diff options
author | Pedro Alvarez <pedro.alvarez@codethink.co.uk> | 2015-11-09 16:47:46 +0000 |
---|---|---|
committer | Baserock Gerrit <gerrit@baserock.org> | 2015-11-19 12:01:46 +0000 |
commit | e2250e8bfe649d3372f7782719f1869b61d2077b (patch) | |
tree | 6192a430d4efad7aba797823e0eb4fedb23e9c42 /ansible | |
parent | 6ffbc273fd17d7529b813a85374ba5cbba5f5072 (diff) | |
download | trove-setup-e2250e8bfe649d3372f7782719f1869b61d2077b.tar.gz |
lighttpd: Add support for installing SSL certs
Change-Id: I33c74dc19e5835c65740f483aae89a1e8e415f0c
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/roles/trove-setup/tasks/lighttpd.yml | 24 | ||||
-rw-r--r-- | ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf | 74 |
2 files changed, 96 insertions, 2 deletions
diff --git a/ansible/roles/trove-setup/tasks/lighttpd.yml b/ansible/roles/trove-setup/tasks/lighttpd.yml index d757b5d..d460c51 100644 --- a/ansible/roles/trove-setup/tasks/lighttpd.yml +++ b/ansible/roles/trove-setup/tasks/lighttpd.yml @@ -7,12 +7,32 @@ -keyout /etc/lighttpd/certs/lighttpd.pem \ -out /etc/lighttpd/certs/lighttpd.pem -days 36525 -nodes creates=/etc/lighttpd/certs/lighttpd.pem + when: TROVE_SSL_PEMFILE is not defined + +- name: Copy pemfile certificate for lighttpd if provided + copy: + src: "{{ TROVE_SSL_PEMFILE }}" + dest: /etc/lighttpd/certs/lighttpd.pem + mode: 0400 + when: TROVE_SSL_PEMFILE is defined + +- name: Copy ca-certs certificate for lighttpd if provided + copy: + src: "{{ TROVE_SSL_CA_FILE }}" + dest: /etc/lighttpd/certs/ca-certs.pem + mode: 0400 + when: TROVE_SSL_CA_FILE is defined - name: Create /var/run/lighttpd for cache user file: path=/var/run/lighttpd state=directory owner=cache group=cache -# Now that the lighttpd certificates and the /var/run/lighttpd exist, we can -# enable the lighttpd-git service +- name: Create git-httpd.conf from template + template: + src: lighttpd/git-httpd.conf + dest: /etc/lighttpd/git-httpd.conf + +# Now that the lighttpd certificates, configuration files and /var/run/lighttpd +# exist, we can enable the lighttpd-git service - name: Enable lighttpd-git service service: name=lighttpd-git.service enabled=yes register: lighttpd_git_service diff --git a/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf new file mode 100644 index 0000000..8b4a22e --- /dev/null +++ b/ansible/roles/trove-setup/templates/lighttpd/git-httpd.conf @@ -0,0 +1,74 @@ +server.document-root = "/var/www/htdocs" + +server.port = 80 + +server.username = "git" +server.groupname = "git" + +server.modules = ( + "mod_access", + "mod_alias", + "mod_compress", + "mod_redirect", + "mod_cgi", + "mod_auth", + "mod_setenv", +) + +$SERVER["socket"] == ":443" { + ssl.engine = "enable" + ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" +{% if TROVE_SSL_CA_FILE is defined %} ssl.ca-file = "/etc/lighttpd/certs/ca-certs.pem" +{% endif %} +} + +index-file.names = ("index.html") + +cgi.assign = ("gitano-command.cgi" => "/usr/bin/lua5.1", + "gitano-smart-http.cgi" => "/usr/bin/lua5.1", + "cgit.cgi" => "" +) +cgi.execute-x-only = "enable" + +mimetype.assign = ( + ".html" => "text/html", + ".txt" => "text/plain", + ".jpg" => "image/jpeg", + ".png" => "image/png", + ".css" => "text/css" +) + +$HTTP["url"] =~ "^/releases(/|$)" { + server.dir-listing = "enable" +} + +$HTTP["url"] =~ ".*/gitano-command.cgi$" { + setenv.add-environment = ( + "HOME" => "/home/git", + "GITANO_ROOT" => "/home/git/repos" + ) +} + +$HTTP["url"] =~ "^/git/.*$" { + alias.url += ( "/git" => "/var/www/htdocs/gitano-smart-http.cgi" ) + + cgi.assign = ("" => "") + setenv.add-environment = ( + "GIT_HTTP_EXPORT_ALL" => "", + "GIT_PROJECT_ROOT" => "/home/git/repos", + "HOME" => "/home/git", + "GITANO_ROOT" => "/home/git/repos" + ) +} + +$HTTP["scheme"] == "https" { + include "git-auth.conf" + + $HTTP["querystring"] =~ "service=git-receive-pack" { + include "git-auth.conf" + } + + $HTTP["url"] =~ "^/git/.*/git-receive-pack$" { + include "git-auth.conf" + } +} |