Commit d7b25896 authored by Oyvind.Gjesdal's avatar Oyvind.Gjesdal
Browse files

update readme for uib certificate

parent 682f7a52
......@@ -16,10 +16,12 @@ A local rewrite of geerlingguy/ansible-role-apache with some local modifications
* apache certbot (letsencrypt)
* uib ssl
## Requirements
Local modifications requires a centos-7 host.
If cronjob for ssl renewal is set, chronic (more-utils) is required.
Local modifications requires a centos-7/centos8 host.
If cronjob for ssl renewal is set, chronic (more-utils) is required. If on centos8 more-utils requires powertools to be enabled.
## Local changes
......@@ -55,11 +57,27 @@ vhost.ssl (undef, true if ssl to be used)
http_only_extra_parameters: |
ProxyPass /example.dtd http://localhost:8080/service/example.dtd
ssl: true
ssl_type: "uib|letsencrypt" # default letsencrypt if empty
become: true
tags:
- httpd
```
If uib is set, an email is sent to serveradmin containing a template for creating a ssl-request in hjelp.uib.no.
You get another email from the certificate provider containing various urls.
Continue by adding to the vhost section after ssl_type:
```
...
ssl_type: "uib"
certificate_interm_only_url: "# url from link to intermediate certificate only"
certificate_only_url: "# url from email to certificate only"
```
The role will fail (var not set) until these are set. When rerunning the playbook, a certificate should be set.
@todo Renewing a certificate.
* End of local changes *
Available variables are listed below, along with default values (see `defaults/main.yml`):
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment