added https parts site, video site, fixed modsecurity

2022-04-12 01:15:51 -04:00
parent 232b28a647
commit 9fbe473e3c
22 changed files with 193 additions and 246 deletions
--- a/ansible/roles/ssl/tasks/certbot.yml
+++ b/ansible/roles/ssl/tasks/certbot.yml
@@ -1,8 +1,16 @@
 ---
+- name: stat dhparam
+  become: true
+  stat:
+    path: /etc/ssl/certs/dhparam.pem
+  register: dhparam
+  tags: ssl
+
 - name: generate openssl dhparam for nginx
  become: true
  command: |
    openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
+  when: not dhparam.stat.exists
  args:
    creates: /etc/ssl/certs/dhparam.pem
  tags: ssl
@@ -10,9 +18,12 @@
 - name: create ssl certificate for ci server
  become: true
  command: |
-    certbot certonly --webroot --webroot-path=/srv/http \
-    -m {{ ci_server_email }} --agree-tos \
-    -d {{ ci_server_name }}
+    certbot certonly --webroot --webroot-path=/srv/http/letsencrypt \
+    -m {{ ssl_email }} --agree-tos \
+    -d {{ item }}
  args:
-    creates: "/etc/letsencrypt/live/{{ ci_server_name }}"
+    creates: "/etc/letsencrypt/live/{{ item }}"
+  loop:
+    - "{{ ci_server_name }}"
+    - "{{ parts_server_name }}"
  tags: ssl