homelab/roles/nginx/tasks/self-signed.yml

- name: generate root ca
  command: openssl req \
                    -x509 \
                    -new \
                    -nodes \
                    -newkey rsa:2048 \
                    -keyout "{{ data_folder }}/nginx/rootca.key" \
                    -out "{{ data_folder }}/nginx/rootca.pem" \
                    -sha256 \
                    -days 3650 \
                    -subj "/C=CZ/L=Prague/CN=Homelab/emailAddress={{ admin_email }}"
- name: generate wildcard csr
  command: openssl req \
                    -new \
                    -nodes \
                    -newkey rsa:2048 \
                    -keyout "{{ data_folder }}/nginx/{{ base_domain }}.key" \
                    -out "{{ data_folder }}/nginx/{{ base_domain }}.csr" \
                    -subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
- name: sign wildcard csr with root ca
  command: openssl x509 \
                    -req \
                    -in "{{ data_folder }}/nginx/{{ base_domain }}.csr" \
                    -CA "{{ data_folder }}/nginx/rootca.pem" \
                    -CAkey "{{ data_folder }}/nginx/rootca.key" \
                    -CAcreateserial \
                    -out "{{ data_folder }}/nginx/{{ base_domain }}.crt" \
                    -days 3650 \
                    -sha256
- name: install root ca
  command: trust anchor "{{ data_folder }}/nginx/rootca.pem"
  become: yes
- name: copy .conf file
  template:
    src: nginx.conf.j2
    dest: "{{ data_folder }}/nginx/nginx.conf"
    mode: '0755'
nginx: separate self-signed certs 2021-05-05 18:41:28 +00:00			`- name: generate root ca`
			`command: openssl req \`
			`-x509 \`
			`-new \`
			`-nodes \`
			`-newkey rsa:2048 \`
			`-keyout "{{ data_folder }}/nginx/rootca.key" \`
			`-out "{{ data_folder }}/nginx/rootca.pem" \`
			`-sha256 \`
			`-days 3650 \`
			`-subj "/C=CZ/L=Prague/CN=Homelab/emailAddress={{ admin_email }}"`
			`- name: generate wildcard csr`
			`command: openssl req \`
			`-new \`
			`-nodes \`
			`-newkey rsa:2048 \`
			`-keyout "{{ data_folder }}/nginx/{{ base_domain }}.key" \`
			`-out "{{ data_folder }}/nginx/{{ base_domain }}.csr" \`
			`-subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"`
			`- name: sign wildcard csr with root ca`
			`command: openssl x509 \`
			`-req \`
			`-in "{{ data_folder }}/nginx/{{ base_domain }}.csr" \`
			`-CA "{{ data_folder }}/nginx/rootca.pem" \`
			`-CAkey "{{ data_folder }}/nginx/rootca.key" \`
			`-CAcreateserial \`
			`-out "{{ data_folder }}/nginx/{{ base_domain }}.crt" \`
			`-days 3650 \`
			`-sha256`
			`- name: install root ca`
			`command: trust anchor "{{ data_folder }}/nginx/rootca.pem"`
			`become: yes`
			`- name: copy .conf file`
			`template:`
			`src: nginx.conf.j2`
			`dest: "{{ data_folder }}/nginx/nginx.conf"`
			`mode: '0755'`