Last active
December 17, 2024 10:20
-
-
Save ezhulkov/355fff964e54ffed541ed09e80341fd0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[server] | |
SERVER | |
[server:vars] | |
server_name=SERVER | |
email=noc@gopractice.io | |
docker_nginx_ssl=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#inspired by https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 | |
- name: enabling ssl | |
block: | |
- name: certbot dirs | |
file: path={{item}} state=directory mode=0755 group=root owner=root | |
with_items: | |
- "/var/lib/certbot/www" | |
- "/var/log/certbot" | |
- "/var/lib/certbot/conf/live/{{server_name}}" | |
- name: creating dummy certificate | |
docker_container: | |
name: 'openssl' | |
image: 'frapsoft/openssl' | |
state: 'started' | |
auto_remove: yes | |
command: "req -x509 -nodes -newkey rsa:1024 -days 1 \ | |
-keyout '/etc/letsencrypt/live/{{server_name}}/privkey.pem' \ | |
-out '/etc/letsencrypt/live/{{server_name}}/fullchain.pem' \ | |
-subj '/CN=localhost'" | |
volumes: | |
- "/var/lib/certbot/conf:/etc/letsencrypt" | |
- name: copying options-ssl-nginx.conf | |
copy: src=options-ssl-nginx.conf dest=/var/lib/certbot/conf/options-ssl-nginx.conf owner=root group=root mode=0644 | |
- name: copying ssl-dhparams.pem | |
copy: src=ssl-dhparams.pem dest=/var/lib/certbot/conf/ssl-dhparams.pem owner=root group=root mode=0644 | |
- name: starting nginx with dummy certificate | |
docker_container: | |
name: 'nginx' | |
state: 'started' | |
- name: waiting for nginx | |
wait_for: port=80 | |
- name: deleting dummy certificates | |
file: path={{item}} state=absent mode=0640 group=root owner=root | |
with_items: | |
- "/var/lib/certbot/conf/live/{{server_name}}" | |
- name: requesting letsencrypt certificate | |
docker_container: | |
name: 'certbot' | |
image: 'certbot/certbot' | |
state: 'started' | |
auto_remove: yes | |
command: "certonly --webroot --webroot-path /var/www/certbot \ | |
--email {{email}} --cert-name {{server_name}} \ | |
-d {{server_name}} --rsa-key-size 4096 \ | |
--agree-tos --force-renewal" | |
volumes: | |
- "/var/lib/certbot/conf:/etc/letsencrypt" | |
- "/var/lib/certbot/www:/var/www/certbot" | |
- "/var/log/certbot:/var/log/letsencrypt" | |
- name: waiting for certbot | |
wait_for: path=/var/log/certbot/letsencrypt.log search_regex="Your key file has been saved at" | |
- name: restart nginx with prod certificate | |
docker_container: | |
name: 'nginx' | |
state: 'started' | |
restart: yes | |
- name: waiting for nginx | |
wait_for: port=80 | |
when: docker_nginx_ssl == "true" |
You forgot to remove your email
What he said 👍
You forgot to remove your email
Thank you! Fixed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You forgot to remove your email