Commit 6d206673 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

wip sertifikat, se debug

parent 1c0d928d
......@@ -14,7 +14,7 @@ A local rewrite of geerlingguy/ansible-role-apache with some local modifications
* Using default ssl settings from certbot installation.
* apache certbot
* apache certbot (letsencrypt)
## Requirements
......@@ -30,7 +30,7 @@ certbot_ssl_debug: Default false (if set, uses --test-cert flag for letsencrypt
apache_deny_git: Default true, adds deny rule for .git b
apache_certbot: Default false (enables and installs certbot and certificates) replaced by apache_ssl_service
apache_selinux: Default true (option to turn off selinux tasks if selinux is disabled)"
vhost.ssl_type: "certbot|uib"
vhost.ssl_type: "certbot|uib" #default certbot
vhost.http_only_extra_parameters ()
vhost.ssl (undef, true if ssl to be used)
......
......@@ -24,17 +24,29 @@
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: "Register if any hosts has ssl"
- name: "Register if any hosts has ssl for letsencrypt (ssl_type undefined or 'certbot')"
debug:
msg: "set variable if some vhost has ssl defined"
with_items: "{{ apache_vhosts }}"
register: "apache_vhost_has_ssl"
when: "item.ssl is defined and item.ssl"
register: "apache_vhost_has_ssl_certbot"
when: "item.ssl is defined and (item.ssl_type =='letsencrypt' or item.ssl_type is undefined)"
- name: "Register if any hosts has ssl for digicert / uib"
debug:
msg: "set variable if some vhost has ssl defined"
with_items: "{{ apache_vhosts }}"
register: "apache_vhost_has_ssl_digicert"
when: "item.ssl is defined and item.ssl_type =='uib'"
- name: "debug"
debug:
msg: "{{ apache_vhost_has_ssl_digicert }}"
#check if some vhost has certbot set for ssl
- name: Include local tasks for ssl template and certbot
include_tasks: "certbot_ssl.yml"
#- name: Include local tasks for ssl template and certbot
# include_tasks: "certbot_ssl.yml"
# when:
# check if some vhost as uib set for ssl
- name: Add apache vhosts configuration.
......
......@@ -15,9 +15,8 @@
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{%if vhost.ssl is undefined or vhost.ssl != true %}
{% endif %}
{%if vhost.ssl is undefined or vhost.ssl != true or (vhost.ssl | bool and digicert_certificate is undefined ) %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride {{ vhost.allow_override | default(apache_allow_override) }}
......@@ -43,7 +42,7 @@ Require all denied
{% endif %}
{%endif %}
{% if vhost.ssl is defined and vhost.ssl == true %}
{% if vhost.ssl is defined and vhost.ssl == true and (digicert_certificate is defined or (vhost.ssl_type=='uib' or vhosts.ssl_type is undefined)) %}
{{ vhost.http_only_extra_parameters | default('') }}
Redirect Permanent / https://{{ vhost.servername }}/
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment