Selfsigned cert task - initial work (#5)
initial commit for selfsigned cert task Co-authored-by: muppeth <muppeth@disroot.org> Reviewed-on: #5 Reviewed-by: meaz <meaz@no-reply@disroot.org> Reviewed-by: antilopa <antilopa@no-reply@disroot.org> Co-Authored-By: muppeth <muppeth@no-reply@disroot.org> Co-Committed-By: muppeth <muppeth@no-reply@disroot.org>
This commit is contained in:
parent
2841af5dae
commit
a9ebf9f942
|
@ -48,3 +48,40 @@
|
|||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.copy_ssl is defined
|
||||
notify: reload nginx
|
||||
|
||||
- name: "[SELFSIGNED] - Create Key folder"
|
||||
file:
|
||||
path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.selfsigned == 'true'
|
||||
notify: reload nginx
|
||||
|
||||
|
||||
- name: '[SELFSIGNED] - Create a self-signed key'
|
||||
openssl_privatekey:
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
size: 2048
|
||||
type: RSA
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
||||
notify: reload nginx
|
||||
|
||||
- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)'
|
||||
openssl_csr:
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
|
||||
privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
||||
notify: reload nginx
|
||||
|
||||
- name: '[SELFSIGNED] - Create a self-signed certificate'
|
||||
openssl_certificate:
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem'
|
||||
privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
csr_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
|
||||
provider: selfsigned
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
||||
notify: reload nginx
|
||||
|
|
Loading…
Reference in New Issue