diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-11-09 16:47:46 +0000 |
---|---|---|
committer | Baserock Gerrit <gerrit@baserock.org> | 2015-11-19 12:01:46 +0000 |
commit | e2250e8bfe649d3372f7782719f1869b61d2077b (patch) | |
tree | 6192a430d4efad7aba797823e0eb4fedb23e9c42 | |
parent | 6ffbc273fd17d7529b813a85374ba5cbba5f5072 (diff) | |
download | trove-setup-e2250e8bfe649d3372f7782719f1869b61d2077b.tar.gz |
lighttpd: Add support for installing SSL certs
Change-Id: I33c74dc19e5835c65740f483aae89a1e8e415f0c
-rw-r--r-- | ansible/roles/trove-setup/tasks/lighttpd.yml | 24 | ||||
-rw-r--r-- | ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf (renamed from etc/lighttpd/git-httpd.conf) | 5 |
2 files changed, 26 insertions, 3 deletions
diff --git a/ansible/roles/trove-setup/tasks/lighttpd.yml b/ansible/roles/trove-setup/tasks/lighttpd.yml index d757b5d..d460c51 100644 --- a/ansible/roles/trove-setup/tasks/lighttpd.yml +++ b/ansible/roles/trove-setup/tasks/lighttpd.yml @@ -7,12 +7,32 @@ -keyout /etc/lighttpd/certs/lighttpd.pem \ -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes creates=/etc/lighttpd/certs/lighttpd.pem + when: TROVE_SSL_PEMFILE is not defined + +- name: Copy pemfile certificate for lighttpd if provided + copy: + src: "{{ TROVE_SSL_PEMFILE }}" + dest: /etc/lighttpd/certs/lighttpd.pem + mode: 0400 + when: TROVE_SSL_PEMFILE is defined + +- name: Copy ca-certs certificate for lighttpd if provided + copy: + src: "{{ TROVE_SSL_CA_FILE }}" + dest: /etc/lighttpd/certs/ca-certs.pem + mode: 0400 + when: TROVE_SSL_CA_FILE is defined - name: Create /var/run/lighttpd for cache user file: path=/var/run/lighttpd state=directory owner=cache group=cache -# Now that the lighttpd certificates and the /var/run/lighttpd exist, we can -# enable the lighttpd-git service +- name: Create git-httpd.conf from template + template: + src: lighttpd/git-httpd.conf + dest: /etc/lighttpd/git-httpd.conf + +# Now that the lighttpd certificates, configuration files and /var/run/lighttpd +# exist, we can enable the lighttpd-git service - name: Enable lighttpd-git service service: name=lighttpd-git.service enabled=yes register: lighttpd_git_service diff --git a/etc/lighttpd/git-httpd.conf b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf index dea86de..8b4a22e 100644 --- a/etc/lighttpd/git-httpd.conf +++ b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf @@ -16,7 +16,10 @@ server.modules = ( ) $SERVER["socket"] == ":443" { - ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" + ssl.engine = "enable" + ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" +{% if TROVE_SSL_CA_FILE is defined %} ssl.ca-file = "/etc/lighttpd/certs/ca-certs.pem" +{% endif %} } index-file.names = ("index.html") |