source: main/trunk/greenstone3/src/ansible-playbooks/reverse-proxy-https-tasks.yml@ 38659

---
  - name: Install prerequisites for operating Apache2 over https
    apt: name={{ item }} update_cache=yes state=latest
    loop: [ 'python3-certbot-apache' ]

  - name: Using 'certbot' to generate PEM certificate and set Apache2 for operation over https
    command: |
      certbot --apache --non-interactive --keep-until-expiring  --renew-with-new-domains --agree-tos
              --email {{ tech_support_info.email | quote }} --no-eff-email --domains "{{ gsdl3servlet_external.domain }}"

  - name: Uncommenting #HTTPS# entries in https version of Apache2 config file
    ansible.builtin.replace:
      path:   "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}-le-ssl.conf"
      regexp:  '^(\s*)#HTTPS# '
      replace: '\1'

  - name: Removing #HTTPS# entries from the http version of Apache2 config file
    ansible.builtin.lineinfile:
      path: "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}.conf"
      state: absent
      regexp: '^(\s*)#HTTPS#.*$'

  - name: Reloading Apache2
    ansible.builtin.meta: noop
    notify: Reload Apache


#  - name: "UFW - adding firewall rule to allow HTTPS access"
#    ufw:
#      rule: allow
#      port: "{{ gsdl3servlet_external.port | default('443',true) }}"
#      proto: tcp
#    when: gsdl3servlet_external.protocol == "https"
#
#  - debug: msg="UFW - Opened up port {{ gsdl3servlet_external.port | default('443',true) }} for HTTPS access"

##
# ???? Open up Port 80, and assume there is a config rule for rewriting to HTTPS port ??
##
#    - name: "UFW - Allow HTTP on port 80"
#      ufw:
#        rule: allow
#        port: 80
#        proto: tcp
#      when: gsdl3servlet_external.protocol == "https"