feat: add certificate request task
This commit is contained in:
Lenoctambule
@@ -15,7 +15,7 @@ check_env:
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
run : build
|
run : build
|
||||||
@docker compose $(CMPS) up -d -y
|
@docker compose $(CMPS) up nginx mariadb wordpress wp-cli -d -y
|
||||||
|
|
||||||
build : check_env ${DATA_DIR}
|
build : check_env ${DATA_DIR}
|
||||||
@docker compose $(CMPS) build
|
@docker compose $(CMPS) build
|
||||||
|
|||||||
@@ -95,9 +95,9 @@ services:
|
|||||||
- ./nginx/certbot/www:/var/www/certbot
|
- ./nginx/certbot/www:/var/www/certbot
|
||||||
- ./nginx/99-autoreload.sh:/docker-entrypoint.d/99-autoreload.sh
|
- ./nginx/99-autoreload.sh:/docker-entrypoint.d/99-autoreload.sh
|
||||||
|
|
||||||
# certbot:
|
certbot:
|
||||||
# image: certbot/certbot
|
image: certbot/certbot
|
||||||
# volumes:
|
volumes:
|
||||||
# - ./nginx/certbot/conf:/etc/letsencrypt
|
- ./nginx/certbot/conf:/etc/letsencrypt
|
||||||
# - ./nginx/certbot/www:/var/www/certbot
|
- ./nginx/certbot/www:/var/www/certbot
|
||||||
# entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
|
||||||
5
files/inception/srcs/nginx/99-autoreload.sh
Normal file
5
files/inception/srcs/nginx/99-autoreload.sh
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
while :; do
|
||||||
|
sleep 6h
|
||||||
|
nginx -t && nginx -s reload
|
||||||
|
done &
|
||||||
3
run.yml
3
run.yml
@@ -5,4 +5,5 @@
|
|||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- import_tasks: ./tasks/install-docker.yml
|
- import_tasks: ./tasks/install-docker.yml
|
||||||
- import_tasks: ./tasks/setup-and-start-app.yml
|
- import_tasks: ./tasks/setup-and-start-app.yml
|
||||||
|
- import_tasks: ./tasks/request-certificate.yml
|
||||||
23
tasks/request-certificate.yml
Normal file
23
tasks/request-certificate.yml
Normal file
@@ -0,0 +1,23 @@
|
|||||||
|
|
||||||
|
- name: Request SSL certifiate to letsencrypt
|
||||||
|
block:
|
||||||
|
- name: Obtain or renew SSL certificate for {{ cert_domain }}
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
sudo docker compose -f {{ dest_dir }}/srcs/docker-compose.yml run --rm --entrypoint \
|
||||||
|
"certbot certonly --test-cert -d {{ cert_domain }} --webroot --webroot-path /var/www/certbot --agree-tos" certbot
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
creates: "{{ dest_dir }}/srcs/nginx/conf/{{ cert_domain }}/fullchain.pem"
|
||||||
|
register: certbot_result
|
||||||
|
changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout"
|
||||||
|
when: cert_domain is defined
|
||||||
|
ignore_errors: True
|
||||||
|
|
||||||
|
- name: Restart nginx
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
sudo docker compose -f {{ dest_dir }}/srcs/docker-compose.yml exec nginx nginx -s reload
|
||||||
|
|
||||||
|
- name: Start certbot auto-renew
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
sudo docker compose -f {{ dest_dir }}/srcs/docker-compose.yml up certbot -d -y
|
||||||
|
when: not is_local
|
||||||
Reference in New Issue
Block a user