/
ssl.yml
30 lines (25 loc) · 943 Bytes
/
ssl.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Generate strong dhe param and self-signed ssl cert/key (in development only!).
# In production, you'll need your own valid ssl cert/key.
- name: generate strong dhe parameter
shell: openssl dhparam -dsaparam -out {{dhe_param_path}} 4096
args:
creates: "{{dhe_param_path}}"
notify: reload nginx
- name: create self-signed ssl cert/key
command: >
openssl req -new -nodes -x509
-subj "/C=US/ST=Oregon/L=Portland/O=IT/CN={{site_fqdn}}" -days 3650
-keyout {{ssl_key_path}} -out {{ssl_cert_path}} -extensions v3_ca
args:
creates: "{{ssl_cert_path}}"
notify: reload nginx
- name: ensure ssl cert/key exist
stat: path={{item}}
register: ssl_files
with_items:
- "{{ssl_cert_path}}"
- "{{ssl_key_path}}"
- fail: msg="ssl cert file {{ssl_cert_path}} missing"
when: not ssl_files.results[0].stat.exists
- fail: msg="ssl key file {{ssl_key_path}} missing"
when: not ssl_files.results[1].stat.exists