Fixed SSL issues on local installation

roles/collabora/tasks/apache.yml

@@ -6,15 +6,6 @@
     owner: root
     group: root
     mode: 0644
-  when: ansible_domain != 'dev'
-- name: add development collabora http site
-  template:
-    src: etc/apache2/sites-available/dev.conf.j2
-    dest: /etc/apache2/sites-available/{{ ansible_domain }}.conf
-    owner: root
-    group: root
-    mode: 0644
-  when: ansible_domain == 'dev'
 - name: disable default site and enable collabora site
   block:
     - name: disable default site
@@ -23,11 +14,12 @@
     - name: enable collabora site
       command:
         cmd: a2ensite {{ ansible_domain }}.conf
-      notify: reload apache
 - name: run certbot
   command:
     cmd: certbot --apache --non-interactive --keep-until-expiring --no-eff-email --email {{ admin_mail }} --redirect --renew-with-new-domains --agree-tos -d {{ ansible_domain }}
   when: ansible_domain != 'dev'
+- include: ssl-dev.yml
+  when: ansible_domain == 'dev'
 - name: add collabora https site
   template:
     src: etc/apache2/sites-available/ansible_domain-le-ssl.conf.j2
@@ -35,9 +27,7 @@
     owner: root
     group: root
     mode: 0644
-  when: ansible_domain != 'dev'
 - name: enable collabora https site
   command:
     cmd: a2ensite {{ ansible_domain }}-le-ssl.conf
-  when: ansible_domain != 'dev'
   notify: restart apache

roles/collabora/tasks/ssl-dev.yml

@@ -0,0 +1,27 @@
+---
+- name: Ensure python OpenSSL dependencies are installed.
+  pip:
+    name: pyOpenSSL
+    state: present
+
+- name: Ensure directory exists for local self-signed TLS certs.
+  file:
+    path: /etc/letsencrypt/live/{{ ansible_domain }}
+    state: directory
+
+- name: Generate an OpenSSL private key.
+  openssl_privatekey:
+    path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
+
+- name: Generate an OpenSSL CSR.
+  openssl_csr:
+    path: /etc/ssl/private/{{ ansible_domain }}.csr
+    privatekey_path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
+    common_name: "{{ ansible_domain }}"
+
+- name: Generate a Self Signed OpenSSL certificate.
+  openssl_certificate:
+    path: /etc/letsencrypt/live/{{ ansible_domain }}/fullchain.pem
+    privatekey_path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
+    csr_path: /etc/ssl/private/{{ ansible_domain }}.csr
+    provider: selfsigned

roles/collabora/templates/etc/apache2/sites-available/dev.conf.j2

@@ -1,42 +0,0 @@
-<VirtualHost *:80>
-  ServerName {{ ansible_domain }}
-  ServerAdmin {{ admin_mail }}
-  ErrorLog ${APACHE_LOG_DIR}/error.log
-  CustomLog ${APACHE_LOG_DIR}/access.log combined
-
-  # Encoded slashes need to be allowed
-  AllowEncodedSlashes NoDecode
-
-  # Container uses a unique non-signed certificate
-  SSLProxyEngine On
-  SSLProxyVerify None
-  SSLProxyCheckPeerCN Off
-  SSLProxyCheckPeerName Off
-
-  # keep the host
-  ProxyPreserveHost On
-
-  # static html, js, images, etc. served from loolwsd
-  # loleaflet is the client part of LibreOffice Online
-  ProxyPass           /loleaflet https://127.0.0.1:9980/loleaflet retry=0
-  ProxyPassReverse    /loleaflet https://127.0.0.1:9980/loleaflet
-
-  # WOPI discovery URL
-  ProxyPass           /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
-  ProxyPassReverse    /hosting/discovery https://127.0.0.1:9980/hosting/discovery
-
-  # Main websocket
-  ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
-
-  # Admin Console websocket
-  ProxyPass   /lool/adminws wss://127.0.0.1:9980/lool/adminws
-
-  # Download as, Fullscreen presentation and Image upload operations
-  ProxyPass           /lool https://127.0.0.1:9980/lool
-  ProxyPassReverse    /lool https://127.0.0.1:9980/lool
-
-  # Endpoint with information about availability of various features
-  ProxyPass           /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
-  ProxyPassReverse    /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
-
-</VirtualHost>