Line | |
---|
1 | ---
|
---|
2 | - name: Install prerequisites for operating Apache2 over https
|
---|
3 | apt: name={{ item }} update_cache=yes state=latest
|
---|
4 | loop: [ 'python3-certbot-apache' ]
|
---|
5 |
|
---|
6 | - name: Using 'certbot' to generate PEM certificate and set Apache2 for operation over https
|
---|
7 | command: |
|
---|
8 | certbot --apache --non-interactive --keep-until-expiring --renew-with-new-domains --agree-tos
|
---|
9 | --email {{ tech_support_info.email | quote }} --no-eff-email --domains "{{ gsdl3servlet_external.domain }}"
|
---|
10 |
|
---|
11 | - name: Uncommenting #HTTPS# entries in https version of Apache2 config file
|
---|
12 | ansible.builtin.replace:
|
---|
13 | path: "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}-le-ssl.conf"
|
---|
14 | regexp: '^(\s*)#HTTPS# '
|
---|
15 | replace: '\1'
|
---|
16 |
|
---|
17 | - name: Removing #HTTPS# entries from the http version of Apache2 config file
|
---|
18 | ansible.builtin.lineinfile:
|
---|
19 | path: "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}.conf"
|
---|
20 | state: absent
|
---|
21 | regexp: '^(\s*)#HTTPS#.*$'
|
---|
22 |
|
---|
23 | - name: Reloading Apache2
|
---|
24 | ansible.builtin.meta: noop
|
---|
25 | notify: Reload Apache
|
---|
26 |
|
---|
27 |
|
---|
28 | # - name: "UFW - adding firewall rule to allow HTTPS access"
|
---|
29 | # ufw:
|
---|
30 | # rule: allow
|
---|
31 | # port: "{{ gsdl3servlet_external.port | default('443',true) }}"
|
---|
32 | # proto: tcp
|
---|
33 | # when: gsdl3servlet_external.protocol == "https"
|
---|
34 | #
|
---|
35 | # - debug: msg="UFW - Opened up port {{ gsdl3servlet_external.port | default('443',true) }} for HTTPS access"
|
---|
36 |
|
---|
37 | ##
|
---|
38 | # ???? Open up Port 80, and assume there is a config rule for rewriting to HTTPS port ??
|
---|
39 | ##
|
---|
40 | # - name: "UFW - Allow HTTP on port 80"
|
---|
41 | # ufw:
|
---|
42 | # rule: allow
|
---|
43 | # port: 80
|
---|
44 | # proto: tcp
|
---|
45 | # when: gsdl3servlet_external.protocol == "https"
|
---|
46 |
|
---|
Note:
See
TracBrowser
for help on using the repository browser.