Vhosts creation change (#63)
Changed the way vhosts are created. This is to prevent situation where https vhosts are created without corresponding certificate which is causing error. Solution to that is to check if ssl cert exists for vhost before creating them. Suggested approach is to create vhost called '01.letsencrypt' or `01.domain.ltd` using `letsencrypt` template. This will allow new certificates to be created for upcoming vhosts and once certs are created, nginx will be able to create vhosts and not error out. (so first run letsencrypt and then nginx). Currently vhost creation and enabling is done separate for HTTP and HTTPS vhosts. Not the best solution, but works for now. Reviewed-on: #63 Reviewed-by: meaz <meaz@no-reply@disroot.org> Co-authored-by: muppeth <muppeth@disroot.org> Co-committed-by: muppeth <muppeth@disroot.org>
This commit is contained in:
parent
31bfe12f38
commit
002e1183fc
|
@ -3,19 +3,44 @@
|
|||
slurp:
|
||||
src: "/var/lib/tor/{{ item.name }}/hostname"
|
||||
register: "onion_address"
|
||||
when: item.onion is defined and item.onion == 'true'
|
||||
when:
|
||||
- item.onion is defined
|
||||
- item.onion == 'true'
|
||||
|
||||
- name: "[NGINX] - Set fact"
|
||||
set_fact:
|
||||
enable_tor: 'false'
|
||||
|
||||
- name: "[NGINX] - Check if the certificate for the vhost exists"
|
||||
stat:
|
||||
path: '{{ nginx_ssl_dir }}/{{ item.name }}/privkey.pem'
|
||||
register: cert_exists
|
||||
when:
|
||||
- item.ssl_name is defined
|
||||
|
||||
- name: "[NGINX] - Create vhosts"
|
||||
- name: "[NGINX] - Create HTTPS vhosts"
|
||||
template:
|
||||
src: etc/nginx/sites-available/{{ item.template }}.j2
|
||||
dest: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
||||
notify:
|
||||
- reload nginx
|
||||
when: item.state is defined and item.state != 'delete'
|
||||
when:
|
||||
- item.ssl_name is defined
|
||||
- cert_exists is defined
|
||||
- cert_exists.stat.exists
|
||||
- item.state is defined
|
||||
- item.state != 'delete'
|
||||
|
||||
- name: "[NGINX] - Create HTTP vhosts"
|
||||
template:
|
||||
src: etc/nginx/sites-available/{{ item.template }}.j2
|
||||
dest: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
||||
notify:
|
||||
- reload nginx
|
||||
when:
|
||||
- item.ssl_name is not defined
|
||||
- item.state is defined
|
||||
- item.state != 'delete'
|
||||
|
||||
- name: "[NGINX] - Delete vhosts"
|
||||
file:
|
||||
|
@ -23,16 +48,36 @@
|
|||
state: absent
|
||||
notify:
|
||||
- reload nginx
|
||||
when: item.state is defined and item.state == 'delete'
|
||||
when:
|
||||
- item.state is defined
|
||||
- item.state == 'delete'
|
||||
|
||||
- name: "[NGINX] - Enable vhosts"
|
||||
- name: "[NGINX] - Enable HTTPS vhosts"
|
||||
file:
|
||||
src: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
||||
dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.name }}"
|
||||
state: link
|
||||
notify:
|
||||
- reload nginx
|
||||
when: item.state is defined and item.state == 'enable'
|
||||
when:
|
||||
- item.ssl_name is defined
|
||||
- cert_exists is defined
|
||||
- cert_exists.skipped == 'false'
|
||||
- cert_exists.stat.exists
|
||||
- item.state is defined
|
||||
- item.state == 'enable'
|
||||
|
||||
- name: "[NGINX] - Enable HTTP vhosts"
|
||||
file:
|
||||
src: "{{ nginx_etc_dir }}/sites-available/{{ item.name }}"
|
||||
dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item.name }}"
|
||||
state: link
|
||||
notify:
|
||||
- reload nginx
|
||||
when:
|
||||
- item.ssl_name is not defined
|
||||
- item.state is defined
|
||||
- item.state == 'enable'
|
||||
|
||||
- name: "[NGINX] - Disable vhosts"
|
||||
file:
|
||||
|
@ -40,7 +85,10 @@
|
|||
state: absent
|
||||
notify:
|
||||
- reload nginx
|
||||
when: item.state is defined and (item.state == 'disable' or item.state == 'delete')
|
||||
when:
|
||||
- item.state is defined
|
||||
- item.state == 'disable'
|
||||
- item.state == 'delete'
|
||||
|
||||
- name: "[NGINX] - Delete default vhost when explicitely defined"
|
||||
file:
|
||||
|
@ -50,10 +98,31 @@
|
|||
- reload nginx
|
||||
when: nginx_default_vhost is not none
|
||||
|
||||
- name: "[NGINX] - Create maintenance vhosts"
|
||||
- name: "[NGINX] - Create HTTPS maintenance vhosts"
|
||||
template:
|
||||
src: etc/nginx/sites-available/maintenance.j2
|
||||
dest: "{{ nginx_etc_dir }}/sites-available/maintenance-{{ item.name }}"
|
||||
notify:
|
||||
- reload nginx
|
||||
when: (item.state is defined) and (item.state != 'delete') and (item.maintenance is defined) and (item.maintenance == 'true')
|
||||
when:
|
||||
- item.ssl_name is defined
|
||||
- cert_exists is defined
|
||||
- cert_exists.skipped == 'false'
|
||||
- cert_exists.stat.exists
|
||||
- item.state is defined
|
||||
- item.state != 'delete'
|
||||
- item.maintenance is defined
|
||||
- item.maintenance == 'true'
|
||||
|
||||
- name: "[NGINX] - Create HTTP maintenance vhosts"
|
||||
template:
|
||||
src: etc/nginx/sites-available/maintenance.j2
|
||||
dest: "{{ nginx_etc_dir }}/sites-available/maintenance-{{ item.name }}"
|
||||
notify:
|
||||
- reload nginx
|
||||
when:
|
||||
- item.ssl_name is not defined
|
||||
- item.state is defined
|
||||
- item.state != 'delete'
|
||||
- item.maintenance is defined
|
||||
- item.maintenance == 'true'
|
||||
|
|
Loading…
Reference in New Issue