Changeset 38571 for main

Timestamp:

2024-01-19T13:41:19+13:00 (4 months ago)

Author:

davidb

Message:

Playbook extended further to now use certbot to create the https version of the config file, plus some tidying up of the apache config files now being used for both http and https

Location:

main/trunk/greenstone3/src/ansible-playbooks

Files:

• files/gs3-apache.conf.j2 (modified) (2 diffs)
• reverse-proxy-https-tasks.yml (modified) (1 diff)

main/trunk/greenstone3/src/ansible-playbooks/files/gs3-apache.conf.j2

@@ -33 +33 @@
         ProxyPreserveHost On
 
-        # Done to allow the proxied web server (localhost, Tomcat in our case)
+        # The following is done to allow the proxied web server (localhost, Tomcat in our case)
         # to have this header information passed on to it
-        # RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
+    #
+        RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
         #HTTPS# RequestHeader set X-Forwarded-SSL expr=%{HTTPS}
 
-
+        #
+        # Before working with web-sockets, the following config entries were sufficient
+    # to connect the apache2 server with the tomcat one running Greenstone3
+    #
         # ProxyPass        /{{gsdl3servlet_external.context}} {{gsdl3servlet_internal.protocol}}://{{gsdl3servlet_internal.domain}}:{{gsdl3servlet_internal.port}}/{{gsdl3servlet_internal.context}}
         # ProxyPassReverse /{{gsdl3servlet_external.context}} {{gsdl3servlet_internal.protocol}}://{{gsdl3servlet_internal.domain}}:{{gsdl3servlet_internal.port}}/{{gsdl3servlet_internal.context}}
@@ -46 +50 @@
         # </Location>
 
-#HTTP-to-HTTPS# RewriteEngine on
-#HTTP-to-HTTPS# RewriteCond %{SERVER_NAME} ={{ apache2_revproxy_config.webserver_name }}
-#HTTP-to-HTTPS# RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
+RewriteEngine on
+        RewriteRule "^/$" "/greenstone3/library" [END,NE,R=permanent]
+
+#HTTPS#         RewriteCond %{HTTP:Upgrade} =websocket 
+#HTTPS#         RewriteRule /(.*) ws://localhost:8383/$1 [P,L]
+
+#HTTPS#         RewriteCond %{HTTP:Upgrade} !=websocket
+#HTTPS#         RewriteRule /(.*) http://localhost:8383/$1 [P,L]
 
 </VirtualHost>

main/trunk/greenstone3/src/ansible-playbooks/reverse-proxy-https-tasks.yml

@@ -4 +4 @@
     loop: [ 'python3-certbot-apache' ]
 
-  #- name: Set up Apache2 virtualhost
-  #  template:
-  #    src: "files/gs3-apache.conf.j2"
-  #    dest: "/etc/apache2/sites-available/{{ apache2_revproxy_config.config_root_name }}.conf"
+  - name: Using 'certbot' to generate PEM certificate and set Apache2 for operation over https
+    command: |
+      certbot --apache --non-interactive --keep-until-expiring  --renew-with-new-domains --agree-tos
+              --email {{ tech_support_info.email | quote }} --no-eff-email --domains "{{ gsdl3servlet_external.domain }}"
+
+  - name: Uncommenting #HTTPS# entries in https version of Apache2 config file
+    ansible.builtin.replace:
+      path:   "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}-le-ssl.conf"
+      regexp:  '^(\s*)#HTTPS# '
+      replace: '\1'
+
+  - name: Removing #HTTPS# entries from the http version of Apache2 config file
+    ansible.builtin.lineinfile:
+      path: "/etc/apache2/sites-enabled/{{ apache2_revproxy_config.config_root_name }}.conf"
+      state: absent
+      regexp: '^(\s*)#HTTPS#.*$'
+
+  - name: Reloading Apache2
+    ansible.builtin.meta: noop
+    notify: Reload Apache
+
 
   #- name: Adjusting Greenstone3 installations index.html to work in Apache2 DocumentRoot