Explorar el Código

certificate

master
padre
commit
09ec9b64a4
Se han modificado 4 ficheros con 63 adiciones y 20 borrados
  1. +1
    -0
      handlers/main.yml
  2. +9
    -6
      tasks/apache2.yml
  3. +13
    -0
      tasks/certificate.yml
  4. +40
    -14
      templates/apache-vhost.conf.j2

+ 1
- 0
handlers/main.yml Ver fichero

@@ -4,3 +4,4 @@
service:
name: apache2
state: restarted
listen: certificate changed

+ 9
- 6
tasks/apache2.yml Ver fichero

@@ -1,5 +1,14 @@
---

- name: apache2 rewrite module
apache2_module:
name: "{{ item }}"
state: present
with_items:
- ssl
- rewrite
notify: restart apache2

- name: apache2 nextcloud vhost
template:
src: apache-vhost.conf.j2
@@ -12,9 +21,3 @@
dest: /etc/apache2/sites-enabled/nextcloud.conf
state: link
notify: restart apache2

- name: apache2 rewrite module
apache2_module:
name: rewrite
state: present
notify: restart apache2

+ 13
- 0
tasks/certificate.yml Ver fichero

@@ -0,0 +1,13 @@
---

- include_role:
name: certificate
vars:
certificate_name: nextcloud
certificate_directory: /etc/ssl
certificate_key_usage:
- digitalSignature
- keyEncipherment
certificate_extended_key_usage:
- serverAuth
certificate_alt_names: "{{ nextcloud_server_names | map('regex_replace', '(.*)','DNS:\\1') | list }}"

+ 40
- 14
templates/apache-vhost.conf.j2 Ver fichero

@@ -1,23 +1,49 @@
<VirtualHost *:80>
{{ ansible_managed | comment }}

<VirtualHost *:443>

ServerName {{nextcloud_server_names|first}}
{% for name in nextcloud_server_names | difference([nextcloud_server_names|first]) %}
ServerAlias {{name}}
{% endfor %}

SSLEngine on
SSLCertificateFile "/etc/ssl/certs/nextcloud.cert.pem"
SSLCertificateChainFile "/etc/ssl/certs/nextcloud.chain.pem"
SSLCertificateKeyFile "/etc/ssl/private/nextcloud.key.pem"
{% if certificate_provider == "letsencrypt" %}
Include /etc/letsencrypt/options-ssl-apache.conf
{% endif %}

DocumentRoot /var/www/nextcloud

DocumentRoot /var/www/nextcloud
<Directory /var/www/nextcloud/>

ServerName {{inventory_hostname}}
Options +FollowSymlinks
AllowOverride All

<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>

<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud

SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

<VirtualHost *:80>

</Directory>
ServerName {{nextcloud_server_names|first}}
{% for name in nextcloud_server_names | difference(nextcloud_server_names|first) %}
ServerAlias {{name}}
{% endfor %}

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine On
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

</VirtualHost>

Cargando…
Cancelar
Guardar