| 123456789101112131415161718192021222324252627282930313233343536373839 |
- ---
- - name: define private certificate path
- ansible.builtin.set_fact:
- nextcloud_tls_cert_file: "/etc/ssl/{{ nextcloud_instance_name }}.crt"
- - name: define private key path
- ansible.builtin.set_fact:
- nextcloud_tls_cert_key_file: "/etc/ssl/{{ nextcloud_instance_name }}.key"
- - name: "[selfsigned TLS] - create self-signed SSL cert"
- ansible.builtin.command: >
- openssl req -new -nodes -x509
- -subj "/C=US/ST=Oregon/L=Portland/O=IT/CN=${hostname --fqdn}"
- -days 365
- -keyout {{ nextcloud_tls_cert_key_file }}
- -out {{ nextcloud_tls_cert_file }}
- -extensions v3_ca
- args:
- creates: "{{ nextcloud_tls_cert_key_file }}"
- - name: "[selfsigned TLS] - check TLS certificate permissions"
- ansible.builtin.file:
- path: "{{ nextcloud_tls_cert_file }}"
- mode: 0644
- group: "{{ nextcloud_websrv_group }}"
- - name: "[selfsigned TLS] - check TLS key permissions"
- ansible.builtin.file:
- path: "{{ nextcloud_tls_cert_key_file }}"
- mode: 0640
- group: "{{ nextcloud_websrv_group }}"
- # cd /etc/haproxy
- # mkdir nextcloud.test
- # cd nextcloud.test/
- # openssl genrsa -out nextcloud.test.key 2048
- # openssl req -new -key nextcloud.test.key -out nextcloud.test.csr
- # openssl x509 -req -days 365 -in nextcloud.test.csr -signkey nextcloud.test.key -out nextcloud.test.crt
- # bash -c 'cat nextcloud.test.key nextcloud.test.crt >> nextcloud.test.pem'
- # cd /etc/haproxy
- # openssl dhparam -out /etc/haproxy/dhparams.pem 2048
|
