thomas
/
sovereign
Suivre 1
Favoriser 0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Aucune description
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
627 Révisions
1 Branche
Aborescence: 2fb7cfa7c9
Branches Tags
${ item.name }
Créer la branche ${ searchTerm }
de '2fb7cfa7c9'
${ noResults }
sovereign/roles/common/tasks/ssl.yml

ssl.yml 2.0KB
Historique Brut

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 
  1. - name: Copy SSL private key into place

  2.   copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640

  3. 

  4. - name: Copy SSL public certificate into place

  5.   copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644

  6. 

  7. - name: Copy CA combined certificate into place

  8.   copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644

  9. 

  10. - name: Create a combined version of the public cert with intermediate and root CAs

  11.   shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >

  12.     /etc/ssl/certs/wildcard_combined.pem creates=/etc/ssl/certs/wildcard_combined.pem

  13. 

  14. - name: Set permissions on combined public cert

  15.   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644

  16. 

  17. - name: Enable Apache SSL module

  18.   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load

  19. 

  20. - name: Enable NameVirtualHost for HTTPS

  21.   lineinfile: dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443' insertafter='^<IfModule mod_ssl.c>' line='    NameVirtualHost *:443'

  22. 

  23. - name: Enable Apache SOCACHE_SHMCB module for the SSL stapling cache

  24.   command: a2enmod socache_shmcb

  25.     creates=/etc/apache2/mods-enabled/socache_shmcb.load

  26.   notify: restart apache

  27.   when: ansible_distribution_release != 'wheezy'

  28. 

  29. - name: Add Apache SSL stapling cache configuration

  30.   copy:

  31.     src=etc_apache2_conf-available_ssl-stapling-cache.conf

  32.     dest=/etc/apache2/conf-available/ssl-stapling-cache.conf

  33.     owner=root

  34.     group=root

  35.   when: ansible_distribution_release != 'wheezy'

  36.   notify: restart apache

  37. 

  38. - name: Enable Apache SSL stapling cache configuration

  39.   command: a2enconf ssl-stapling-cache

  40.     creates=/etc/apache2/conf-enabled/ssl-stapling-cache.conf

  41.   when: ansible_distribution_release != 'wheezy'

  42.   notify: restart apache

  43. 

  44. - name: Add common Apache SSL config

  45.   template:

  46.     src=etc_apache2_ssl.conf.j2

  47.     dest=/etc/apache2/ssl.conf

  48.     owner=root

  49.     group=root