Fixed SSL issues on local installation
This commit is contained in:
parent
6f0ad37dcf
commit
3d5b1460f7
|
@ -6,15 +6,6 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: ansible_domain != 'dev'
|
|
||||||
- name: add development collabora http site
|
|
||||||
template:
|
|
||||||
src: etc/apache2/sites-available/dev.conf.j2
|
|
||||||
dest: /etc/apache2/sites-available/{{ ansible_domain }}.conf
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
mode: 0644
|
|
||||||
when: ansible_domain == 'dev'
|
|
||||||
- name: disable default site and enable collabora site
|
- name: disable default site and enable collabora site
|
||||||
block:
|
block:
|
||||||
- name: disable default site
|
- name: disable default site
|
||||||
|
@ -23,11 +14,12 @@
|
||||||
- name: enable collabora site
|
- name: enable collabora site
|
||||||
command:
|
command:
|
||||||
cmd: a2ensite {{ ansible_domain }}.conf
|
cmd: a2ensite {{ ansible_domain }}.conf
|
||||||
notify: reload apache
|
|
||||||
- name: run certbot
|
- name: run certbot
|
||||||
command:
|
command:
|
||||||
cmd: certbot --apache --non-interactive --keep-until-expiring --no-eff-email --email {{ admin_mail }} --redirect --renew-with-new-domains --agree-tos -d {{ ansible_domain }}
|
cmd: certbot --apache --non-interactive --keep-until-expiring --no-eff-email --email {{ admin_mail }} --redirect --renew-with-new-domains --agree-tos -d {{ ansible_domain }}
|
||||||
when: ansible_domain != 'dev'
|
when: ansible_domain != 'dev'
|
||||||
|
- include: ssl-dev.yml
|
||||||
|
when: ansible_domain == 'dev'
|
||||||
- name: add collabora https site
|
- name: add collabora https site
|
||||||
template:
|
template:
|
||||||
src: etc/apache2/sites-available/ansible_domain-le-ssl.conf.j2
|
src: etc/apache2/sites-available/ansible_domain-le-ssl.conf.j2
|
||||||
|
@ -35,9 +27,7 @@
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
when: ansible_domain != 'dev'
|
|
||||||
- name: enable collabora https site
|
- name: enable collabora https site
|
||||||
command:
|
command:
|
||||||
cmd: a2ensite {{ ansible_domain }}-le-ssl.conf
|
cmd: a2ensite {{ ansible_domain }}-le-ssl.conf
|
||||||
when: ansible_domain != 'dev'
|
|
||||||
notify: restart apache
|
notify: restart apache
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
- name: Ensure python OpenSSL dependencies are installed.
|
||||||
|
pip:
|
||||||
|
name: pyOpenSSL
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure directory exists for local self-signed TLS certs.
|
||||||
|
file:
|
||||||
|
path: /etc/letsencrypt/live/{{ ansible_domain }}
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Generate an OpenSSL private key.
|
||||||
|
openssl_privatekey:
|
||||||
|
path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
|
||||||
|
|
||||||
|
- name: Generate an OpenSSL CSR.
|
||||||
|
openssl_csr:
|
||||||
|
path: /etc/ssl/private/{{ ansible_domain }}.csr
|
||||||
|
privatekey_path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
|
||||||
|
common_name: "{{ ansible_domain }}"
|
||||||
|
|
||||||
|
- name: Generate a Self Signed OpenSSL certificate.
|
||||||
|
openssl_certificate:
|
||||||
|
path: /etc/letsencrypt/live/{{ ansible_domain }}/fullchain.pem
|
||||||
|
privatekey_path: /etc/letsencrypt/live/{{ ansible_domain }}/privkey.pem
|
||||||
|
csr_path: /etc/ssl/private/{{ ansible_domain }}.csr
|
||||||
|
provider: selfsigned
|
|
@ -1,42 +0,0 @@
|
||||||
<VirtualHost *:80>
|
|
||||||
ServerName {{ ansible_domain }}
|
|
||||||
ServerAdmin {{ admin_mail }}
|
|
||||||
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
||||||
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
||||||
|
|
||||||
# Encoded slashes need to be allowed
|
|
||||||
AllowEncodedSlashes NoDecode
|
|
||||||
|
|
||||||
# Container uses a unique non-signed certificate
|
|
||||||
SSLProxyEngine On
|
|
||||||
SSLProxyVerify None
|
|
||||||
SSLProxyCheckPeerCN Off
|
|
||||||
SSLProxyCheckPeerName Off
|
|
||||||
|
|
||||||
# keep the host
|
|
||||||
ProxyPreserveHost On
|
|
||||||
|
|
||||||
# static html, js, images, etc. served from loolwsd
|
|
||||||
# loleaflet is the client part of LibreOffice Online
|
|
||||||
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
|
|
||||||
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
|
|
||||||
|
|
||||||
# WOPI discovery URL
|
|
||||||
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
|
|
||||||
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
|
|
||||||
|
|
||||||
# Main websocket
|
|
||||||
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws nocanon
|
|
||||||
|
|
||||||
# Admin Console websocket
|
|
||||||
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
|
|
||||||
|
|
||||||
# Download as, Fullscreen presentation and Image upload operations
|
|
||||||
ProxyPass /lool https://127.0.0.1:9980/lool
|
|
||||||
ProxyPassReverse /lool https://127.0.0.1:9980/lool
|
|
||||||
|
|
||||||
# Endpoint with information about availability of various features
|
|
||||||
ProxyPass /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities retry=0
|
|
||||||
ProxyPassReverse /hosting/capabilities https://127.0.0.1:9980/hosting/capabilities
|
|
||||||
|
|
||||||
</VirtualHost>
|
|
Loading…
Reference in New Issue