2022-11-29 18:09:10 +01:00
|
|
|
---
|
|
|
|
- name: Install stuff
|
|
|
|
apt:
|
|
|
|
name:
|
|
|
|
- apache2
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
- name: install acme.sh
|
|
|
|
include_role:
|
|
|
|
name: acmesh
|
|
|
|
|
|
|
|
- name: create wwwroot
|
|
|
|
file:
|
|
|
|
path: "{{ docroot }}"
|
|
|
|
owner: www-data
|
|
|
|
group: www-data
|
|
|
|
mode: '0755'
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
- name: enable apache module proxy
|
|
|
|
command: a2enmod proxy
|
|
|
|
args:
|
|
|
|
creates: /etc/apache2/mods-enabled/proxy.load
|
|
|
|
notify:
|
|
|
|
reload apache2
|
|
|
|
|
|
|
|
- name: enable apache module proxy_html
|
|
|
|
command: a2enmod proxy_html
|
|
|
|
args:
|
|
|
|
creates: /etc/apache2/mods-enabled/proxy_html.load
|
|
|
|
notify:
|
|
|
|
reload apache2
|
|
|
|
|
|
|
|
- name: enable apache module proxy_http
|
|
|
|
command: a2enmod proxy_http
|
|
|
|
args:
|
|
|
|
creates: /etc/apache2/mods-enabled/proxy_http.load
|
|
|
|
notify:
|
|
|
|
reload apache2
|
|
|
|
|
|
|
|
- name: enable apache module proxy_http2
|
|
|
|
command: a2enmod proxy_http2
|
|
|
|
args:
|
|
|
|
creates: /etc/apache2/mods-enabled/proxy_http2.load
|
|
|
|
notify:
|
|
|
|
reload apache2
|
|
|
|
|
|
|
|
- name: enable apache module ssl
|
|
|
|
command: a2enmod ssl
|
|
|
|
args:
|
|
|
|
creates: /etc/apache2/mods-enabled/ssl.load
|
|
|
|
notify:
|
|
|
|
reload apache2
|
|
|
|
|
|
|
|
- name: enable apache module headers
|
|
|
|
command: a2enmod headers
|
|
|
|
args:
|
|
|
|
creates: /etc/apache2/mods-enabled/headers.load
|
|
|
|
notify:
|
|
|
|
reload apache2
|
|
|
|
|
|
|
|
- name: enable apache module rewrite
|
|
|
|
command: a2enmod rewrite
|
|
|
|
args:
|
|
|
|
creates: /etc/apache2/mods-enabled/rewrite.load
|
|
|
|
notify:
|
|
|
|
reload apache2
|
2022-12-06 16:02:40 +01:00
|
|
|
|
|
|
|
- name: enable apache module proxy_wstunnel
|
|
|
|
command: a2enmod proxy_wstunnel
|
|
|
|
args:
|
|
|
|
creates: /etc/apache2/mods-enabled/proxy_wstunnel.load
|
|
|
|
notify:
|
|
|
|
reload apache2
|
2022-11-29 18:09:10 +01:00
|
|
|
|
|
|
|
- name: install acme.sh
|
|
|
|
include_role:
|
|
|
|
name: acmesh
|
|
|
|
|
|
|
|
- name: set amce server url
|
|
|
|
set_fact:
|
|
|
|
acmeshserver: "--server {{ acme_sh_server }} --insecure --force --days 1"
|
|
|
|
when: acme_sh_server is defined
|
|
|
|
|
|
|
|
- name: set amce server url
|
|
|
|
set_fact:
|
|
|
|
acmeshserver: ""
|
|
|
|
when: not acme_sh_server is defined
|
|
|
|
|
|
|
|
- name: generate /etc/apache2/sites-available/{{ domainname }}.conf
|
|
|
|
template:
|
|
|
|
src: apache.conf.j2
|
|
|
|
dest: /etc/apache2/sites-available/{{ domainname }}.conf
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
notify:
|
|
|
|
- reload apache2
|
|
|
|
|
|
|
|
- name: generate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
|
|
|
|
template:
|
|
|
|
src: apache-ssl.conf.j2
|
|
|
|
dest: /etc/apache2/sites-available/{{ domainname }}-ssl.conf
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
notify:
|
|
|
|
- reload apache2
|
|
|
|
|
|
|
|
- name: activate /etc/apache2/sites-available/{{ domainname }}.conf
|
|
|
|
file:
|
|
|
|
state: link
|
|
|
|
src: /etc/apache2/sites-available/{{ domainname }}.conf
|
|
|
|
dest: /etc/apache2/sites-enabled/{{ domainname }}.conf
|
|
|
|
notify:
|
|
|
|
- reload apache2
|
|
|
|
|
|
|
|
- name: generate /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
|
|
|
|
template:
|
|
|
|
src: includeOptional.conf.j2
|
|
|
|
dest: /etc/apache2/conf-available/{{ domainname }}-ssl-optionalDirectives.conf
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: "0644"
|
|
|
|
notify:
|
|
|
|
- reload apache2
|
|
|
|
|
|
|
|
- name: Flush handlers
|
|
|
|
meta: flush_handlers
|
|
|
|
|
|
|
|
- name: get certificates
|
|
|
|
command: /root/.acme.sh/acme.sh --issue --webroot {{ docroot | default("/var/www/html") }} {{ acmeshserver }} -d {{ domainname }} --email {{ acme_sh_email }} --key-file /etc/ssl/private/{{ domainname }}.key --fullchain-file /etc/ssl/certs/{{ domainname }}.pem --reloadcmd "service apache2 reload"
|
|
|
|
args:
|
|
|
|
creates: /etc/ssl/private/{{ domainname }}.key
|
|
|
|
|
|
|
|
- name: activate /etc/apache2/sites-available/{{ domainname }}-ssl.conf
|
|
|
|
file:
|
|
|
|
state: link
|
|
|
|
src: /etc/apache2/sites-available/{{ domainname }}-ssl.conf
|
|
|
|
dest: /etc/apache2/sites-enabled/{{ domainname }}-ssl.conf
|
|
|
|
notify:
|
|
|
|
- reload apache2
|
|
|
|
|