ansol
/
matrix-docker-ansible-deploy
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git
7
0
Fork 0
Code Issues Projects Releases Wiki Activity
matrix-docker-ansible-deploy/roles/custom/matrix-nginx-proxy/tasks/ssl/setup_ssl_self_signed_obtai...

53 lines
2.0 KiB
YAML
Raw Blame History

---
- ansible.builtin.set_fact:
matrix_ssl_certificate_csr_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/csr.csr"
matrix_ssl_certificate_cert_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/fullchain.pem"
matrix_ssl_certificate_cert_key_path: "{{ matrix_ssl_config_dir_path }}/live/{{ domain_name }}/privkey.pem"
- name: Check if SSL certificate file exists
ansible.builtin.stat:
path: "{{ matrix_ssl_certificate_cert_path }}"
register: matrix_ssl_certificate_cert_path_stat_result
# In order to do any sort of generation (below), we need to ensure the directory exists first
- name: Ensure SSL certificate directory exists
ansible.builtin.file:
path: "{{ matrix_ssl_certificate_csr_path | dirname }}"
state: directory
mode: 0750
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
when: "not matrix_ssl_certificate_cert_path_stat_result.stat.exists"
# The proper way to do this is by using a sequence of
# `openssl_privatekey`, `openssl_csr` and `openssl_certificate`.
#
# Unfortunately, `openssl_csr` and `openssl_certificate` require `PyOpenSSL>=0.15` to work,
# which is not available on CentOS 7 (at least).
#
# We'll do it in a more manual way.
- name: Generate SSL certificate
when: "not matrix_ssl_certificate_cert_path_stat_result.stat.exists"
ansible.builtin.command:
cmd: |
openssl req -x509 \
-sha256 \
-newkey rsa:4096 \
-nodes \
-subj "/CN={{ domain_name }}" \
-keyout {{ matrix_ssl_certificate_cert_key_path }} \
-out {{ matrix_ssl_certificate_cert_path }} \
-days 3650
# Well, this creates 2 files, but Ansible can only check 1.
creates: "{{ matrix_ssl_certificate_cert_path }}"
- name: Adjust SSL certificate file ownership
ansible.builtin.file:
path: "{{ item }}"
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_groupname }}"
with_items:
- "{{ matrix_ssl_certificate_cert_key_path }}"
- "{{ matrix_ssl_certificate_cert_path }}"
Reference in New Issue View Git Blame Copy Permalink