refactor haproxy

This commit is contained in:
Michael Rennecke 2019-06-17 20:44:48 +02:00
parent 017f5d91ed
commit 3bfeff4d42
5 changed files with 25 additions and 12 deletions

View File

@ -7,7 +7,7 @@ all:
vars:
ansible_become: false
certbotdomains:
certbot_domains:
- "jabber.0rpheus.net"
haproxy_domains:

View File

@ -12,14 +12,17 @@ do
--non-interactive \
--agree-tos \
--email micha@0rpheus.net \
--preferred-challenges=http \
--rsa-key-size 4096 \
--http-01-port=8888
--webroot \
--webroot-path /var/www/html
fi
done < /etc/haproxy/domains.txt
done < /etc/haproxy/all-domains.txt
# renew all certificates
certbot renew --http-01-port=8888 --preferred-challenges=http --rsa-key-size 4096
certbot renew \
--rsa-key-size 4096 \
--webroot \
--webroot-path /var/www/html
# copy certificates
find /etc/letsencrypt/live/ -mindepth 1 -maxdepth 1 -type d | while read -r domain_path
@ -35,3 +38,7 @@ do
done
systemctl reload haproxy
# prosody cert
prosodyctl --root cert import /etc/letsencrypt/live
systemctl restart prosody.service

View File

@ -58,11 +58,14 @@
- haproxy.cfg
notify: reload haproxy
- name: create domains.txt
- name: create domains files for certificate generation
template:
src: domains.txt
src: "{{ item }}"
dest: /etc/haproxy/
mode: 0644
with_items:
- domains.txt
- all-domains.txt
notify:
- update certs

View File

@ -0,0 +1,6 @@
{% for domain in haproxy_domains %}
{{ domain }}
{% endfor %}
{% for domain in certbot_domains %}
{{ domain }}
{% endfor %}

View File

@ -74,7 +74,8 @@ frontend http
# Let's encrypt
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend bk_letsencrypt if letsencrypt-acl
http-request set-header Host certbot if letsencrypt-acl
use_backend bk_apache if letsencrypt-acl
# stats backend
acl stats-acl path_beg /haproxy
@ -84,10 +85,6 @@ frontend http
use_backend bk_%[hdr(Host),lower,map(/etc/haproxy/hostname2backend.map)] if hostname_has_backend
backend bk_letsencrypt
server letsencrypt 127.0.0.1:8888
{% for backend in haproxy_backends %}
backend bk_{{ backend }}
{% if haproxy_backends[backend]["httpchk"] is defined %}