Generate certificates automatically
This commit is contained in:
parent
765e9e5a47
commit
4cc2998fac
|
@ -1,4 +1,5 @@
|
|||
base_domain: "dev.local"
|
||||
admin_email: "lukas@kucharczyk.xyz"
|
||||
server_ip: "192.168.0.107"
|
||||
data_folder: "{{ playbook_dir }}/docker-data"
|
||||
nginx_confd_folder: "{{ data_folder }}/nginx/conf.d"
|
||||
|
|
|
@ -5,13 +5,23 @@
|
|||
mode: '0755'
|
||||
loop:
|
||||
- "{{ nginx_confd_folder }}"
|
||||
- name: generate certificates
|
||||
command: openssl req \
|
||||
-x509 \
|
||||
-sha256 \
|
||||
-newkey rsa:2048 \
|
||||
-keyout "{{ data_folder }}/nginx/{{ base_domain }}".key \
|
||||
-subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
|
||||
-out "{{ data_folder }}/nginx/{{ base_domain }}".crt \
|
||||
-days 3650 \
|
||||
-nodes \
|
||||
- name: copy certificates
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ data_folder }}/nginx"
|
||||
loop:
|
||||
- localhost.key
|
||||
- localhost.crt
|
||||
- "{{ data_folder }}/nginx/{{ base_domain }}.key"
|
||||
- "{{ data_folder }}/nginx/{{ base_domain }}.crt"
|
||||
- name: copy .conf file
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
|
@ -23,8 +33,8 @@
|
|||
image: nginx
|
||||
volumes:
|
||||
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
|
||||
- "{{ data_folder }}/nginx/localhost.crt:/etc/nginx/localhost.crt"
|
||||
- "{{ data_folder }}/nginx/localhost.key:/etc/nginx/localhost.key"
|
||||
- "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/nginx/{{ base_domain }}.key"
|
||||
- "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/nginx/{{ base_domain }}.crt"
|
||||
- "{{ nginx_confd_folder }}:/etc/nginx/conf.d"
|
||||
ports:
|
||||
- "80:80"
|
||||
|
|
|
@ -26,7 +26,7 @@ http {
|
|||
keepalive_timeout 65;
|
||||
|
||||
#gzip on;
|
||||
ssl_certificate /etc/nginx/localhost.crt;
|
||||
ssl_certificate_key /etc/nginx/localhost.key;
|
||||
ssl_certificate /etc/nginx/{{ base_domain }}.crt;
|
||||
ssl_certificate_key /etc/nginx/{{ base_domain }}.key;
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
Loading…
Reference in New Issue