Generate certificates automatically
This commit is contained in:
parent
765e9e5a47
commit
4cc2998fac
|
@ -1,4 +1,5 @@
|
||||||
base_domain: "dev.local"
|
base_domain: "dev.local"
|
||||||
|
admin_email: "lukas@kucharczyk.xyz"
|
||||||
server_ip: "192.168.0.107"
|
server_ip: "192.168.0.107"
|
||||||
data_folder: "{{ playbook_dir }}/docker-data"
|
data_folder: "{{ playbook_dir }}/docker-data"
|
||||||
nginx_confd_folder: "{{ data_folder }}/nginx/conf.d"
|
nginx_confd_folder: "{{ data_folder }}/nginx/conf.d"
|
||||||
|
|
|
@ -5,13 +5,23 @@
|
||||||
mode: '0755'
|
mode: '0755'
|
||||||
loop:
|
loop:
|
||||||
- "{{ nginx_confd_folder }}"
|
- "{{ nginx_confd_folder }}"
|
||||||
|
- name: generate certificates
|
||||||
|
command: openssl req \
|
||||||
|
-x509 \
|
||||||
|
-sha256 \
|
||||||
|
-newkey rsa:2048 \
|
||||||
|
-keyout "{{ data_folder }}/nginx/{{ base_domain }}".key \
|
||||||
|
-subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
|
||||||
|
-out "{{ data_folder }}/nginx/{{ base_domain }}".crt \
|
||||||
|
-days 3650 \
|
||||||
|
-nodes \
|
||||||
- name: copy certificates
|
- name: copy certificates
|
||||||
copy:
|
copy:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ data_folder }}/nginx"
|
dest: "{{ data_folder }}/nginx"
|
||||||
loop:
|
loop:
|
||||||
- localhost.key
|
- "{{ data_folder }}/nginx/{{ base_domain }}.key"
|
||||||
- localhost.crt
|
- "{{ data_folder }}/nginx/{{ base_domain }}.crt"
|
||||||
- name: copy .conf file
|
- name: copy .conf file
|
||||||
template:
|
template:
|
||||||
src: nginx.conf.j2
|
src: nginx.conf.j2
|
||||||
|
@ -23,8 +33,8 @@
|
||||||
image: nginx
|
image: nginx
|
||||||
volumes:
|
volumes:
|
||||||
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
|
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
|
||||||
- "{{ data_folder }}/nginx/localhost.crt:/etc/nginx/localhost.crt"
|
- "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/nginx/{{ base_domain }}.key"
|
||||||
- "{{ data_folder }}/nginx/localhost.key:/etc/nginx/localhost.key"
|
- "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/nginx/{{ base_domain }}.crt"
|
||||||
- "{{ nginx_confd_folder }}:/etc/nginx/conf.d"
|
- "{{ nginx_confd_folder }}:/etc/nginx/conf.d"
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
|
|
|
@ -26,7 +26,7 @@ http {
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
|
|
||||||
#gzip on;
|
#gzip on;
|
||||||
ssl_certificate /etc/nginx/localhost.crt;
|
ssl_certificate /etc/nginx/{{ base_domain }}.crt;
|
||||||
ssl_certificate_key /etc/nginx/localhost.key;
|
ssl_certificate_key /etc/nginx/{{ base_domain }}.key;
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
}
|
}
|
Loading…
Reference in New Issue