Commit 28c12464 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

add template for ssl config uib

parent 81b8c03b
......@@ -75,8 +75,28 @@
loop: "{{ apache_vhosts }}"
when: "item.ssl_type | default('certbot')== 'uib'"
#- name: "get certificate url from ITA"
- name: "Get certificate"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type | default('certbot')== 'uib'"
- name: "Add apache vhosts ssl template"
template:
src: "{{ apache_vhosts_template_ssl }}"
dest: "{{ apache_conf_path }}/00_{{ item.servername }}_ssl.conf"
owner: root
group: root
mode: 0644
backup: true
# validate: "apachectl configtest"
notify: restart apache
when: "item.ssl_type | default('certbot')== 'uib'"
loop: "{{ apache_vhosts }}"
vars:
current_vhost: "{{ item.servername }}"
become: true
#- name: "get certificate url from ITA"
#
# prompt_vars:
# get_url:
......
# Ansible managed
{# Set up SSL VirtualHosts #}
{# for only selects one vhost per template call, when servername equals current_vhost (passed from task loop) #}
{% for vhost in apache_vhosts if vhost.servername == current_vhost and vhost.ssl %}
<VirtualHost {{ vhost.servername }}:{{ apache_listen_port_ssl }}>
ServerName {{ vhost.servername }}
......@@ -9,7 +10,6 @@
{% if vhost.documentroot is defined %}
DocumentRoot "{{ vhost.documentroot }}"
{% endif %}
Include /etc/letsencrypt/options-ssl-apache.conf
{% if apache_vhosts_version == "2.4" %}
SSLCompression off
{% endif %}
......@@ -17,11 +17,20 @@
{% set default_cert_file = letsencrypt_vhost_path + 'cert.pem' %}
{% set default_cert_key = letsencrypt_vhost_path + 'privkey.pem' %}
{% set default_chain_file = letsencrypt_vhost_path + 'chain.pem' %}
{#block for setting sertificate for letsencrypt #}
{% if vhost.ssl_type is undefined or vhost.ssl_type == 'letsencrypt' %}
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile {{ vhost.certificate_file | default(default_cert_file) }}
SSLCertificateKeyFile {{ vhost.certificate_key_file | default(default_cert_key) }}
SSLCertificateChainFile {{vhost.certificate_chain_file | default(default_chain_file) }}
{% endif %}
{# block for setting sertificate for uib host #}
{% if vhost.ssl_type == 'uib' %} /etc/pki/tls/certs/domene.uib.no.crt
SSLCertificateFile {{ vhost.certificate_file | default('/etc/pki/tls/certs/'+ vhost.servername + '.crt') }}
SSLCertificateKeyFile {{ vhost.certificate_key_file | default('/etc/pki/tls/private/' + vhvost.servername + '.key') }}
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment