From 728a6e4771c2ae878f61cc71012b399fc2672ae4 Mon Sep 17 00:00:00 2001 From: Salt Date: Tue, 11 Feb 2020 04:16:57 -0600 Subject: [PATCH] Add simple redirect role And furnish that one, too --- ec2.yml | 5 +++ roles/redirect/meta/main.yml | 4 ++ roles/redirect/tasks/main.yml | 45 +++++++++++++++++++ .../redirect/templates/apache2-redirect.conf | 20 +++++++++ roles/redirect/templates/apache2-vhost.conf | 12 +++++ 5 files changed, 86 insertions(+) create mode 100644 roles/redirect/meta/main.yml create mode 100644 roles/redirect/tasks/main.yml create mode 100644 roles/redirect/templates/apache2-redirect.conf create mode 100644 roles/redirect/templates/apache2-vhost.conf diff --git a/ec2.yml b/ec2.yml index bb54376..a844a9b 100755 --- a/ec2.yml +++ b/ec2.yml @@ -38,3 +38,8 @@ gitweb_repo: "https://gitlab.com/rehashedsalt/assburgers" gitweb_url: "www.assburgers.club" gitweb_webroot: "/var/www/assburgers" + - role: redirect + vars: + redirect_from: "assburgers.club" + redirect_to: "www.assburgers.club" + redirect_webroot: "/var/www/redirect" diff --git a/roles/redirect/meta/main.yml b/roles/redirect/meta/main.yml new file mode 100644 index 0000000..f24d2df --- /dev/null +++ b/roles/redirect/meta/main.yml @@ -0,0 +1,4 @@ +--- +allow_duplicates: yes +dependencies: + - role: apache-php diff --git a/roles/redirect/tasks/main.yml b/roles/redirect/tasks/main.yml new file mode 100644 index 0000000..ac314f0 --- /dev/null +++ b/roles/redirect/tasks/main.yml @@ -0,0 +1,45 @@ +#!/usr/bin/ansible-playbook +# vim:ft=ansible: +--- +- name: Set up redirect + block: + - name: Set up Apache + block: + # Why does a redirect need a webroot? + # Answer: SSL certification + - name: Create webroot + file: + path: "{{ redirect_webroot }}" + mode: "0755" + recurse: yes + state: directory + - name: Clone repo + git: + repo: "{{ redirect_repo }}" + dest: "{{ redirect_webroot }}" + force: yes + - name: Register certificates + block: + - name: Configure temporary virtual host configs + template: + src: apache2-vhost.conf + dest: "/etc/apache2/sites-enabled/{{ redirect_url }}.conf" + - name: Generate certificate + include_role: + name: https + vars: + website_url: "{{ redirect_url }}" + website_webroot: "{{ redirect_webroot }}" + - name: Configure Apache + block: + # If we copied over http-only configs before, they get oblooterated now + - name: Copy over redirect config + template: + src: apache2-redirect.conf + dest: "/etc/apache2/sites-enabled/{{ redirect_url }}.conf" + - name: Reload Apache + service: + name: apache2 + state: reloaded + enabled: true + become: yes diff --git a/roles/redirect/templates/apache2-redirect.conf b/roles/redirect/templates/apache2-redirect.conf new file mode 100644 index 0000000..79564ce --- /dev/null +++ b/roles/redirect/templates/apache2-redirect.conf @@ -0,0 +1,20 @@ +# Configuration for {{ redirect_url }} +# Redirect to {{ redirect_to }} +# vim:ft=apache: + +# Accept connections from non-SNI clients +SSLStrictSNIVHostCheck off + +# Website configuration + + ServerName {{ redirect_from }} + Redirect permanent / https://{{ redirect_to }} + + + SSLEngine on + SSLCertificateFile /etc/pki/cert/crt/{{ redirect_url }}.crt + SSLCertificateKeyFile /etc/pki/cert/private/{{ redirect_url }}.key + SSLCertificateChainFile /etc/pki/cert/crt/{{ redirect_url}}-fullchain.crt + ServerName {{ redirect_url }} + Redirect permanent / https://{{ redirect_to }} + diff --git a/roles/redirect/templates/apache2-vhost.conf b/roles/redirect/templates/apache2-vhost.conf new file mode 100644 index 0000000..26662f4 --- /dev/null +++ b/roles/redirect/templates/apache2-vhost.conf @@ -0,0 +1,12 @@ +# vim:ft=apache: + +# Website configuration + + ServerName {{ redirect_from }} + DocumentRoot {{ redirect_webroot }} + + Require all granted + AllowOverride All + Options MultiViews FollowSymlinks + +