ansible/xoxys.nginx
1
0
Fork 0
Code Issues Pull Requests Releases Activity

allow uploading a list of certificate files
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2020-06-04 23:09:15 +02:00
parent 8236e8a98e
commit 7b9af21abf
3 changed files with 29 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
defaults/main.yml
View File

@ -43,15 +43,17 @@ nginx_tls_enabled: False
nginx_tls_versions: nginx_tls_versions:
- TLSv1.2 - TLSv1.2
# @var nginx_tls_cert_source:description: Source has to be a file. nginx_tls_certificates: []
# @var nginx_tls_cert_source: $ "_unset_" # @var nginx_tls_certificates:example: >
# @var nginx_tls_key_source:description: Source has to be a file. # nginx_tls_certificates:
# @var nginx_tls_key_source: $ "_unset_" # - source: "{{ ansible_user_dir }}/files/mycert.pem"
# dest: /etc/pki/tls/certs/mycert.pem
# mode: 0644
# - source: "{{ ansible_user_dir }}/files/mykey.pem"
# dest: /etc/pki/tls/private/mykey.pem
# mode: 0600
# @end
# @var nginx_tls_cert_file:description: Set the destination filename.
nginx_tls_cert_file: mycert.pem
# @var nginx_tls_key_file:description: Set the destination filename.
nginx_tls_key_file: mykey.pem
# @var nginx_tls_dhparam_file: $ "_unset_" # @var nginx_tls_dhparam_file: $ "_unset_"
nginx_tls_dhparam_size: 2048 nginx_tls_dhparam_size: 2048
@ -149,8 +151,8 @@ nginx_vhosts_default:
# tls_redirect: False # skips locations if enabled # tls_redirect: False # skips locations if enabled
# tls_redirect_url: # tls_redirect_url:
# tls: # tls:
# cert: /etc/pki/tls/.. # cert: /etc/pki/tls/certs/mycert.pem
# key: /etc/pki/tls/.. # key: /etc/pki/tls/private/mykey.pem
# dhparam: # dhparam:
# client_max_body_size: # client_max_body_size:
# send_timeout: # send_timeout:

26
tasks/tls.yml
View File

@ -1,18 +1,22 @@
--- ---
- block: - block:
- name: Copy certs and private key - name: Ensur target directories exist for certificate files
copy: file:
src: "{{ item.src }}" name: "{{ item.dest | dirname }}"
dest: "{{ item.dest }}" state: directory
mode: "{{ item.mode }}" loop: "{{ nginx_tls_certificates }}"
loop: loop_control:
- { src: "{{ nginx_tls_key_source }}", dest: '/etc/pki/tls/private/{{ nginx_tls_key_file }}', mode: '0600' } label: "{{ item.dest }}"
- { src: "{{ nginx_tls_cert_source }}", dest: '/etc/pki/tls/certs/{{ nginx_tls_cert_file }}', mode: '0750' }
- name: Copy certificate files
copy:
src: "{{ item.source }}"
dest: "{{ item.dest }}"
mode: "{{ item.mode | default('0600') }}"
owner: "{{ item.owner | default('root') }}"
loop: "{{ nginx_tls_certificates }}"
loop_control: loop_control:
label: "{{ item.dest }}" label: "{{ item.dest }}"
when:
- nginx_tls_cert_source is defined
- nginx_tls_key_source is defined
notify: __nginx_reload notify: __nginx_reload
- name: Create Diffie-Hellman Parameter - name: Create Diffie-Hellman Parameter

4
templates/etc/nginx/sites-available/vhost.j2
View File

@ -21,8 +21,8 @@ server {
{% endif %} {% endif %}
{% if server.tls is defined and server.tls %} {% if server.tls is defined and server.tls %}
ssl_certificate /etc/pki/tls/certs/{{ server.tls.cert }}; ssl_certificate {{ server.tls.cert }};
ssl_certificate_key /etc/pki/tls/private/{{ server.tls.key }}; ssl_certificate_key {{ server.tls.key }};
{% if server.tls.dhparam is defined %} {% if server.tls.dhparam is defined %}
ssl_dhparam {{ item.value.ssl.dhparam }}; ssl_dhparam {{ item.value.ssl.dhparam }};
{% endif %} {% endif %}