Generate certificates automatically

This commit is contained in:
Lukáš Kucharczyk 2021-04-27 19:13:35 +02:00
parent 765e9e5a47
commit 4cc2998fac
No known key found for this signature in database
GPG Key ID: 65524498C0196B64
3 changed files with 17 additions and 6 deletions

View File

@ -1,4 +1,5 @@
base_domain: "dev.local"
admin_email: "lukas@kucharczyk.xyz"
server_ip: "192.168.0.107"
data_folder: "{{ playbook_dir }}/docker-data"
nginx_confd_folder: "{{ data_folder }}/nginx/conf.d"

View File

@ -5,13 +5,23 @@
mode: '0755'
loop:
- "{{ nginx_confd_folder }}"
- name: generate certificates
command: openssl req \
-x509 \
-sha256 \
-newkey rsa:2048 \
-keyout "{{ data_folder }}/nginx/{{ base_domain }}".key \
-subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
-out "{{ data_folder }}/nginx/{{ base_domain }}".crt \
-days 3650 \
-nodes \
- name: copy certificates
copy:
src: "{{ item }}"
dest: "{{ data_folder }}/nginx"
loop:
- localhost.key
- localhost.crt
- "{{ data_folder }}/nginx/{{ base_domain }}.key"
- "{{ data_folder }}/nginx/{{ base_domain }}.crt"
- name: copy .conf file
template:
src: nginx.conf.j2
@ -23,8 +33,8 @@
image: nginx
volumes:
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
- "{{ data_folder }}/nginx/localhost.crt:/etc/nginx/localhost.crt"
- "{{ data_folder }}/nginx/localhost.key:/etc/nginx/localhost.key"
- "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/nginx/{{ base_domain }}.key"
- "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/nginx/{{ base_domain }}.crt"
- "{{ nginx_confd_folder }}:/etc/nginx/conf.d"
ports:
- "80:80"

View File

@ -26,7 +26,7 @@ http {
keepalive_timeout 65;
#gzip on;
ssl_certificate /etc/nginx/localhost.crt;
ssl_certificate_key /etc/nginx/localhost.key;
ssl_certificate /etc/nginx/{{ base_domain }}.crt;
ssl_certificate_key /etc/nginx/{{ base_domain }}.key;
include /etc/nginx/conf.d/*.conf;
}