source: main/trunk/greenstone3/src/ansible-playbooks/experimental-playbooks/v1/reverse-proxy-https-tasks.yml@ 38572

---
  - name: Install prerequisites for operating Apache2 over https
    apt: name={{ item }} update_cache=yes state=latest
    loop: [ 'python3-certbot-apache' ]

  - name: Using 'certbot' to generate PEM certificate and set Apache2 for operation over https
    command: |
      certbot --apache --non-interactive --keep-until-expiring  --renew-with-new-domains --agree-tos
              --email {{ tech_support_info.email | quote }} --no-eff-email --domains "{{ gsdl3servlet_external.domain }}"

  - name: Uncommenting #HTTPS# entries in https version of Apache2 config file
    ansible.builtin.replace:
      path:   "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}-le-ssl.conf"
      regexp:  '^(\s*)#HTTPS# '
      replace: '\1'

  - name: Removing #HTTPS# entries from the http version of Apache2 config file
    ansible.builtin.lineinfile:
      path: "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}.conf"
      state: absent
      regexp: '^(\s*)#HTTPS#.*$'

  - name: Reloading Apache2
    ansible.builtin.meta: noop
    notify: Reload Apache


  #- name: Adjusting Greenstone3 installations index.html to work in Apache2 DocumentRoot
  #  ansible.builtin.replace:
  #    path:   "{{ gsdl3srchome }}/web/index.html"
  #    regexp:  'href="(?!http://|/)'
  #    replace: 'href="/{{ gsdl3servlet_external.context }}/'


#    - name: "UFW - Allow HTTPS on port {{ gsdl3servlet_external.port | default('443',true) }}"
#      ufw:
#        rule: allow
#        port: "{{ gsdl3servlet_external.port | default('443',true) }}"
#        proto: tcp
#      when gsdl3servlet_external.protocol == "https"

##
# ???? Open up Port 80, and assume there is a config rule for rewriting to HTTPS port ??
##
#    - name: "UFW - Allow HTTP on port 80"
#      ufw:
#        rule: allow
#        port: 80
#        proto: tcp
#      when gsdl3servlet_external.protocol == "https"