Fixed SSL issues on local installation
This commit is contained in:
parent
6f0ad37dcf
commit
3d5b1460f7
|
@ -6,15 +6,6 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: ansible_domain != 'dev'
|
||||
- name: add development collabora http site
|
||||
template:
|
||||
src: etc/apache2/sites-available/dev.conf.j2
|
||||
dest: /etc/apache2/sites-available/{{ ansible_domain }}.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: ansible_domain == 'dev'
|
||||
- name: disable default site and enable collabora site
|
||||
block:
|
||||
- name: disable default site
|
||||
|
@ -23,11 +14,12 @@
|
|||
- name: enable collabora site
|
||||
command:
|
||||
cmd: a2ensite {{ ansible_domain }}.conf
|
||||
notify: reload apache
|
||||
- name: run certbot
|
||||
command:
|
||||
cmd: certbot --apache --non-interactive --keep-until-expiring --no-eff-email --email {{ admin_mail }} --redirect --renew-with-new-domains --agree-tos -d {{ ansible_domain }}
|
||||
when: ansible_domain != 'dev'
|
||||
- include: ssl-dev.yml
|
||||
when: ansible_domain == 'dev'
|
||||
- name: add collabora https site
|
||||
template:
|
||||
src: etc/apache2/sites-available/ansible_domain-le-ssl.conf.j2
|
||||
|
@ -35,9 +27,7 @@
|
|||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: ansible_domain != 'dev'
|
||||
- name: enable collabora https site
|
||||
command:
|
||||
cmd: a2ensite {{ ansible_domain }}-le-ssl.conf
|
||||
when: ansible_domain != 'dev'
|
||||
notify: restart apache
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
---
|
||||
- name: Ensure python OpenSSL dependencies are installed.
|
||||
pip:
|
||||
name: pyOpenSSL
|
||||
state: present
|
||||
|
||||
- name: Ensure directory exists for local self-signed TLS certs.
|
||||
file:
|
||||
path: /etc/letsencrypt/live/{{ ansible_domain }}
|
||||
state: directory
|
||||
|
||||
- name: Generate an OpenSSL private key.
|
||||
openssl_privatekey:
|
||||
path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
|
||||
|
||||
- name: Generate an OpenSSL CSR.
|
||||
openssl_csr:
|
||||
path: /etc/ssl/private/{{ ansible_domain }}.csr
|
||||
privatekey_path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
|
||||
common_name: "{{ ansible_domain }}"
|
||||
|
||||
- name: Generate a Self Signed OpenSSL certificate.
|
||||
openssl_certificate:
|
||||
path: /etc/letsencrypt/live/{{ ansible_domain }}/fullchain.pem
|
||||
privatekey_path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
|
||||
csr_path: /etc/ssl/private/{{ ansible_domain }}.csr
|
||||
provider: selfsigned
|
|
@ -1,42 +0,0 @@
|
|||
<VirtualHost *:80>
|
||||
ServerName {{ ansible_domain }}
|
||||
ServerAdmin {{ admin_mail }}
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||
|
||||
# Encoded slashes need to be allowed
|
||||
AllowEncodedSlashes NoDecode
|
||||
|
||||
# Container uses a unique non-signed certificate
|
||||
SSLProxyEngine On
|
||||
SSLProxyVerify None
|
||||
SSLProxyCheckPeerCN Off
|
||||
SSLProxyCheckPeerName Off
|
||||
|
||||
# keep the host
|
||||
ProxyPreserveHost On
|
||||
|
||||
# static html, js, images, etc. served from loolwsd
|
||||
# loleaflet is the client part of LibreOffice Online
|
||||
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
|
||||
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
|
||||
|
||||
# WOPI discovery URL
|
||||
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
|
||||
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
|
||||
|
||||
# Main websocket
|
||||
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
|
||||
|
||||
# Admin Console websocket
|
||||
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
|
||||
|
||||
# Download as, Fullscreen presentation and Image upload operations
|
||||
ProxyPass /lool https://127.0.0.1:9980/lool
|
||||
ProxyPassReverse /lool https://127.0.0.1:9980/lool
|
||||
|
||||
# Endpoint with information about availability of various features
|
||||
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
|
||||
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
|
||||
|
||||
</VirtualHost>
|
Loading…
Reference in New Issue