From 09ec9b64a432430d7b87d8c20e48562e5d4985bc Mon Sep 17 00:00:00 2001 From: Markus Katharina Brechtel Date: Sun, 19 Nov 2017 02:24:30 +0000 Subject: [PATCH] certificate --- handlers/main.yml | 1 + tasks/apache2.yml | 15 ++++++---- tasks/certificate.yml | 13 ++++++++ templates/apache-vhost.conf.j2 | 54 +++++++++++++++++++++++++--------- 4 files changed, 63 insertions(+), 20 deletions(-) create mode 100644 tasks/certificate.yml diff --git a/handlers/main.yml b/handlers/main.yml index e2ca53e..c3f4ec1 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -4,3 +4,4 @@ service: name: apache2 state: restarted + listen: certificate changed diff --git a/tasks/apache2.yml b/tasks/apache2.yml index 038fa53..532a847 100644 --- a/tasks/apache2.yml +++ b/tasks/apache2.yml @@ -1,5 +1,14 @@ --- +- name: apache2 rewrite module + apache2_module: + name: "{{ item }}" + state: present + with_items: + - ssl + - rewrite + notify: restart apache2 + - name: apache2 nextcloud vhost template: src: apache-vhost.conf.j2 @@ -12,9 +21,3 @@ dest: /etc/apache2/sites-enabled/nextcloud.conf state: link notify: restart apache2 - -- name: apache2 rewrite module - apache2_module: - name: rewrite - state: present - notify: restart apache2 diff --git a/tasks/certificate.yml b/tasks/certificate.yml new file mode 100644 index 0000000..4115b95 --- /dev/null +++ b/tasks/certificate.yml @@ -0,0 +1,13 @@ +--- + +- include_role: + name: certificate + vars: + certificate_name: nextcloud + certificate_directory: /etc/ssl + certificate_key_usage: + - digitalSignature + - keyEncipherment + certificate_extended_key_usage: + - serverAuth + certificate_alt_names: "{{ nextcloud_server_names | map('regex_replace', '(.*)','DNS:\\1') | list }}" diff --git a/templates/apache-vhost.conf.j2 b/templates/apache-vhost.conf.j2 index da7d880..58bb0af 100644 --- a/templates/apache-vhost.conf.j2 +++ b/templates/apache-vhost.conf.j2 @@ -1,23 +1,49 @@ - +{{ ansible_managed | comment }} + + + + ServerName {{nextcloud_server_names|first}} + {% for name in nextcloud_server_names | difference([nextcloud_server_names|first]) %} + ServerAlias {{name}} + {% endfor %} + + SSLEngine on + SSLCertificateFile "/etc/ssl/certs/nextcloud.cert.pem" + SSLCertificateChainFile "/etc/ssl/certs/nextcloud.chain.pem" + SSLCertificateKeyFile "/etc/ssl/private/nextcloud.key.pem" + {% if certificate_provider == "letsencrypt" %} + Include /etc/letsencrypt/options-ssl-apache.conf + {% endif %} + + DocumentRoot /var/www/nextcloud - DocumentRoot /var/www/nextcloud + - ServerName {{inventory_hostname}} + Options +FollowSymlinks + AllowOverride All - - Options +FollowSymlinks - AllowOverride All + + Dav off + - - Dav off - + SetEnv HOME /var/www/nextcloud + SetEnv HTTP_HOME /var/www/nextcloud - SetEnv HOME /var/www/nextcloud - SetEnv HTTP_HOME /var/www/nextcloud + + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined + + + + - + ServerName {{nextcloud_server_names|first}} + {% for name in nextcloud_server_names | difference(nextcloud_server_names|first) %} + ServerAlias {{name}} + {% endfor %} - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined + RewriteEngine On + RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]