radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
ansible-nginx/tasks/ssl/acme.yml

84 lines
2.8 KiB
YAML
Raw Normal View History

Let's encript certificate with acme.sh
2017-12-03 04:22:28 +07:00
---
- name: APT | Install git
apt: pkg=git
- name: SET_FACT | Assign default..
set_fact:
acme_create: []
- name: STAT | Check acme.sh is installed
stat:
path: "{{ nginx_acmesh_dir }}"
register: acme
- block:
- name: GIT | Get acme.sh
git:
repo: 'https://github.com/Neilpang/acme.sh.git'
dest: '{{ nginx_acmesh_git_dir }}'
update: no
- name: SHELL | Install acme.sh
shell: ./acme.sh --install --home {{ nginx_acmesh_dir }} --cert-home {{ nginx_acmesh_dir }}
args:
chdir: "{{ nginx_acmesh_git_dir }}"
creates: "{{ nginx_acmesh_dir }}"
when: not acme.stat.exists
- name: STAT | Check if certificates are already installed
stat:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"
with_items: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme
register: acme_installed_certs
- name: SET_FACT | Assign var with certificates to create
set_fact:
Fix acme when acme_port is not defined
2017-12-03 08:08:32 +07:00
acme_create: "{{ acme_create | default([]) + [ (item.item | combine({'listen': ([item.item.acme_port|default(80)]) }) ) ] }}"
Let's encript certificate with acme.sh
2017-12-03 04:22:28 +07:00
with_items: "{{ acme_installed_certs.results }}"
when: item.skipped is not defined and not item.stat.exists
- name: TEMPLATE | Create fake site
template:
src: "etc/nginx/sites-available/_base.j2"
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
with_items: "{{ acme_create }}"
register: fake_site
- name: SERVICE | Reload nginx
service:
name: nginx
state: reloaded
when: fake_site.changed
- name: SHELL | Get certificates
shell: '{{ nginx_acmesh_bin }} --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %} --nginx {% if nginx_acmesh_test %}--test{% endif %}'
args:
acme.sh : no_log + fix check created
2017-12-03 08:15:48 +07:00
creates: "/root/.acme.sh/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
Let's encript certificate with acme.sh
2017-12-03 04:22:28 +07:00
with_items: "{{ acme_create }}"
register: acme_get
failed_when: acme_get.rc != 0 and acme_get.rc != 2
acme.sh : no_log + fix check created
2017-12-03 08:15:48 +07:00
no_log: true
Let's encript certificate with acme.sh
2017-12-03 04:22:28 +07:00
- name: FILE | Create SSL dir per site
file:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
with_items: "{{ acme_create }}"
- name: SHELL | Install certificates
shell: '{{ nginx_acmesh_bin }} --install-cert -d {{ item | nginx_site_name }} --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key'
args:
creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
with_items: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme
notify: restart nginx
- name: FILE | Delete fake sites
file:
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
state: absent
with_items: "{{ acme_create }}"