jowj/matrix-docker-ansible-deploy
1
0
Fork 0
forked from mirrors/matrix-docker-ansible-deploy
Code Issues Pull Requests Releases Wiki Activity
0d1a2071de
matrix-docker-ansible-deploy/roles/matrix-server/tasks/setup_ssl.yml
Slavi Pantaleev 0d1a2071de Ensure playbook works if running at SSL-renewal time 
matrix-nginx-proxy will be occupying port 80 soon,
so that we can be more user-friendly and have
http->https forwarding for the Riot hostname.

During the playbook run, acmetool also expects to use
port 80 for domain verification.

During an initial playbook run, this wouldn't cause trouble
because matrix-nginx-proxy is not installed yet.

However, on subsequent playbook runs, it would cause trouble.

This ensures that if matrix-nginx-proxy is available
and running, it would be stopped before running acmetool
and started right after.
2017-08-06 18:40:16 +03:00

50 lines
1.5 KiB
YAML
Raw Blame History

---
- name: Allow access to HTTP/HTTPS in firewalld
firewalld:
service: "{{ item }}"
state: enabled
immediate: yes
permanent: yes
with_items:
- http
- https
- name: Ensure acmetool Docker image is pulled
docker_image:
name: willwill/acme-docker
- name: Ensure SSL certificates path exists
file:
path: "{{ ssl_certs_path }}"
state: directory
mode: 0770
owner: "{{ matrix_user_username }}"
group: "{{ matrix_user_username }}"
- name: Check matrix-nginx-proxy state
service: name=matrix-nginx-proxy
register: matrix_nginx_proxy_state
- name: Ensure matrix-nginx-proxy is stopped (if previously installed & started)
service: name=matrix-nginx-proxy state=stopped
when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
- name: Ensure SSL certificates are marked as wanted in acmetool
shell: >-
/usr/bin/docker run --rm --name acmetool-host-grab -p 80:80
-v {{ ssl_certs_path }}:/certs
-e ACME_EMAIL={{ ssl_support_email }}
willwill/acme-docker
acmetool want {{ hostname_matrix }} {{ hostname_riot }} --xlog.severity=debug
- name: Ensure matrix-nginx-proxy is started (if previously installed & started)
service: name=matrix-nginx-proxy state=started
when: "matrix_nginx_proxy_state.status.ActiveState == 'active'"
- name: Ensure periodic SSL renewal cronjob configured
template:
src: "{{ role_path }}/templates/cron.d/ssl-certificate-renewal.j2"
dest: "/etc/cron.d/ssl-certificate-renewal"
mode: 0600
Reference in New Issue View Git Blame Copy Permalink