add missing deps to create selfsigned certificate #19
2 changed files with 45 additions and 14 deletions
|
|
@ -47,6 +47,17 @@ nginx_http_gzip_types: 'text/plain text/css application/json application/x-javas
|
|||
nginx_http_gzip_vary: 'on'
|
||||
nginx_http_gzip_disable: '"msie6"'
|
||||
|
||||
## Self signed certificates
|
||||
nginx_selfsigned_deps:
|
||||
- build-essential
|
||||
- libssl-dev
|
||||
- libffi-dev
|
||||
- python-dev
|
||||
- git
|
||||
- dialog
|
||||
- libaugeas0
|
||||
- ca-certificates
|
||||
|
||||
nginx_gen_dh: 'false'
|
||||
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
|
||||
nginx_dh_length: 4096
|
||||
|
|
|
|||
|
|
@ -49,6 +49,27 @@
|
|||
when: item.copy_ssl is defined
|
||||
notify: reload nginx
|
||||
|
||||
- name: "[SELFSIGNED] - Install dependencies"
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
with_items: "{{ nginx_selfsigned_deps }}"
|
||||
when: item.selfsigned is defined and item.selfsigned == 'true'
|
||||
|
||||
- name: "[SELFSIGNED] - Add python2 cryptography module"
|
||||
apt:
|
||||
name: python-cryptography
|
||||
state: present
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.selfsigned == 'true' and ansible_python.executable == '/usr/bin/python'
|
||||
|
||||
- name: "[SELFSIGNED] - Add python3 cryptography module"
|
||||
apt:
|
||||
name: python3-cryptography
|
||||
state: present
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.selfsigned == 'true' and ansible_python.executable == '/usr/bin/python3'
|
||||
|
||||
- name: "[SELFSIGNED] - Create Key folder"
|
||||
file:
|
||||
path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}"
|
||||
|
|
@ -57,31 +78,30 @@
|
|||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.selfsigned == 'true'
|
||||
notify: reload nginx
|
||||
|
||||
|
||||
- name: '[SELFSIGNED] - Create a self-signed key'
|
||||
openssl_privatekey:
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
size: 2048
|
||||
type: RSA
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
size: 2048
|
||||
type: RSA
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
||||
notify: reload nginx
|
||||
|
||||
- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)'
|
||||
openssl_csr:
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
|
||||
privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)'
|
||||
openssl_csr:
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
|
||||
privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
||||
notify: reload nginx
|
||||
|
||||
- name: '[SELFSIGNED] - Create a self-signed certificate'
|
||||
openssl_certificate:
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem'
|
||||
privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
csr_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
|
||||
- name: '[SELFSIGNED] - Create a self-signed certificate'
|
||||
openssl_certificate:
|
||||
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem'
|
||||
privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
||||
csr_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
|
||||
provider: selfsigned
|
||||
with_items: "{{ nginx_vhosts }}"
|
||||
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
||||
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
||||
notify: reload nginx
|
||||
|
|
|
|||
Loading…
Reference in a new issue