1 | ---
|
---|
2 | - name: Install prerequisites for operating Apache2 over https
|
---|
3 | apt: name={{ item }} update_cache=yes state=latest
|
---|
4 | loop: [ 'python3-certbot-apache' ]
|
---|
5 |
|
---|
6 | - name: Using 'certbot' to generate PEM certificate and set Apache2 for operation over https
|
---|
7 | command: |
|
---|
8 | certbot --apache --non-interactive --keep-until-expiring --renew-with-new-domains --agree-tos
|
---|
9 | --email {{ tech_support_info.email | quote }} --no-eff-email --domains "{{ gsdl3servlet_external.domain }}"
|
---|
10 |
|
---|
11 | - name: Uncommenting #HTTPS# entries in https version of Apache2 config file
|
---|
12 | ansible.builtin.replace:
|
---|
13 | path: "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}-le-ssl.conf"
|
---|
14 | regexp: '^(\s*)#HTTPS# '
|
---|
15 | replace: '\1'
|
---|
16 |
|
---|
17 | - name: Removing #HTTPS# entries from the http version of Apache2 config file
|
---|
18 | ansible.builtin.lineinfile:
|
---|
19 | path: "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}.conf"
|
---|
20 | state: absent
|
---|
21 | regexp: '^(\s*)#HTTPS#.*$'
|
---|
22 |
|
---|
23 | - name: Reloading Apache2
|
---|
24 | ansible.builtin.meta: noop
|
---|
25 | notify: Reload Apache
|
---|
26 |
|
---|
27 |
|
---|
28 | #- name: Adjusting Greenstone3 installations index.html to work in Apache2 DocumentRoot
|
---|
29 | # ansible.builtin.replace:
|
---|
30 | # path: "{{ gsdl3srchome }}/web/index.html"
|
---|
31 | # regexp: 'href="(?!http://|/)'
|
---|
32 | # replace: 'href="/{{ gsdl3servlet_external.context }}/'
|
---|
33 |
|
---|
34 |
|
---|
35 | # - name: "UFW - Allow HTTPS on port {{ gsdl3servlet_external.port | default('443',true) }}"
|
---|
36 | # ufw:
|
---|
37 | # rule: allow
|
---|
38 | # port: "{{ gsdl3servlet_external.port | default('443',true) }}"
|
---|
39 | # proto: tcp
|
---|
40 | # when gsdl3servlet_external.protocol == "https"
|
---|
41 |
|
---|
42 | ##
|
---|
43 | # ???? Open up Port 80, and assume there is a config rule for rewriting to HTTPS port ??
|
---|
44 | ##
|
---|
45 | # - name: "UFW - Allow HTTP on port 80"
|
---|
46 | # ufw:
|
---|
47 | # rule: allow
|
---|
48 | # port: 80
|
---|
49 | # proto: tcp
|
---|
50 | # when gsdl3servlet_external.protocol == "https"
|
---|
51 |
|
---|