libretic/ansible-role-reverse_proxy
7
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Prise en charge wildcard.libretic.fr

Browse source
This commit is contained in:
Navas 2024-07-28 18:04:21 +02:00
parent 00642b6ace
commit 81e56ec817
3 changed files with 55 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
files/cert_LIBRETICFR.conf Normal file
View file

@ -0,0 +1,2 @@
SSLCertificateFile /etc/ssl/certs/libretic.fr.pem
SSLCertificateKeyFile /etc/ssl/private/libretic.fr.key

43
tasks/main.yml
View file

@ -182,6 +182,49 @@
- { src: maintenance.sh, dest: /usr/local/bin/ } - { src: maintenance.sh, dest: /usr/local/bin/ }
- { src: purge-apache2-tmp.sh, dest: /usr/local/bin/ } - { src: purge-apache2-tmp.sh, dest: /usr/local/bin/ }
- name: Copie le certificat wildcard
ansible.builtin.get_url:
url: "{{ lookup('env', 'ANSIBLE_RESSOURCES_URL') }}/libretic/cert/libretic.fr/fullchain1.pem"
dest: "/etc/ssl/certs/libretic.fr.pem"
username: "{{ lookup('env', 'ANSIBLE_RESSOURCES_USER') }}"
password: "{{ lookup('env', 'ANSIBLE_RESSOURCES_PASSWORD') }}"
mode: u=rw,g=r,o=r
owner: root
group: root
notify:
- restart apache2
- name: Copie la clé du certificat wildcard
ansible.builtin.get_url:
url: "{{ lookup('env', 'ANSIBLE_RESSOURCES_URL') }}/libretic/cert/libretic.fr/privkey1.pem"
dest: "/etc/ssl/private/libretic.fr.key"
username: "{{ lookup('env', 'ANSIBLE_RESSOURCES_USER') }}"
password: "{{ lookup('env', 'ANSIBLE_RESSOURCES_PASSWORD') }}"
mode: u=rw,g=r,o=
owner: root
group: root
notify:
- restart apache2
- name: configure - dossier certs-conf
tags: configure
file:
path: /etc/apache2/certs-conf
state: directory
mode: 0660
- name: configure - certs
tags: configure
copy:
src: "{{ item }}"
dest: /etc/apache2/certs-conf/
with_items:
- cert_LIBRETICFR.conf
notify:
- restart apache2
- name: install - active apache2 - name: install - active apache2
tags: install tags: install
service: name=apache2 state=started enabled=yes service: name=apache2 state=started enabled=yes

10
templates/custom_reverse_proxy.conf
View file

@ -222,6 +222,16 @@ Use vhost_redirect_http-https $vhostFQDN
Use ProxyCommon $vhostFQDN $protoDest $urlDest $logPolicy $accessPolicy $indexingConf Use ProxyCommon $vhostFQDN $protoDest $urlDest $logPolicy $accessPolicy $indexingConf
SSLEngine on SSLEngine on
# Inclusion de la configuration de certificat spécifique (wildcard ou autre)
<Perl>
if ( $cert ne "LE" )
{
my $dir=$ENV{"$vhostFQDN"};
my $config_file="$dir/../../certs-conf/cert_$cert.conf";
print "------- Utilisation de la configuration certificat $config_file pour $vhostFQDN -------\n";
push @Include, "$config_file";
}
</Perl>
# Inclusion de la configuration additionnelle # Inclusion de la configuration additionnelle
<Perl> <Perl>