thomas
/
sovereign
Observar 1
Favorito 0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Nenhuma descrição
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
652 Commits
1 Branch
Tag: d3abc02f84
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de d3abc02f84
${ noResults }
sovereign/roles/common/tasks/ssl.yml

ssl.yml 2.0KB
Histórico Original

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. - name: Copy SSL private key into place

  2.   copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640

  3.   register: private_key

  4.   notify: restart apache

  5. 

  6. - name: Copy SSL public certificate into place

  7.   copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644

  8.   register: certificate

  9.   notify: restart apache

  10. 

  11. - name: Copy CA combined certificate into place

  12.   copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644

  13.   register: ca_certificate

  14.   notify: restart apache

  15. 

  16. - name: Create a combined version of the public cert with intermediate and root CAs

  17.   shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >

  18.     /etc/ssl/certs/wildcard_combined.pem

  19.   when: private_key.changed or certificate.changed or ca_certificate.changed

  20. 

  21. - name: Set permissions on combined public cert

  22.   file: name=/etc/ssl/certs/wildcard_combined.pem mode=644

  23.   notify: restart apache

  24. 

  25. - name: Create strong Diffie-Hellman group

  26.   command: openssl dhparam -out /etc/ssl/private/dhparam2048.pem 2048

  27.     creates=/etc/ssl/private/dhparam2048.pem

  28. 

  29. - name: Enable Apache SSL module

  30.   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load

  31.   notify: restart apache

  32. 

  33. - name: Enable NameVirtualHost for HTTPS

  34.   lineinfile:

  35.     dest=/etc/apache2/ports.conf regexp='^    NameVirtualHost \*:443'

  36.     insertafter='^<IfModule mod_ssl.c>'

  37.     line='    NameVirtualHost *:443'

  38.   notify: restart apache

  39. 

  40. - name: Enable Apache SOCACHE_SHMCB module for the SSL stapling cache

  41.   command: a2enmod socache_shmcb

  42.     creates=/etc/apache2/mods-enabled/socache_shmcb.load

  43.   notify: restart apache

  44.   when: ansible_distribution_release != 'wheezy'

  45. 

  46. - name: Add common Apache SSL config

  47.   copy: src=etc_apache2_conf-available_ssl.conf

  48.     dest=/etc/apache2/conf-available/ssl.conf

  49.     owner=root

  50.     group=root

  51.   notify: restart apache

  52. 

  53. - name: Enable Apache SSL config

  54.   command: a2enconf ssl creates=/etc/apache2/conf-enabled/ssl.conf

  55.   notify: restart apache