rennecke
/
ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

refactor haproxy

This commit is contained in:
Michael Rennecke 2019-06-17 20:44:48 +02:00
parent 017f5d91ed
commit 3bfeff4d42
5 changed files with 25 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts.yaml
View File

@ -7,7 +7,7 @@ all:
vars: vars:
ansible_become: false ansible_become: false
certbotdomains: certbot_domains:
- "jabber.0rpheus.net" - "jabber.0rpheus.net"
haproxy_domains: haproxy_domains:

15
roles/haproxy/files/update_haproxy_certs.sh
View File

@ -12,14 +12,17 @@ do
--non-interactive \ --non-interactive \
--agree-tos \ --agree-tos \
--email micha@0rpheus.net \ --email micha@0rpheus.net \
--preferred-challenges=http \
--rsa-key-size 4096 \ --rsa-key-size 4096 \
--http-01-port=8888 --webroot \
--webroot-path /var/www/html
fi fi
done < /etc/haproxy/domains.txt done < /etc/haproxy/all-domains.txt
# renew all certificates # renew all certificates
certbot renew --http-01-port=8888 --preferred-challenges=http --rsa-key-size 4096 certbot renew \
--rsa-key-size 4096 \
--webroot \
--webroot-path /var/www/html
# copy certificates # copy certificates
find /etc/letsencrypt/live/ -mindepth 1 -maxdepth 1 -type d | while read -r domain_path find /etc/letsencrypt/live/ -mindepth 1 -maxdepth 1 -type d | while read -r domain_path
@ -35,3 +38,7 @@ do
done done
systemctl reload haproxy systemctl reload haproxy
# prosody cert
prosodyctl --root cert import /etc/letsencrypt/live
systemctl restart prosody.service

7
roles/haproxy/tasks/main.yaml
View File

@ -58,11 +58,14 @@
- haproxy.cfg - haproxy.cfg
notify: reload haproxy notify: reload haproxy
- name: create domains.txt - name: create domains files for certificate generation
template: template:
src: domains.txt src: "{{ item }}"
dest: /etc/haproxy/ dest: /etc/haproxy/
mode: 0644 mode: 0644
with_items:
- domains.txt
- all-domains.txt
notify: notify:
- update certs - update certs

6
roles/haproxy/templates/all-domains.txt Normal file
View File

@ -0,0 +1,6 @@
{% for domain in haproxy_domains %}
{{ domain }}
{% endfor %}
{% for domain in certbot_domains %}
{{ domain }}
{% endfor %}

7
roles/haproxy/templates/haproxy.cfg
View File

@ -74,7 +74,8 @@ frontend http
# Let's encrypt # Let's encrypt
acl letsencrypt-acl path_beg /.well-known/acme-challenge/ acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend bk_letsencrypt if letsencrypt-acl http-request set-header Host certbot if letsencrypt-acl
use_backend bk_apache if letsencrypt-acl
# stats backend # stats backend
acl stats-acl path_beg /haproxy acl stats-acl path_beg /haproxy
@ -84,10 +85,6 @@ frontend http
use_backend bk_%[hdr(Host),lower,map(/etc/haproxy/hostname2backend.map)] if hostname_has_backend use_backend bk_%[hdr(Host),lower,map(/etc/haproxy/hostname2backend.map)] if hostname_has_backend
backend bk_letsencrypt
server letsencrypt 127.0.0.1:8888
{% for backend in haproxy_backends %} {% for backend in haproxy_backends %}
backend bk_{{ backend }} backend bk_{{ backend }}
{% if haproxy_backends[backend]["httpchk"] is defined %} {% if haproxy_backends[backend]["httpchk"] is defined %}