Last active
December 14, 2023 11:17
-
-
Save ezhulkov/355fff964e54ffed541ed09e80341fd0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[server] | |
SERVER | |
[server:vars] | |
server_name=SERVER | |
email=noc@gopractice.io | |
docker_nginx_ssl=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#inspired by https://medium.com/@pentacent/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 | |
- name: enabling ssl | |
block: | |
- name: certbot dirs | |
file: path={{item}} state=directory mode=0755 group=root owner=root | |
with_items: | |
- "/var/lib/certbot/www" | |
- "/var/log/certbot" | |
- "/var/lib/certbot/conf/live/{{server_name}}" | |
- name: creating dummy certificate | |
docker_container: | |
name: 'openssl' | |
image: 'frapsoft/openssl' | |
state: 'started' | |
auto_remove: yes | |
command: "req -x509 -nodes -newkey rsa:1024 -days 1 \ | |
-keyout '/etc/letsencrypt/live/{{server_name}}/privkey.pem' \ | |
-out '/etc/letsencrypt/live/{{server_name}}/fullchain.pem' \ | |
-subj '/CN=localhost'" | |
volumes: | |
- "/var/lib/certbot/conf:/etc/letsencrypt" | |
- name: copying options-ssl-nginx.conf | |
copy: src=options-ssl-nginx.conf dest=/var/lib/certbot/conf/options-ssl-nginx.conf owner=root group=root mode=0644 | |
- name: copying ssl-dhparams.pem | |
copy: src=ssl-dhparams.pem dest=/var/lib/certbot/conf/ssl-dhparams.pem owner=root group=root mode=0644 | |
- name: starting nginx with dummy certificate | |
docker_container: | |
name: 'nginx' | |
state: 'started' | |
- name: waiting for nginx | |
wait_for: port=80 | |
- name: deleting dummy certificates | |
file: path={{item}} state=absent mode=0640 group=root owner=root | |
with_items: | |
- "/var/lib/certbot/conf/live/{{server_name}}" | |
- name: requesting letsencrypt certificate | |
docker_container: | |
name: 'certbot' | |
image: 'certbot/certbot' | |
state: 'started' | |
auto_remove: yes | |
command: "certonly --webroot --webroot-path /var/www/certbot \ | |
--email {{email}} --cert-name {{server_name}} \ | |
-d {{server_name}} --rsa-key-size 4096 \ | |
--agree-tos --force-renewal" | |
volumes: | |
- "/var/lib/certbot/conf:/etc/letsencrypt" | |
- "/var/lib/certbot/www:/var/www/certbot" | |
- "/var/log/certbot:/var/log/letsencrypt" | |
- name: waiting for certbot | |
wait_for: path=/var/log/certbot/letsencrypt.log search_regex="Your key file has been saved at" | |
- name: restart nginx with prod certificate | |
docker_container: | |
name: 'nginx' | |
state: 'started' | |
restart: yes | |
- name: waiting for nginx | |
wait_for: port=80 | |
when: docker_nginx_ssl == "true" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you! Fixed