joyent.triton_dehydrated

Panoramica Versioni Approfondimenti

triton-dehydrated

An Ansible playbook for installing and setting up triton-dehydrated to create Let's Encrypt certificates.

Requirements

This playbook only works on virtual instances created in Triton. Any image from Joyent should work.

The Triton Datacenter needs to have CNS configured and should be globally accessible.

The triton-ansible-inventory module can be useful, but it is not mandatory.

Role Variables

This role needs a letsencrypt object with the following properties. You can skip any properties, and defaults will be used. You must provide at least one of domains, suffix_domains, ecesa_domains, or ecdsa_suffix_domains for certificates to be created. If not, dehydrated will still be installed and configured but will exit right away.

  • ca: Should be $prod_ca, $staging_ca, or a valid Let's Encrypt CA URL. Defaults to $staging_ca. Keep this as $staging_ca while developing to avoid hitting the rate limit. Change to $prod_ca when ready for production.
  • certdir: The directory where certificates will be saved. Defaults to /opt/ssl.
  • contact: Email address for the Let's Encrypt account.
  • domains: List of RSA certificates to issue. Each element becomes an issued certificate. Additional names can be added as space-separated.
  • ecdsa_domains: List of ECDSA certificates to issue. Otherwise, it works the same as domains.
  • ecdsa_suffix_domains: List of domain suffixes for ECDSA certificates. The hostname will be added to each name to generate a certificate.
  • owner: The UNIX file ownership. Defaults to root:root. This is used for chown.
  • restart_services: List of services that will be restarted.
  • suffix_domains: List of domain suffixes for RSA certificates. The hostname will be added to each name to generate a certificate.
  • well_known: The Let's Encrypt WELLKNOWN directory. Defaults to /var/www/dehydrated.

Also, there are top-level variables triton_dehydrated_version and triton_dehydrated_download_url that can be changed if needed.

Dependencies

This playbook should work with any Joyent image running on Triton, as long as CNS names are set to be globally accessible.

Example Playbook

- hosts: servers
  roles:
    - role: joyent.triton-dehydrated
  vars:
    letsencrypt:
      ca: "$prod_ca"
      contact: "[email protected]"
      domains:
        - www.example.com api.backend.example.com
      restart_services:
        - nginx

License

MPL-2.0. See LICENSE.txt in this repository.

Author Information

Copyright 2021 Joyent, Inc.

Informazioni sul progetto

Generate Let's Encrypt Certificates with triton-dehydrated

role cloud dehydrated letsencrypt ssl sslcert sslcertificate sslcertificates tls certificate certificates
Installa
ansible-galaxy install joyent.triton_dehydrated
GitHub repository
1 stelle
1 fork
0 problemi aperti
Licenza
mpl-2.0
Download
111
Proprietario