Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
86147086
Commit
86147086
authored
Oct 20, 2017
by
Florian Pritz
Browse files
Create SSL certificates automatically for nginx configs
Signed-off-by:
Florian Pritz
<
bluewind@xinu.at
>
parent
315d1cfc
Changes
8
Hide whitespace changes
Inline
Side-by-side
roles/dbscripts/tasks/main.yml
View file @
86147086
...
...
@@ -18,10 +18,8 @@
-
name
:
set up sudoers.d for special users
copy
:
src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
-
stat
:
path="/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem"
register
:
certfile
tags
:
-
nginx
-
name
:
create ssl cert
command
:
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ repos_domain }}' create='/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem'
-
name
:
set up nginx
template
:
src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=0644
...
...
roles/dbscripts/templates/nginx.d.conf.j2
View file @
86147086
...
...
@@ -51,11 +51,9 @@ server {
server_name {{ repos_domain }} {{repos_rsync_domain}};
root /srv/ftp;
{% if certfile.stat.exists %}
ssl_certificate /etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ repos_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ repos_domain }}/chain.pem;
{% endif %}
satisfy any;
...
...
roles/matrix/tasks/main.yml
View file @
86147086
---
-
stat
:
path="/etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem"
register
:
certfile
-
name
:
create ssl cert
command
:
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ matrix_domain }}' create='/etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem'
when
:
'
matrix_domain
!=
""'
-
name
:
install packages
...
...
roles/matrix/templates/nginx.d.conf.j2
View file @
86147086
...
...
@@ -25,11 +25,9 @@ server {
access_log /var/log/nginx/{{ matrix_domain }}/access.log;
error_log /var/log/nginx/{{ matrix_domain }}/error.log;
{% if certfile.stat.exists %}
ssl_certificate /etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ matrix_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ matrix_domain }}/chain.pem;
{% endif %}
location /_matrix {
proxy_pass http://matrix;
...
...
roles/public_html/tasks/main.yml
View file @
86147086
---
-
stat
:
path="/etc/letsencrypt/live/{{ public_domain }}/fullchain.pem"
register
:
certfile
-
name
:
create ssl cert
command
:
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ public_domain }}' create='/etc/letsencrypt/live/{{ public_domain }}/fullchain.pem'
-
name
:
copy webroot files
copy
:
src=public_html dest=/srv owner=root group=root mode=0644 directory_mode=0755
...
...
roles/public_html/templates/nginx.d.conf.j2
View file @
86147086
...
...
@@ -25,11 +25,9 @@ server {
access_log /var/log/nginx/{{ public_domain }}/access.log;
error_log /var/log/nginx/{{ public_domain }}/error.log;
{% if certfile.stat.exists %}
ssl_certificate /etc/letsencrypt/live/{{ public_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ public_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ public_domain }}/chain.pem;
{% endif %}
location ~ ^/~([A-Za-z0-9]+)(/.*)? {
alias /home/$1/public_html$2;
...
...
roles/syncrepo/tasks/main.yml
View file @
86147086
---
-
stat
:
path="/etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem"
register
:
certfile
-
name
:
create ssl cert
command
:
certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ mirror_domain }}' create='/etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem'
when
:
'
mirror_domain
!=
""'
-
name
:
install rsync
...
...
roles/syncrepo/templates/nginx.d.conf.j2
View file @
86147086
...
...
@@ -21,11 +21,9 @@ server {
access_log /var/log/nginx/{{ mirror_domain }}/access.log;
error_log /var/log/nginx/{{ mirror_domain }}/error.log;
{% if certfile.stat.exists %}
ssl_certificate /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;
{% endif %}
autoindex on;
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment