diff options
| author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-11-09 16:47:46 +0000 |
|---|---|---|
| committer | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-11-10 15:21:39 +0000 |
| commit | 5bc463850ec8315fe0de5c94fcf37d51f03badf3 (patch) | |
| tree | a5462aa268d325d73e2b8199449459a54ee2243b | |
| parent | 2907c91a3883a2312ab882da74a9feff8b1daa79 (diff) | |
| download | trove-setup-5bc463850ec8315fe0de5c94fcf37d51f03badf3.tar.gz | |
lighttpd: Add support for installing SSL certs
Change-Id: I33c74dc19e5835c65740f483aae89a1e8e415f0c
| -rw-r--r-- | ansible/roles/trove-setup/tasks/lighttpd.yml | 24 | ||||
| -rw-r--r-- | ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf (renamed from etc/lighttpd/git-httpd.conf) | 5 |
2 files changed, 26 insertions, 3 deletions
diff --git a/ansible/roles/trove-setup/tasks/lighttpd.yml b/ansible/roles/trove-setup/tasks/lighttpd.yml index d757b5d..300373b 100644 --- a/ansible/roles/trove-setup/tasks/lighttpd.yml +++ b/ansible/roles/trove-setup/tasks/lighttpd.yml @@ -7,12 +7,32 @@ -keyout /etc/lighttpd/certs/lighttpd.pem \ -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes creates=/etc/lighttpd/certs/lighttpd.pem + when: TROVE_SSL_PEMFILE is not defined + +- name: Copy certifiacte for lighttpd if provided + copy: + src: "{{ TROVE_SSL_PEMFILE }}" + dest: /etc/lighttpd/certs/lighttpd.pem + mode: 0400 + when: TROVE_SSL_PEMFILE is defined + +- name: Copy certifiacte for lighttpd if provided + copy: + src: "{{ TROVE_SSL_CA_FILE }}" + dest: /etc/lighttpd/certs/ca-certs.pem + mode: 0400 + when: TROVE_SSL_CA_FILE is defined - name: Create /var/run/lighttpd for cache user file: path=/var/run/lighttpd state=directory owner=cache group=cache -# Now that the lighttpd certificates and the /var/run/lighttpd exist, we can -# enable the lighttpd-git service +- name: Create git-httpd.conf from template + template: + src: lighttpd/git-httpd.conf + dest: /etc/lighttpd/git-httpd.conf + +# Now that the lighttpd certificates, configuration files and /var/run/lighttpd +# exist, we can enable the lighttpd-git service - name: Enable lighttpd-git service service: name=lighttpd-git.service enabled=yes register: lighttpd_git_service diff --git a/etc/lighttpd/git-httpd.conf b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf index dea86de..8b4a22e 100644 --- a/etc/lighttpd/git-httpd.conf +++ b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf @@ -16,7 +16,10 @@ server.modules = ( ) $SERVER["socket"] == ":443" { - ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" + ssl.engine = "enable" + ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" +{% if TROVE_SSL_CA_FILE is defined %} ssl.ca-file = "/etc/lighttpd/certs/ca-certs.pem" +{% endif %} } index-file.names = ("index.html") |