Add simple redirect role

And furnish that one, too
This commit is contained in:
Salt 2020-02-11 04:16:57 -06:00
parent 18627fbf39
commit 728a6e4771
5 changed files with 86 additions and 0 deletions

View File

@ -38,3 +38,8 @@
gitweb_repo: "https://gitlab.com/rehashedsalt/assburgers" gitweb_repo: "https://gitlab.com/rehashedsalt/assburgers"
gitweb_url: "www.assburgers.club" gitweb_url: "www.assburgers.club"
gitweb_webroot: "/var/www/assburgers" gitweb_webroot: "/var/www/assburgers"
- role: redirect
vars:
redirect_from: "assburgers.club"
redirect_to: "www.assburgers.club"
redirect_webroot: "/var/www/redirect"

View File

@ -0,0 +1,4 @@
---
allow_duplicates: yes
dependencies:
- role: apache-php

View File

@ -0,0 +1,45 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Set up redirect
block:
- name: Set up Apache
block:
# Why does a redirect need a webroot?
# Answer: SSL certification
- name: Create webroot
file:
path: "{{ redirect_webroot }}"
mode: "0755"
recurse: yes
state: directory
- name: Clone repo
git:
repo: "{{ redirect_repo }}"
dest: "{{ redirect_webroot }}"
force: yes
- name: Register certificates
block:
- name: Configure temporary virtual host configs
template:
src: apache2-vhost.conf
dest: "/etc/apache2/sites-enabled/{{ redirect_url }}.conf"
- name: Generate certificate
include_role:
name: https
vars:
website_url: "{{ redirect_url }}"
website_webroot: "{{ redirect_webroot }}"
- name: Configure Apache
block:
# If we copied over http-only configs before, they get oblooterated now
- name: Copy over redirect config
template:
src: apache2-redirect.conf
dest: "/etc/apache2/sites-enabled/{{ redirect_url }}.conf"
- name: Reload Apache
service:
name: apache2
state: reloaded
enabled: true
become: yes

View File

@ -0,0 +1,20 @@
# Configuration for {{ redirect_url }}
# Redirect to {{ redirect_to }}
# vim:ft=apache:
# Accept connections from non-SNI clients
SSLStrictSNIVHostCheck off
# Website configuration
<VirtualHost *:80>
ServerName {{ redirect_from }}
Redirect permanent / https://{{ redirect_to }}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/cert/crt/{{ redirect_url }}.crt
SSLCertificateKeyFile /etc/pki/cert/private/{{ redirect_url }}.key
SSLCertificateChainFile /etc/pki/cert/crt/{{ redirect_url}}-fullchain.crt
ServerName {{ redirect_url }}
Redirect permanent / https://{{ redirect_to }}
</VirtualHost>

View File

@ -0,0 +1,12 @@
# vim:ft=apache:
# Website configuration
<VirtualHost *:80>
ServerName {{ redirect_from }}
DocumentRoot {{ redirect_webroot }}
<Directory "{{ redirect_webroot }}">
Require all granted
AllowOverride All
Options MultiViews FollowSymlinks
</Directory>
</VirtualHost>