Skip to content

Commit 052fbbd

Browse files
author
Anandkumar Patel
committed
update cert paths
1 parent a8a88f7 commit 052fbbd

4 files changed

Lines changed: 20 additions & 11 deletions

File tree

ansible/group_vars/alpha-navi-proxy.yml

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,10 @@
11
---
22
name: nginx
33

4-
docker_image: "{{ name }}"
5-
docker_image_version: "1.10"
4+
container_image: "{{ name }}"
5+
container_tag: "1.10"
66

7-
docker_restart_command: kill -s SIGHUP
8-
9-
docker_container_run_opts: >
7+
container_run_opts: >
108
-d
119
-h {{ name }}
1210
-p 0.0.0.0:443:443
@@ -15,5 +13,4 @@ docker_container_run_opts: >
1513
-v /etc/nginx/sites-available/:/etc/nginx/sites-enabled/:ro
1614
-v /etc/nginx/ssl/dhparam.pem:/etc/nginx/ssl/dhparam.pem:ro
1715
-v /etc/ssl/certs/{{ user_content_domain }}:/etc/ssl/certs/{{ user_content_domain }}:ro
18-
-v /etc/ssl/private:/etc/ssl/private:ro
1916
-v /var/log/nginx:/var/log/nginx

ansible/navi-proxy.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,5 +5,7 @@
55
roles:
66
- role: datadog
77
has_dd_integration: yes
8+
89
- role: content-domain-certs
9-
- role: container_restart
10+
11+
- role: container_kill_start

ansible/roles/content-domain-certs/tasks/main.yml

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,19 +3,29 @@
33
tags: [ certs ]
44
become: true
55
file:
6-
dest: /opt/ssl/{{ user_content_domain }}
6+
dest: /etc/ssl/certs/{{ user_content_domain }}
77
state: directory
88

99
- name: put certs in place
1010
tags: [ certs ]
1111
become: true
1212
copy:
1313
src: "{{ user_content_domain }}/{{ item }}"
14-
dest: /opt/ssl/{{ user_content_domain }}/{{ item }}
14+
dest: /etc/ssl/certs/{{ user_content_domain }}/{{ item }}
1515
mode: 0400
1616
owner: root
1717
group: root
1818
with_items:
1919
- ca.pem
2020
- key.pem
2121
- cert.pem
22+
23+
- name: create chained cert
24+
tags: [ certs ]
25+
become: true
26+
shell: >
27+
cat
28+
/etc/ssl/certs/{{ user_content_domain }}/cert.pem
29+
/etc/ssl/certs/{{ user_content_domain }}/ca.pem
30+
>
31+
/etc/ssl/certs/{{ user_content_domain }}/chained.pem

ansible/roles/nginx-proxied-service/templates/01-navi.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,8 +35,8 @@ server {
3535
access_log /var/log/nginx/{{ name }}.ssl.access.log;
3636

3737
ssl on;
38-
ssl_certificate /etc/ssl/certs/{{ user_content_domain }}/{{ user_content_domain }}.chained.crt;
39-
ssl_certificate_key /etc/ssl/private/{{ user_content_domain }}.key;
38+
ssl_certificate /etc/ssl/certs/{{ user_content_domain }}/chained.pem;
39+
ssl_certificate_key /etc/ssl/certs/{{ user_content_domain }}/key.pem;
4040
ssl_trusted_certificate /etc/ssl/certs/{{ user_content_domain }}/ca.pem;
4141

4242
ssl_session_cache shared:SSL:10m;

0 commit comments

Comments
 (0)