mirror of
https://github.com/koodiklinikka/playbooks.git
synced 2026-02-10 23:51:36 +00:00
43 lines
1.3 KiB
YAML
43 lines
1.3 KiB
YAML
---
|
|
|
|
- name: generate ssl forward secrecy key
|
|
command: openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 creates=/etc/ssl/certs/dhparam.pem
|
|
sudo: true
|
|
tags: nginx
|
|
|
|
- name: get root cert for ssl stapling
|
|
get_url: url=http://www.startssl.com/certs/ca.pem dest=/etc/ssl/certs/ca.pem sha256sum=916a8f9232328192968c81c8edb672fa539f726861dfe379ca722050e19962cd
|
|
sudo: true
|
|
|
|
- name: get inter cert for ssl stapling
|
|
get_url: url=http://www.startssl.com/certs/sub.class1.server.ca.pem dest=/etc/ssl/certs/sub.class1.server.ca.pem sha256sum=e7241cd06fed26efdb1db2283ce5c2f9693b18c6698d76b0427f39c3f71ee001
|
|
sudo: true
|
|
|
|
- name: generate combined cert for stapling
|
|
shell: cat /etc/ssl/certs/ca.pem /etc/ssl/certs/sub.class1.server.ca.pem > /etc/ssl/certs/combined_startssl.pem creates=/etc/ssl/certs/combined_startssl.pem
|
|
sudo: true
|
|
tags: nginx
|
|
|
|
- name: Copy private key
|
|
copy:
|
|
content: "{{ ssl_key }}"
|
|
dest: /etc/ssl/private/koodiklinikka.fi.key
|
|
mode: u+rw
|
|
tags: [nginx]
|
|
notify: reload nginx
|
|
sudo: true
|
|
|
|
- name: Copy cert
|
|
copy:
|
|
content: "{{ ssl_certificate }}"
|
|
dest: /etc/ssl/certs/koodiklinikka.fi.pem
|
|
tags: [nginx]
|
|
notify: reload nginx
|
|
sudo: true
|
|
|
|
- name: Copy nginx SSL configuration
|
|
copy: src=files/nginx/ssl_profile.conf dest=/etc/nginx/conf.d
|
|
notify: reload nginx
|
|
sudo: true
|
|
tags: [nginx]
|