Only create vHosts if certificate exists

2024-11-09 15:33:30 +01:00 · 2016-01-16 16:55:07 +01:00 · 2016-01-16 16:55:07 +01:00 · 097ddd2eb4
commit 097ddd2eb4
parent 49f6feb4d9
5 changed files with 18 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -92,6 +92,10 @@ The list of packages to be installed. This defaults to a set of platform-specifi

 Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.

+    apache_ignore_missing_ssl_certificate: true
+
+Create SSL vHosts regardless of whether their certificate exists or not. It might be handy to set this to `false` if you e.g. use Let’s encrypt, which triggers certificate generation with a running webserver. You might need to run your playbook multiple times to really get all SSL vHosts going if another part of your playbook takes care of certificate generation. (but OTOH Apache won’t complain about missing certificates anymore).
+
 ## Dependencies

 None.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -28,6 +28,8 @@ apache_vhosts_ssl: []
  #   # Optional.
  #   certificate_chain_file: "/path/to/certificate_chain.crt"

+apache_ignore_missing_ssl_certificate: true
+
 apache_ssl_protocol: "All -SSLv2 -SSLv3"
 apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"

--- a/tasks/configure-Debian.yml
+++ b/tasks/configure-Debian.yml
@ -23,6 +23,11 @@
  with_items: apache_mods_disabled
  notify: restart apache

+- name: Check whether certificates defined in vhosts exist.
+  stat: path={{ item.certificate_file }}
+  register: apache_ssl_certificates
+  with_items: apache_vhosts_ssl
+
 - name: Add apache vhosts configuration.
  template:
    src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
--- a/tasks/configure-RedHat.yml
+++ b/tasks/configure-RedHat.yml
@ -8,6 +8,11 @@
  with_items: apache_ports_configuration_items
  notify: restart apache

+- name: Check whether certificates defined in vhosts exist.
+  stat: path={{ item.certificate_file }}
+  register: apache_ssl_certificates
+  with_items: apache_vhosts_ssl
+
 - name: Add apache vhosts configuration.
  template:
    src: "vhosts-{{ apache_vhosts_version }}.conf.j2"
--- a/templates/vhosts-2.4.conf.j2
+++ b/templates/vhosts-2.4.conf.j2
@ -30,6 +30,7 @@

 {# Set up SSL VirtualHosts #}
 {% for vhost in apache_vhosts_ssl %}
+{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
 <VirtualHost *:{{ apache_listen_port_ssl }}>
  ServerName {{ vhost.servername }}
 {% if vhost.serveralias is defined %}
@ -65,4 +66,5 @@
 {% endif %}
 </VirtualHost>

+{% endif %}
 {% endfor %}