 +34,7 @@
- { src: "php-cgi.ini", dest: "/etc/php/7.2/cgi/php.ini", mode: "0644" }
- name: Set up Apache
block:
- name: Configure virtual host
- name: Configure insecure virtual host
template:
src: apache2-vhost.conf
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
@ -140,10 +140,20 @@
when: com_challenge is changed
- name: Create certificate
acme_certificate:
account_key: /etc/pki/cert/private/account.key
account_key: /etc/pki/cert/private/{{ nextcloud_url }}.key
csr: "/etc/pki/cert/csr/{{ nextcloud_url }}.csr"
dest: "/etc/pki/cert/crt/{{ nextcloud_url }}.crt"
fullchain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-fullchain.crt"
chain_dest: "/etc/pki/cert/crt/{{ nextcloud_url }}-intermediate.crt"
data: "{{ com_challenge }}"
- name: Secure Apache
block:
- name: Copy over secure configs
template:
src: apache2-vhost-ssl.conf
dest: "/etc/apache2/sites-enabled/{{ nextcloud_url }}.conf"
- name: Reload Apache
service:
name: apache2
state: reloaded
become: yes

View File

@ -0,0 +1,29 @@
# Configuration for {{ nextcloud_url }}
# vim:ft=apache:
# Listen for virtual host requests
NameVirtualHost *:443
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Website configuration
<VirtualHost *:80>
ServerName {{ nextcloud_url }}
# Uncomment me for HTTPS redirection
# Leaving it off for now for testing
#Redirect permanent / https://{{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName {{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }}
</VirtualHost>

View File

@ -1,11 +1,6 @@
# Configuration for {{ nextcloud_url }}
# vim:ft=apache:
# Listen for virtual host requests
NameVirtualHost *:443
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Website configuration
<VirtualHost *:80>
ServerName {{ nextcloud_url }}
@ -14,16 +9,3 @@ SSLStrictSNIVHostCheck off
#Redirect permanent / https://{{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ nextcloud_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ nextcloud_url }}.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">\
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
ServerName {{ nextcloud_url }}
DocumentRoot {{ nextcloud_webroot }}
</VirtualHost>