92 lines
2.7 KiB
Markdown
92 lines
2.7 KiB
Markdown
ansible-role-ssl-certs
|
|
======================
|
|
|
|
Generate and/or deploy SSL certificate
|
|
|
|
Available on Ansible Galaxy: [jdauphant.ssl-certs](https://galaxy.ansible.com/list#/roles/3115)
|
|
|
|
# Examples
|
|
|
|
## Example to generate a self-signed SSL certificate
|
|
|
|
```YAML
|
|
- hosts: all
|
|
roles:
|
|
- jdauphant.ssl-certs
|
|
```
|
|
|
|
This will create certificate and private key in:
|
|
|
|
- `/etc/ssl/myserver.mydomain.com.key`
|
|
- `/etc/ssl/myserver.mydomain.com.pem`
|
|
|
|
## Example to deploy a SSL certificate
|
|
|
|
```YAML
|
|
- hosts: all
|
|
roles:
|
|
- role: jdauphant.ssl-certs
|
|
ssl_certs_common_name: "example.com"
|
|
```
|
|
|
|
The certificate has to be placed in `files/ssl/example.com.key` and `files/ssl/example.com.pem`. If
|
|
they don't exist, the key and a **self-signed** certificate will be generated at
|
|
`/etc/ssl/example.com/example.com.key` and `/etc/ssl/example.com/example.com.pem` using the provided common name.
|
|
|
|
|
|
## Example to deploy a SSL certificate using local key/pem files
|
|
|
|
```YAML
|
|
- hosts: all
|
|
roles:
|
|
- role: jdauphant.ssl-certs
|
|
ssl_certs_local_privkey_path: '/path/to/example.com.key'
|
|
ssl_certs_local_cert_path: '/path/to/example.com.pem'
|
|
```
|
|
|
|
## Example to deploy a SSL certificate stored in variables
|
|
|
|
An SSL certificate and key are just text that can be stored as a variable, which is useful when
|
|
using ansible vault.
|
|
|
|
Example variable data, note how the text blob is indented. This is needed to correctly insert the
|
|
text via the template module.
|
|
|
|
```YAML
|
|
ssl_certs_local_privkey_data: |
|
|
-----BEGIN RSA PRIVATE KEY-----
|
|
MIIEpQIBAAKCAQEAu2uhv2cjoN4F3arUZ5cDrwuxf3koCwrKSK75as0WZoxYrpyw
|
|
Lyx9ldyD4nGabVep0R/uAgQ/HqEf2jC7WIvGcEq8bHB9PyEEWzT8IjKQX0YTc//4
|
|
gkHBkpyU0fVrj5nkc30EIbcbH4RHRDwye4VhP/iCPchDG7OqvCyOdm8=
|
|
-----END RSA PRIVATE KEY-----
|
|
ssl_certs_local_cert_data: |
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIDmzCCAoOgAwIBAgIJAKWMlgLwrBzXMA0GCSqGSIb3DQEBCwUAMGQxCzAJBgNV
|
|
QAL3naEfBSZBl0tBohuxn8Xd3yLPuKGUOk3pSL1IJy0Ca6p+QwjkaZUd9X3gf1V2
|
|
SEfYSaGPvfIlSuHIshno
|
|
-----END CERTIFICATE-----
|
|
```
|
|
|
|
Then simply include the role as in the first example.
|
|
|
|
## Example to use this role with my Nginx role: [jdauphant.nginx](https://github.com/jdauphant/ansible-role-nginx)
|
|
|
|
```YAML
|
|
- hosts: all
|
|
roles:
|
|
- jdauphant.ssl-certs
|
|
ssl_certs_generate_dh_param: true
|
|
- role: jdauphant.nginx
|
|
nginx_configs:
|
|
ssl:
|
|
- ssl_certificate_key {{ssl_certs_privkey_path}}
|
|
- ssl_certificate {{ssl_certs_cert_path}}
|
|
- ssl_dhparam {{ssl_certs_dhparam_path}}
|
|
nginx_sites:
|
|
default:
|
|
- listen 443 ssl
|
|
- server_name _
|
|
- root "/usr/share/nginx/html"
|
|
- index index.html
|
|
```
|