summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-11-09 16:47:46 +0000
committerBaserock Gerrit <gerrit@baserock.org>2015-11-19 12:01:46 +0000
commite2250e8bfe649d3372f7782719f1869b61d2077b (patch)
tree6192a430d4efad7aba797823e0eb4fedb23e9c42
parent6ffbc273fd17d7529b813a85374ba5cbba5f5072 (diff)
downloadtrove-setup-e2250e8bfe649d3372f7782719f1869b61d2077b.tar.gz
lighttpd: Add support for installing SSL certs
Change-Id: I33c74dc19e5835c65740f483aae89a1e8e415f0c
-rw-r--r--ansible/roles/trove-setup/tasks/lighttpd.yml24
-rw-r--r--ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf (renamed from etc/lighttpd/git-httpd.conf)5
2 files changed, 26 insertions, 3 deletions
diff --git a/ansible/roles/trove-setup/tasks/lighttpd.yml b/ansible/roles/trove-setup/tasks/lighttpd.yml
index d757b5d..d460c51 100644
--- a/ansible/roles/trove-setup/tasks/lighttpd.yml
+++ b/ansible/roles/trove-setup/tasks/lighttpd.yml
@@ -7,12 +7,32 @@
-keyout /etc/lighttpd/certs/lighttpd.pem \
-out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes
creates=/etc/lighttpd/certs/lighttpd.pem
+ when: TROVE_SSL_PEMFILE is not defined
+
+- name: Copy pemfile certificate for lighttpd if provided
+ copy:
+ src: "{{ TROVE_SSL_PEMFILE }}"
+ dest: /etc/lighttpd/certs/lighttpd.pem
+ mode: 0400
+ when: TROVE_SSL_PEMFILE is defined
+
+- name: Copy ca-certs certificate for lighttpd if provided
+ copy:
+ src: "{{ TROVE_SSL_CA_FILE }}"
+ dest: /etc/lighttpd/certs/ca-certs.pem
+ mode: 0400
+ when: TROVE_SSL_CA_FILE is defined
- name: Create /var/run/lighttpd for cache user
file: path=/var/run/lighttpd state=directory owner=cache group=cache
-# Now that the lighttpd certificates and the /var/run/lighttpd exist, we can
-# enable the lighttpd-git service
+- name: Create git-httpd.conf from template
+ template:
+ src: lighttpd/git-httpd.conf
+ dest: /etc/lighttpd/git-httpd.conf
+
+# Now that the lighttpd certificates, configuration files and /var/run/lighttpd
+# exist, we can enable the lighttpd-git service
- name: Enable lighttpd-git service
service: name=lighttpd-git.service enabled=yes
register: lighttpd_git_service
diff --git a/etc/lighttpd/git-httpd.conf b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf
index dea86de..8b4a22e 100644
--- a/etc/lighttpd/git-httpd.conf
+++ b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf
@@ -16,7 +16,10 @@ server.modules = (
)
$SERVER["socket"] == ":443" {
- ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
+ ssl.engine = "enable"
+ ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
+{% if TROVE_SSL_CA_FILE is defined %} ssl.ca-file = "/etc/lighttpd/certs/ca-certs.pem"
+{% endif %}
}
index-file.names = ("index.html")