pescobar.dehydrated

Panoramica Versioni Approfondimenti

ansible-role-dehydrated

This role installs the dehydrated client for Let's Encrypt/ACME.

Role Variables

  • dehydrated_config_dir: Directory for dehydrated configuration (default: "/etc/dehydrated")
  • dehydrated_wellknown_dir: Directory for well-known ACME challenges (default: "/var/www/dehydrated/")
  • dehydrated_certs_dir: Directory for storing certificates (default: "{{ dehydrated_config_dir }}/certs")
  • dehydrated_version: Version of dehydrated to install (default: "master")
  • dehydrated_install_dir: Where to install dehydrated (default: "/usr/local/bin")
  • dehydrated_contact_email: Contact email for notifications (default: "dummy@dummy.com")
  • dehydrated_domains: List of domains for certificate (default: "{{ ansible_fqdn }}")
  • dehydrated_hook_script_path: Path to the hook script (default: "{{ dehydrated_config_dir }}/hook.sh")
  • dehydrated_hook_deploy_cert_cmd: Command to run when a new certificate is deployed (default: systemctl reload httpd)

Example Playbook

Here’s an example of how to configure a web server with SSL using this role along with geerlingguy.apache:

- name: Configure webserver with ssl
  hosts: webserver
  gather_facts: True
  remote_user: root

  vars:
    dehydrated_contact_email: "[email protected]"
    vhost_public_domain: mycoolweb.com

    apache_global_vhost_settings: |
      DirectoryIndex index.php index.html
      Alias /.well-known/acme-challenge/ {{ dehydrated_wellknown_dir }}
      <Directory {{ dehydrated_wellknown_dir }}>
          Require all granted
      </Directory>

    apache_vhosts:
      - servername: "{{ vhost_public_domain }}"
        serveralias: "www.{{ vhost_public_domain }}"
        serveradmin: "{{ dehydrated_contact_email }}"
        documentroot: "/var/www/{{ vhost_public_domain }}"
        extra_parameters: |
          RewriteEngine On
          RewriteCond %{HTTPS} off
          RewriteCond %{REQUEST_URI} !^/.well-known/
          RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

    apache_vhosts_ssl:
      - servername: "{{ vhost_public_domain }}"
        serveralias: "www.{{ vhost_public_domain }}"
        serveradmin: "{{ dehydrated_contact_email }}"
        documentroot: "/var/www/{{ vhost_public_domain }}"
        certificate_file: "{{ dehydrated_certs_dir }}/{{ vhost_public_domain }}/cert.pem"
        certificate_key_file: "{{ dehydrated_certs_dir }}/{{ vhost_public_domain }}/privkey.pem"
        certificate_chain_file: "{{ dehydrated_certs_dir }}/{{ vhost_public_domain }}/fullchain.pem"

    apache_ignore_missing_ssl_certificate: false

  tasks:
    - name: Install and configure apache webserver (without SSL)
      import_role:
        name: geerlingguy.apache

    - name: Install dehydrated letsencrypt/acme client
      import_role:
        name: ansible-role-dehydrated

    - meta: flush_handlers

    - name: Install and configure apache webserver again (with SSL)
      import_role:
        name: geerlingguy.apache

License

This role is licensed under GPLv3.

Author Information

Created by Pablo Escobar.

Informazioni sul progetto

Install the dehydrated letsencrypt/acme client

role acme dehydrated letsencrypt ssl
Installa
ansible-galaxy install pescobar.dehydrated
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
Unknown
Download
1.4k
Proprietario
Pablo Escobar Lopez
Systems engineer. Linux/HPC/Cloud/BioInfo