Commit dc3485f5 authored by Øyvind gjesdal's avatar Øyvind gjesdal
Browse files

wip uib ssl

parent 4090c57e
......@@ -28,8 +28,9 @@ apache_vhosts_template_ssl: Defaults to template using letsencrypt with certbot.
certbot_ssl_debug: Default false (if set, uses --test-cert flag for letsencrypt (self-signed))
apache_deny_git: Default true, adds deny rule for .git b
apache_certbot: Default false (enables and installs certbot and certificates)
apache_certbot: Default false (enables and installs certbot and certificates) replaced by apache_ssl_service
apache_selinux: Default true (option to turn off selinux tasks if selinux is disabled)"
vhost.ssl_type: "certbot|uib"
vhost.http_only_extra_parameters ()
vhost.ssl (undef, true if ssl to be used)
......@@ -8,6 +8,7 @@
with_items: "{{ apache_ports_configuration_items }}"
notify: "restart apache"
register: apache_config_result
- name: "delete centos autoindex, welcome, userdir conf"
path: "/etc/httpd/conf.d/{{ item }}"
......@@ -23,9 +24,19 @@
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: "Register if any hosts has ssl"
msg: "set variable if some vhost has ssl defined"
with_items: "{{ apache_vhosts }}"
register: "apache_vhost_has_ssl"
when: "item.ssl is defined and item.ssl"
#check if some vhost has certbot set for ssl
- name: Include local tasks for ssl template and certbot
include_tasks: "certbot_ssl.yml"
# check if some vhost as uib set for ssl
- name: Add apache vhosts configuration.
src: "{{ apache_vhosts_template }}"
# single domain
- name: "generate ssl private key"
path: "/etc/pki/tls/{{ }}.pem"
# size: "2048"
loop: "{{ apache_vhosts }}"
when: "item.ssl_type == 'uib'"
- name: "generate an OpenSSL Certificate Signin request"
path: "/etc/pki/tls/certs/{{ domain_list[0].dns_server }}.csr"
privatekey_path: /etc/pki/tls/{{ }}.pem
country_name: "NO"
organization: "Universitetet_i_Bergen"
common_name: "{{ domain_list[0].name }}"
# @todo multiple domains
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment