thomas
/
sovereign
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
Pārlūkot izejas kodu

restart apache on SSL changes

Dan Milon 9 gadus atpakaļ
vecāks
a5c6f663ce
revīzija
829c8491c7
1 mainītis faili ar 7 papildinājumiem un 0 dzēšanām
Apvienotais skats Rādīt salīdzināšanas statistiku
  1. 7
    0
      roles/common/tasks/ssl.yml

+ 7
- 0
roles/common/tasks/ssl.yml Parādīt failu

1 
 - name: Copy SSL private key into place
 1 
 - name: Copy SSL private key into place
2 
   copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640
 2 
   copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640
3 
   register: private_key
 3 
   register: private_key
4 
+  notify: restart apache
4
5
5 
 - name: Copy SSL public certificate into place
 6 
 - name: Copy SSL public certificate into place
6 
   copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644
 7 
   copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644
7 
   register: certificate
 8 
   register: certificate
9 
+  notify: restart apache
8
10
9 
 - name: Copy CA combined certificate into place
 11 
 - name: Copy CA combined certificate into place
10 
   copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644
 12 
   copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644
11 
   register: ca_certificate
 13 
   register: ca_certificate
14 
+  notify: restart apache
12
15
13 
 - name: Create a combined version of the public cert with intermediate and root CAs
 16 
 - name: Create a combined version of the public cert with intermediate and root CAs
14 
   shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >
 17 
   shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >
17
20
18 
 - name: Set permissions on combined public cert
 21 
 - name: Set permissions on combined public cert
19 
   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
 22 
   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
23 
+  notify: restart apache
20
24
21 
 - name: Create strong Diffie-Hellman group
 25 
 - name: Create strong Diffie-Hellman group
22 
   command: openssl dhparam -out /etc/ssl/private/dhparam2048.pem 2048
 26 
   command: openssl dhparam -out /etc/ssl/private/dhparam2048.pem 2048
24
28
25 
 - name: Enable Apache SSL module
 29 
 - name: Enable Apache SSL module
26 
   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
 30 
   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
31 
+  notify: restart apache
27
32
28 
 - name: Enable NameVirtualHost for HTTPS
 33 
 - name: Enable NameVirtualHost for HTTPS
29 
   lineinfile:
 34 
   lineinfile:
30 
     dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443'
 35 
     dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443'
31 
     insertafter='^<IfModule mod_ssl.c>'
 36 
     insertafter='^<IfModule mod_ssl.c>'
32 
     line='    NameVirtualHost *:443'
 37 
     line='    NameVirtualHost *:443'
38 
+  notify: restart apache
33
39
34 
 - name: Enable Apache SOCACHE_SHMCB module for the SSL stapling cache
 40 
 - name: Enable Apache SOCACHE_SHMCB module for the SSL stapling cache
35 
   command: a2enmod socache_shmcb
 41 
   command: a2enmod socache_shmcb
58 
     dest=/etc/apache2/ssl.conf
 64 
     dest=/etc/apache2/ssl.conf
59 
     owner=root
 65 
     owner=root
60 
     group=root
 66 
     group=root
67 
+  notify: restart apache

Rakstīt Priekšskatītījums
Notiek ielāde…
Atcelt
Saglabāt