Generate certificates automatically

group_vars/all

@@ -1,4 +1,5 @@
 base_domain: "dev.local"
+admin_email: "lukas@kucharczyk.xyz"
 server_ip: "192.168.0.107"
 data_folder: "{{ playbook_dir }}/docker-data"
 nginx_confd_folder: "{{ data_folder }}/nginx/conf.d"

roles/nginx/tasks/main.yml

@@ -5,13 +5,23 @@
     mode: '0755'
   loop:
     - "{{ nginx_confd_folder }}"
+- name: generate certificates
+  command: openssl req \
+            -x509 \
+            -sha256 \
+            -newkey rsa:2048 \
+            -keyout "{{ data_folder }}/nginx/{{ base_domain }}".key \
+            -subj "/C=CZ/L=Prague/CN=*.{{ base_domain }}/emailAddress={{ admin_email }}"
+            -out "{{ data_folder }}/nginx/{{ base_domain }}".crt \
+            -days 3650 \
+            -nodes \
 - name: copy certificates
   copy:
     src: "{{ item }}"
     dest: "{{ data_folder }}/nginx"
   loop:
-    - localhost.key
+    - "{{ data_folder }}/nginx/{{ base_domain }}.key"
-    - localhost.crt
+    - "{{ data_folder }}/nginx/{{ base_domain }}.crt"
 - name: copy .conf file
   template:
     src: nginx.conf.j2
@@ -23,8 +33,8 @@
     image: nginx
     volumes:
       - "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
-      - "{{ data_folder }}/nginx/localhost.crt:/etc/nginx/localhost.crt"
+      - "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/nginx/{{ base_domain }}.key"
-      - "{{ data_folder }}/nginx/localhost.key:/etc/nginx/localhost.key"
+      - "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/nginx/{{ base_domain }}.crt"
       - "{{ nginx_confd_folder }}:/etc/nginx/conf.d"
     ports:
       - "80:80"

roles/nginx/templates/nginx.conf.j2

@@ -26,7 +26,7 @@ http {
     keepalive_timeout  65;
 
     #gzip  on;
-    ssl_certificate /etc/nginx/localhost.crt;
+    ssl_certificate /etc/nginx/{{ base_domain }}.crt;
-    ssl_certificate_key /etc/nginx/localhost.key;
+    ssl_certificate_key /etc/nginx/{{ base_domain }}.key;
     include /etc/nginx/conf.d/*.conf;
 }