瀏覽代碼

Merge pull request #430 from danmilon/ssl-restart-nginx-on-new-cert

sl: properly install changed certificate and restart apache on changes
Sven Neuhaus 9 年之前
父節點
當前提交
e95e3e1bf8
共有 1 個檔案被更改,包括 16 行新增2 行删除
  1. 16
    2
      roles/common/tasks/ssl.yml

+ 16
- 2
roles/common/tasks/ssl.yml 查看文件

@@ -1,18 +1,26 @@
1 1
 - name: Copy SSL private key into place
2 2
   copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640
3
+  register: private_key
4
+  notify: restart apache
3 5
 
4 6
 - name: Copy SSL public certificate into place
5 7
   copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644
8
+  register: certificate
9
+  notify: restart apache
6 10
 
7 11
 - name: Copy CA combined certificate into place
8 12
   copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644
13
+  register: ca_certificate
14
+  notify: restart apache
9 15
 
10 16
 - name: Create a combined version of the public cert with intermediate and root CAs
11 17
   shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >
12
-    /etc/ssl/certs/wildcard_combined.pem creates=/etc/ssl/certs/wildcard_combined.pem
18
+    /etc/ssl/certs/wildcard_combined.pem
19
+  when: private_key.changed or certificate.changed or ca_certificate.changed
13 20
 
14 21
 - name: Set permissions on combined public cert
15 22
   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
23
+  notify: restart apache
16 24
 
17 25
 - name: Create strong Diffie-Hellman group
18 26
   command: openssl dhparam -out /etc/ssl/private/dhparam2048.pem 2048
@@ -20,9 +28,14 @@
20 28
 
21 29
 - name: Enable Apache SSL module
22 30
   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
31
+  notify: restart apache
23 32
 
24 33
 - name: Enable NameVirtualHost for HTTPS
25
-  lineinfile: dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443' insertafter='^<IfModule mod_ssl.c>' line='    NameVirtualHost *:443'
34
+  lineinfile:
35
+    dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443'
36
+    insertafter='^<IfModule mod_ssl.c>'
37
+    line='    NameVirtualHost *:443'
38
+  notify: restart apache
26 39
 
27 40
 - name: Enable Apache SOCACHE_SHMCB module for the SSL stapling cache
28 41
   command: a2enmod socache_shmcb
@@ -51,3 +64,4 @@
51 64
     dest=/etc/apache2/ssl.conf
52 65
     owner=root
53 66
     group=root
67
+  notify: restart apache

Loading…
取消
儲存