%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /etc/ansible/roles/web/tasks/
Upload File :
Create Path :
Current File : //etc/ansible/roles/web/tasks/configure_cert_per_sites.yml

---
- include: sites-gathering_facts_site_names.yml

- name: create directories
  file:
    path: "/etc/nginx/certs/{{ item }}"
    state: directory
    owner: root
    group: bitrix
    force: yes
    recurse: yes
    mode: 0750
  with_items: "{{ site_names }}"

- name: copy certificate
  copy:
    src: "{{ certificate }}"
    dest: "/etc/nginx/certs/{{ item }}/{{ certificate | basename }}"
    mode: 0640
    owner: root
    group: bitrix
  with_items: "{{ site_names }}"
  when: certificate_chain is undefined

- name: copy certificate
  copy:
    content: |
        {{ lookup('file', certificate) }}
        {{ lookup('file', certificate_chain) }}
    dest: "/etc/nginx/certs/{{ item }}/{{ certificate | basename }}"
    mode: 0640
    owner: root
    group: bitrix
  with_items: "{{ site_names }}"
  when: certificate_chain is defined

- name: copy private_key
  copy:
    src: "{{ private_key }}"
    dest: "/etc/nginx/certs/{{ item }}/{{ private_key | basename }}"
    mode: 0640
    owner: root
    group: bitrix
  with_items: "{{ site_names }}"

- name: copy certificate_chain
  copy:
    src: "{{ certificate_chain }}"
    dest: "/etc/nginx/certs/{{ item }}/{{ certificate_chain | basename }}"
    mode: 0640
    owner: root
    group: bitrix
  with_items: "{{ site_names }}"
  when: certificate_chain is defined

- name: delete old settings from nginx config
  lineinfile:
    dest: "{{ item.NginxHTTPSFullPath }}"
    regexp: "ssl.conf;\\s*$"
    state: absent
  with_items: "{{ bx_sites_info }}"

- name: delete previously settings
  bx_blockinfile: insertafter="CERTIFICATE ANSIBLE MANAGED BLOCK" state="delete"
    dest="{{ item.NginxHTTPSFullPath }}"
  with_items: "{{ bx_sites_info }}"

- name: add new settings to nginx config 
  blockinfile:
    dest: "{{ item.NginxHTTPSFullPath }}"
    insertbefore: "proxy_set_header"
    marker: "# CERTIFICATE ANSIBLE MANAGED BLOCK"
    content: |
      include bx/conf/ssl_options.conf;
      ssl_certificate   /etc/nginx/certs/{{ item.SiteName }}/{{ certificate| basename }};
      ssl_certificate_key  /etc/nginx/certs/{{ item.SiteName }}/{{ private_key| basename }};
      ssl_trusted_certificate /etc/nginx/certs/{{ item.SiteName }}/{{ certificate_chain| basename }};
  with_items: "{{ bx_sites_info }}"
  when: certificate_chain is defined

- name: add new settings to nginx config 
  blockinfile:
    dest: "{{ item.NginxHTTPSFullPath }}"
    insertbefore: "proxy_set_header"
    marker: "# CERTIFICATE ANSIBLE MANAGED BLOCK"
    content: |
      include bx/conf/ssl_options.conf;
      ssl_certificate   /etc/nginx/certs/{{ item.SiteName }}/{{ certificate| basename }};
      ssl_certificate_key  /etc/nginx/certs/{{ item.SiteName }}/{{ private_key| basename }};
  with_items: "{{ bx_sites_info }}"
  when: certificate_chain is undefined

- include: configure_cert_per_ntlm_sites.yml

Zerion Mini Shell 1.0