Prise en charge wildcard.libretic.fr

2024-07-28 18:04:21 +02:00 · 2024-07-28 18:04:21 +02:00 · 81e56ec817
commit 81e56ec817
parent 00642b6ace
3 changed files with 55 additions and 0 deletions
--- a/files/cert_LIBRETICFR.conf
+++ b/files/cert_LIBRETICFR.conf
@ -0,0 +1,2 @@
+SSLCertificateFile /etc/ssl/certs/libretic.fr.pem
+SSLCertificateKeyFile /etc/ssl/private/libretic.fr.key
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -182,6 +182,49 @@
    - { src: maintenance.sh, dest: /usr/local/bin/ }
    - { src: purge-apache2-tmp.sh, dest: /usr/local/bin/ }

+
+- name: Copie le certificat wildcard
+  ansible.builtin.get_url:
+    url: "{{ lookup('env', 'ANSIBLE_RESSOURCES_URL') }}/libretic/cert/libretic.fr/fullchain1.pem"
+    dest: "/etc/ssl/certs/libretic.fr.pem"
+    username: "{{ lookup('env', 'ANSIBLE_RESSOURCES_USER') }}"
+    password: "{{ lookup('env', 'ANSIBLE_RESSOURCES_PASSWORD') }}"
+    mode: u=rw,g=r,o=r
+    owner: root
+    group: root
+  notify:
+    - restart apache2
+
+- name: Copie la clé du certificat wildcard
+  ansible.builtin.get_url:
+    url: "{{ lookup('env', 'ANSIBLE_RESSOURCES_URL') }}/libretic/cert/libretic.fr/privkey1.pem"
+    dest: "/etc/ssl/private/libretic.fr.key"
+    username: "{{ lookup('env', 'ANSIBLE_RESSOURCES_USER') }}"
+    password: "{{ lookup('env', 'ANSIBLE_RESSOURCES_PASSWORD') }}"
+    mode: u=rw,g=r,o=
+    owner: root
+    group: root
+  notify:
+    - restart apache2
+
+- name: configure - dossier certs-conf
+  tags: configure
+  file:
+    path: /etc/apache2/certs-conf
+    state: directory
+    mode: 0660
+
+- name: configure - certs
+  tags: configure
+  copy:
+    src: "{{ item }}"
+    dest: /etc/apache2/certs-conf/
+  with_items:
+    - cert_LIBRETICFR.conf
+  notify:
+    - restart apache2
+
+
 - name: install - active apache2
  tags: install
  service: name=apache2 state=started enabled=yes
--- a/templates/custom_reverse_proxy.conf
+++ b/templates/custom_reverse_proxy.conf
@ -222,6 +222,16 @@ Use vhost_redirect_http-https $vhostFQDN
    Use ProxyCommon $vhostFQDN $protoDest $urlDest $logPolicy $accessPolicy $indexingConf

    SSLEngine on
+    # Inclusion de la configuration de certificat spécifique (wildcard ou autre)
+    <Perl>
+        if ( $cert ne "LE" )
+        {
+            my $dir=$ENV{"$vhostFQDN"};
+            my $config_file="$dir/../../certs-conf/cert_$cert.conf";
+            print "------- Utilisation de la configuration certificat $config_file pour $vhostFQDN -------\n";
+            push @Include, "$config_file";
+        }
+    </Perl>

    # Inclusion de la configuration additionnelle
    <Perl>