Let's encript certificate with acme.sh

2026-04-09 12:42:10 +07:00 · 2017-12-02 22:22:28 +01:00
parent 609e4f013d
commit a01f6cd5ea
11 changed files with 177 additions and 11 deletions
--- a/tests/includes/pre_Debian.yml
+++ b/tests/includes/pre_Debian.yml
@@ -50,11 +50,18 @@
    cache_valid_time: 3600
    state: present
  with_items:
+    - cron
    - curl
    - fcgiwrap
+    - jq
    - nghttp2
    - strace
    - vim
+    - unzip
+
+- name: APT | Install daemonize from Stretch
+  apt:
+    deb: http://ftp.us.debian.org/debian/pool/main/d/daemonize/daemonize_1.7.7-1+b1_amd64.deb

 - name: APT | Install PHP
  apt:
@@ -74,3 +81,37 @@
    name: "{{ item.version | php_fpm_service }}"
    state: started
  with_items: "{{ nginx_php }}"
+
+- name: GET_URL | Download ngrok
+  get_url:
+    url: "https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip"
+    dest: "/tmp/ngrok.zip"
+
+- name: UNARCHIVE | Uncompress ngrok
+  unarchive:
+    src: "/tmp/ngrok.zip"
+    dest: "/tmp"
+    remote_src: yes
+
+- name: SHELL | Check if ngrok is started
+  shell: ps aux | grep -q [n]grok
+  register: psngrok
+  changed_when: false
+  failed_when: false
+
+- block:
+
+  - name: SHELL | Start ngrok
+    shell: daemonize /tmp/ngrok http 8888 -bind-tls=false
+
+  - name: WAIT_FOR | ngrok started
+    wait_for:
+      delay: 2
+      port: 4040
+
+  when: psngrok.rc > 0
+
+- name: SHELL | Get ngrok public address
+  shell: curl 'http://127.0.0.1:4040/api/tunnels/command_line' | jq '.public_url' | grep -oE '[[:alnum:]]+\.ngrok\.io'
+  register: ngrok
+  changed_when: false
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -62,7 +62,12 @@
        description: 'Please login!'
        users: []
        state: 'absent'
+    nginx_acmesh: true
+    nginx_acmesh_test: true
    nginx_ssl_pairs:
+      - name: '{{ ngrok.stdout }}'
+        acme: true
+        acme_port: 8888
      - name: 'test-ssl-predeployed.local'
        dest_key: "{{ int_ansible_ssl_dir }}/test.key"
        dest_cert: "{{ int_ansible_ssl_dir }}/test.crt"
@@ -239,6 +244,12 @@
        https_proxy_protocol_port: [20443]
        template: '_base'
        ssl_name: 'test-ssl.local'
+      - name: '{{ ngrok.stdout }}'
+        proto: ['http', 'https']
+        template: '_base'
+        ssl_name: '{{ ngrok.stdout }}'
+        headers:
+          'X-acme': '1'
    nginx_dh_length: 1024
  roles:
    - ../../
@@ -272,6 +283,7 @@
        - '{{ nginx_root }}/test-ssl.local/public'
        - '{{ nginx_root }}/test-ssl-predeployed.local/public'
        - '{{ nginx_root }}/test-ssl-proxy-protocol.local/public'
+        - '{{ nginx_root }}/{{ ngrok.stdout }}/public'

    - name: -- Create directory --
      file:
@@ -450,6 +462,7 @@
      with_items:
        - 'test-ssl-predeployed.local'
        - 'test-ssl.local'
+        - '{{ ngrok.stdout }}'

    - name: -- VERIFY SSL REDIRECT --
      uri: