LIP-Computing.ssl-certs

ansible-role-ssl-certs

======================

This role helps you create and/or install SSL certificates.

You can find it on Ansible Galaxy: LIP-Computing.ssl-certs

Examples

Generating a Self-Signed SSL Certificate

To create a self-signed SSL certificate, use the following configuration:

 - hosts: all
   roles:
     - LIP-Computing.ssl-certs

This will generate a certificate and a private key at these locations:

  • /etc/ssl/myserver.mydomain.com.key
  • /etc/ssl/myserver.mydomain.com.pem

Deploying an SSL Certificate

You can deploy an SSL certificate using these examples:

 - hosts: all
   roles:
    - role: LIP-Computing.ssl-certs
      ssl_certs_common_name: "example.com"
 - hosts: all
   roles:
    - role: LIP-Computing.ssl-certs
      ssl_certs_common_name: "myhost.mydomain"
      ssl_certs_country: "PT"
      ssl_certs_locality: "Lisbon"
      ssl_certs_organization: "LIP"
      ssl_certs_state: "Lisbon"
      ssl_certs_path_owner: "root"
      ssl_certs_path_group: "root"
      ssl_certs_generate_dh_param: true

For this setup, place the certificate in files/ssl/example.com.key and files/ssl/example.com.pem. If these files don't exist, the role will create a self-signed certificate at /etc/ssl/example.com.key and /etc/ssl/example.com.pem using the provided common name.

Deploying an SSL Certificate Using Local Key and PEM Files

If you already have SSL key and certificate files, you can deploy them like this:

 - hosts: all
   roles:
    - role: LIP-Computing.ssl-certs
      ssl_certs_local_privkey_path: '/path/to/example.com.key'
      ssl_certs_local_cert_path: '/path/to/example.com.pem'

Deploying an SSL Certificate Stored in Variables

You can store the SSL certificate and key as variables for added security, especially when using Ansible Vault. Here’s an example of how to define them:

ssl_certs_local_privkey_data: |
  -----BEGIN RSA PRIVATE KEY-----
  MIIEpQIBAAKCAQEAu2uhv2cjoN4F3arUZ5cDrwuxf3koCwrKSK75as0WZoxYrpyw
  Lyx9ldyD4nGabVep0R/uAgQ/HqEf2jC7WIvGcEq8bHB9PyEEWzT8IjKQX0YTc//4
  gkHBkpyU0fVrj5nkc30EIbcbH4RHRDwye4VhP/iCPchDG7OqvCyOdm8=
  -----END RSA PRIVATE KEY-----
ssl_certs_local_cert_data: |
  -----BEGIN CERTIFICATE-----
  MIIDmzCCAoOgAwIBAgIJAKWMlgLwrBzXMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
  QAL3naEfBSZBl0tBohuxn8Xd3yLPuKGUOk3pSL1IJy0Ca6p+QwjkaZUd9X3gf1V2
  SEfYSaGPvfIlSuHIshno
  -----END CERTIFICATE-----

You can simply include the role in your playbook as shown in the first example.

Using This Role with Nginx: jdauphant.nginx

Here’s how you can combine this SSL role with the Nginx role:

 - hosts: all
   roles:
     - LIP-Computing.ssl-certs
       ssl_certs_generate_dh_param: true
     - role: jdauphant.nginx
       nginx_configs:
          ssl:
               - ssl_certificate_key {{ssl_certs_privkey_path}}
               - ssl_certificate     {{ssl_certs_cert_path}}
               - ssl_dhparam         {{ssl_certs_dhparam_path}}
       nginx_sites:
          default:
               - listen 443 ssl
               - server_name _
               - root "/usr/share/nginx/html"
               - index index.html

This configuration will set up SSL for your Nginx server.

Informazioni sul progetto

Generate and/or deploy SSL certificate

Installa
ansible-galaxy install LIP-Computing.ssl-certs
Licenza
bsd-2-clause
Download
79
Proprietario
LIP Computing group