Nareshkumar Rao
3 years ago
commit
e4b2871a21
8 changed files with 192 additions and 0 deletions
@ -0,0 +1,2 @@ |
|||||
|
psmcentral ansible_host=159.69.47.163 |
||||
|
|
@ -0,0 +1,9 @@ |
|||||
|
--- |
||||
|
- name: Provision PSM Server |
||||
|
hosts: psmcentral |
||||
|
remote_user: root |
||||
|
roles: |
||||
|
- wordpress |
||||
|
vars_files: |
||||
|
- ./vars.yml |
||||
|
|
@ -0,0 +1,6 @@ |
|||||
|
- name: Restart Apache |
||||
|
service: |
||||
|
name: apache2 |
||||
|
state: restarted |
||||
|
enabled: yes |
||||
|
|
@ -0,0 +1,91 @@ |
|||||
|
- name: "Create required directories in /etc/letsencrypt" |
||||
|
file: |
||||
|
path: "/etc/letsencrypt/{{ item }}" |
||||
|
state: directory |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: u=rwx,g=x,o=x |
||||
|
with_items: |
||||
|
- account |
||||
|
- certs |
||||
|
- csrs |
||||
|
- keys |
||||
|
|
||||
|
- name: "Generate a Let's Encrypt account key" |
||||
|
shell: "if [ ! -f {{ letsencrypt_account_key }} ]; then openssl genrsa 4096 | sudo tee {{ letsencrypt_account_key }}; fi" |
||||
|
args: |
||||
|
creates: "{{ letsencrypt_account_key }}" |
||||
|
|
||||
|
- name: "Generate Let's Encrypt private key" |
||||
|
shell: "openssl genrsa 4096 | sudo tee /etc/letsencrypt/keys/{{ site_url }}.key" |
||||
|
|
||||
|
- name: "Generate Let's Encrypt CSR" |
||||
|
shell: "openssl req -new -sha256 -key /etc/letsencrypt/keys/{{ site_url }}.key -subj \"/CN={{ site_url }}\" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf \"\n[SAN]\nsubjectAltName=DNS:{{ site_url }}\")) | sudo tee /etc/letsencrypt/csrs/{{ site_url }}.csr" |
||||
|
args: |
||||
|
executable: /bin/bash |
||||
|
|
||||
|
- name: "Begin Let's Encrypt challenges" |
||||
|
letsencrypt: |
||||
|
acme_directory: "{{ acme_directory }}" |
||||
|
acme_version: "{{ acme_version }}" |
||||
|
account_key_src: "{{ letsencrypt_account_key }}" |
||||
|
account_email: "{{ admin_email }}" |
||||
|
terms_agreed: 1 |
||||
|
challenge: "{{ acme_challenge_type }}" |
||||
|
csr: "{{ letsencrypt_csrs_dir }}/{{ site_url }}.csr" |
||||
|
dest: "{{ letsencrypt_certs_dir }}/{{ site_url }}.crt" |
||||
|
fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ site_url }}.crt" |
||||
|
remaining_days: 91 |
||||
|
force: yes |
||||
|
register: acme_challenge_domain |
||||
|
|
||||
|
- name: "Create .well-known/acme-challenge directory" |
||||
|
file: |
||||
|
path: /var/www/html/{{ site_url }}/.well-known/acme-challenge |
||||
|
state: directory |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: u=rwx,g=rx,o=rx |
||||
|
|
||||
|
- name: "Implement http-01 challenge files" |
||||
|
copy: |
||||
|
content: "{{ acme_challenge_domain['challenge_data'][item]['http-01']['resource_value'] }}" |
||||
|
dest: "/var/www/html/{{ acme_challenge_domain['challenge_data'][item]['http-01']['resource'] }}" |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: u=rw,g=r,o=r |
||||
|
with_items: |
||||
|
- "{{ site_url }}" |
||||
|
when: acme_challenge_domain['challenge_data'][item] is defined |
||||
|
|
||||
|
- name: "Use challenge Apache conf" |
||||
|
template: |
||||
|
src: apache-challenge-site.conf |
||||
|
dest: /etc/apache2/sites-available/{{ site_url }}.conf |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: u=rw,g=r,o=r |
||||
|
|
||||
|
- name: "Enable site" |
||||
|
shell: a2ensite {{ site_url }} |
||||
|
|
||||
|
- name: "Restart Apache" |
||||
|
service: |
||||
|
name: apache2 |
||||
|
state: restarted |
||||
|
|
||||
|
- name: "Complete Let's Encrypt challenges" |
||||
|
letsencrypt: |
||||
|
acme_directory: "{{ acme_directory }}" |
||||
|
acme_version: "{{ acme_version }}" |
||||
|
account_key_src: "{{ letsencrypt_account_key }}" |
||||
|
account_email: "{{ admin_email }}" |
||||
|
challenge: "{{ acme_challenge_type }}" |
||||
|
csr: "{{ letsencrypt_csrs_dir }}/{{ site_url }}.csr" |
||||
|
dest: "{{ letsencrypt_certs_dir }}/{{ site_url }}.crt" |
||||
|
chain_dest: "{{ letsencrypt_certs_dir }}/chain_{{ site_url }}.crt" |
||||
|
fullchain_dest: "{{ letsencrypt_certs_dir }}/fullchain_{{ site_url }}" |
||||
|
data: "{{ acme_challenge_domain }}" |
||||
|
force: yes |
||||
|
|
||||
|
|
@ -0,0 +1,38 @@ |
|||||
|
- name: Install LAMP stack |
||||
|
apt: |
||||
|
name: apache2, php, libapache2-mod-php, php-mysql, mariadb-server |
||||
|
state: present |
||||
|
update_cache: true |
||||
|
|
||||
|
- name: Install Wordpress Pre-Reqs |
||||
|
apt: |
||||
|
name: php-curl, php-imagick, php-json, php-mbstring, php-xml, php-zip, php-gd, ghostscript, imagemagick |
||||
|
state: present |
||||
|
|
||||
|
- name: Check Certificate Modify Dates |
||||
|
stat: |
||||
|
path: "{{ letsencrypt_certs_dir }}/{{ site_url }}.crt" |
||||
|
register: stat_results |
||||
|
|
||||
|
- name: Get LetsEncrypt Certificates |
||||
|
import_tasks: letsencrypt.yml |
||||
|
when: ((ansible_date_time.epoch|int - stat_results.stat.mtime) > (90 * 60 * 60 * 24)) |
||||
|
|
||||
|
- name: Copy Apache config |
||||
|
template: |
||||
|
src: apache-site.conf |
||||
|
dest: /etc/apache2/sites-available/{{ site_url }}.conf |
||||
|
owner: root |
||||
|
group: root |
||||
|
mode: u=rw,g=r,o=r |
||||
|
|
||||
|
- name: Enable Apache Modules |
||||
|
shell: a2enmod ssl rewrite |
||||
|
notify: |
||||
|
- Restart Apache |
||||
|
|
||||
|
- name: Enable Apache site |
||||
|
shell: a2ensite {{ site_url }} |
||||
|
notify: |
||||
|
- Restart Apache |
||||
|
|
@ -0,0 +1,8 @@ |
|||||
|
<VirtualHost *:80> |
||||
|
ServerName {{ site_url }} |
||||
|
ServerAdmin {{ admin_email }} |
||||
|
DocumentRoot /var/www/html/{{ site_url }} |
||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log |
||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined |
||||
|
</VirtualHost> |
||||
|
|
@ -0,0 +1,23 @@ |
|||||
|
<VirtualHost *:80> |
||||
|
ServerName {{ site_url }} |
||||
|
Redirect permanent / https://{{ site_url }}/ |
||||
|
</VirtualHost> |
||||
|
<VirtualHost *:443> |
||||
|
ServerName {{ site_url }} |
||||
|
DocumentRoot /var/www/html/{{ site_url }} |
||||
|
|
||||
|
<Directory "/var/www/html/{{ site_url }}"> |
||||
|
Order Allow,Deny |
||||
|
Allow from All |
||||
|
AllowOverride All |
||||
|
Require all granted |
||||
|
</Directory> |
||||
|
|
||||
|
SSLEngine on |
||||
|
SSLCertificateFile "{{ letsencrypt_certs_dir }}/{{ site_url }}.crt" |
||||
|
SSLCertificateKeyFile "/etc/letsencrypt/keys/{{ site_url }}.key" |
||||
|
|
||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log |
||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined |
||||
|
</VirtualHost> |
||||
|
|
@ -0,0 +1,15 @@ |
|||||
|
--- |
||||
|
site_url: psm.msolidariti.org |
||||
|
admin_email: naresh@msolidariti.org |
||||
|
|
||||
|
# LetsEncrypt Configuration |
||||
|
|
||||
|
acme_challenge_type: http-01 |
||||
|
acme_directory: https://acme-v02.api.letsencrypt.org/directory |
||||
|
acme_version: 2 |
||||
|
letsencrypt_dir: /etc/letsencrypt |
||||
|
letsencrypt_keys_dir: /etc/letsencrypt/keys |
||||
|
letsencrypt_csrs_dir: /etc/letsencrypt/csrs |
||||
|
letsencrypt_certs_dir: /etc/letsencrypt/certs |
||||
|
letsencrypt_account_key: /etc/letsencrypt/account/account.key |
||||
|
|
Loading…
Reference in new issue