mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-29 15:06:26 +02:00
Optimized READMEs
This commit is contained in:
@@ -90,24 +90,7 @@ docker exec -it openldap sh -c 'ldapsearch -x -D "cn=administrator,dc=flock,dc=t
|
||||
- ❌ If results still exist, some entries were not removed.
|
||||
|
||||
|
||||
---
|
||||
|
||||
#### Manually Create the Base DN (dc=cymais,dc=cloud)
|
||||
Before importing the full LDIF file, you need to explicitly create the base DN (dc=cymais,dc=cloud) first.
|
||||
|
||||
#### Create base.ldif for dc=cymais,dc=cloud
|
||||
Save this LDIF content into a file:
|
||||
```sh
|
||||
dn: dc=cymais,dc=cloud
|
||||
objectClass: top
|
||||
objectClass: domain
|
||||
dc: cymais
|
||||
```
|
||||
#### Add the Base DN to LDAP
|
||||
Run the following command to create the base DN before importing other entries:
|
||||
```sh
|
||||
cat base.ldif | docker exec -i openldap sh -c 'ldapadd -x -D "cn=admin,dc=cymais,dc=cloud" -w "$LDAP_ADMIN_PASSWORD"'
|
||||
```
|
||||
#### Create new_database.ldif
|
||||
|
||||
docker exec -i openldap ldapadd -Y EXTERNAL -H ldapi:/// -f /dev/stdin < new_database.ldif
|
||||
|
||||
|
||||
19
roles/nginx-docker-cert-deploy/CONFIGURATION.md
Normal file
19
roles/nginx-docker-cert-deploy/CONFIGURATION.md
Normal file
@@ -0,0 +1,19 @@
|
||||
# Configuration Options 📋
|
||||
|
||||
## One Wildcard Certificate for All Subdomains
|
||||
|
||||
By default, each subdomain gets its own certificate. You can **enable a wildcard certificate** by setting:
|
||||
|
||||
```yaml
|
||||
enable_wildcard_certificate: true
|
||||
```
|
||||
|
||||
## Pros & Cons of a Wildcard Certificate
|
||||
### Pros
|
||||
- ✅ **Improves performance** by reducing TLS handshakes.
|
||||
- ✅ **Simplifies certificate management** (one cert for all subdomains).
|
||||
### Cons
|
||||
- ⚠ **Requires manual DNS challenge setup** for Let's Encrypt.
|
||||
- ⚠ **Needs additional configuration for automation** (see below).
|
||||
|
||||
If enabled, update your inventory file and follow the **[manual wildcard certificate setup](SETUP.md)**.
|
||||
@@ -17,25 +17,6 @@ This Ansible role simplifies the deployment of **Let's Encrypt certificates** in
|
||||
|
||||
---
|
||||
|
||||
## 📋 **Configuration Options**
|
||||
|
||||
### 🔹 **One Wildcard Certificate for All Subdomains**
|
||||
By default, each subdomain gets its own certificate. You can **enable a wildcard certificate** by setting:
|
||||
|
||||
```yaml
|
||||
enable_wildcard_certificate: true
|
||||
```
|
||||
|
||||
📌 **Pros & Cons of a Wildcard Certificate:**
|
||||
✅ **Improves performance** by reducing TLS handshakes.
|
||||
✅ **Simplifies certificate management** (one cert for all subdomains).
|
||||
⚠ **Requires manual DNS challenge setup** for Let's Encrypt.
|
||||
⚠ **Needs additional configuration for automation** (see below).
|
||||
|
||||
If enabled, update your inventory file and follow the **manual wildcard certificate setup** below.
|
||||
|
||||
---
|
||||
|
||||
## 🔧 **Tasks Overview**
|
||||
|
||||
### **1️⃣ Main Tasks**
|
||||
@@ -57,64 +38,6 @@ If enabled, update your inventory file and follow the **manual wildcard certific
|
||||
|
||||
---
|
||||
|
||||
## **🔐 Wildcard Certificate Setup with Let's Encrypt**
|
||||
If you enabled `enable_wildcard_certificate`, follow these steps to manually request a **wildcard certificate**.
|
||||
|
||||
### **1️⃣ Run the Certbot Command 🖥️**
|
||||
```sh
|
||||
certbot certonly --manual --preferred-challenges=dns --agree-tos \
|
||||
--email administrator@primary_domain -d primary_domain -d "*.primary_domain"
|
||||
```
|
||||
|
||||
### **2️⃣ Add DNS TXT Record for Validation 📜**
|
||||
Certbot will prompt you to add a DNS TXT record:
|
||||
```
|
||||
Please create a TXT record under the name:
|
||||
_acme-challenge.primary_domain.
|
||||
|
||||
with the following value:
|
||||
9oVizYIYVGlZ3VtWQIKRS5UghyXiqGoUNlCtIE7LiA
|
||||
```
|
||||
➡ **Go to your DNS provider** and create a new **TXT record**:
|
||||
- **Host:** `_acme-challenge.primary_domain`
|
||||
- **Value:** `"9oVizYIYVGlZ3VtWQIKRS5UghyXiqGoUNlCtIE7LiA"`
|
||||
- **TTL:** Set to **300 seconds (or lowest possible)**
|
||||
|
||||
✅ **Verify the DNS record** before continuing:
|
||||
```sh
|
||||
dig TXT _acme-challenge.primary_domain @8.8.8.8
|
||||
```
|
||||
|
||||
### **3️⃣ Complete the Certificate Request ✅**
|
||||
Once the DNS changes have propagated, **press Enter** in the Certbot terminal.
|
||||
If successful, Certbot will save the certificates under:
|
||||
```
|
||||
/etc/letsencrypt/live/primary_domain/
|
||||
```
|
||||
- **fullchain.pem** → The certificate
|
||||
- **privkey.pem** → The private key
|
||||
|
||||
---
|
||||
|
||||
## **📂 File & Directory Structure**
|
||||
```sh
|
||||
roles/nginx-docker-cert-deploy/
|
||||
├── files/
|
||||
│ ├── nginx-docker-cert-deploy.sh # Deployment script
|
||||
├── handlers/
|
||||
│ ├── main.yml # Restart Nginx handler
|
||||
├── meta/
|
||||
│ ├── main.yml # Dependencies
|
||||
├── tasks/
|
||||
│ ├── main.yml # Main Ansible tasks
|
||||
├── templates/
|
||||
│ ├── nginx-docker-cert-deploy.service.j2 # Systemd service template
|
||||
├── vars/
|
||||
│ ├── main.yml # Variable definitions
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## **🔧 Deploying Certificates into Docker Containers**
|
||||
The role **automates copying certificates** into Docker Compose setups.
|
||||
|
||||
@@ -129,20 +52,6 @@ This script:
|
||||
sh nginx-docker-cert-deploy.sh primary_domain /path/to/docker/compose
|
||||
```
|
||||
|
||||
### **2️⃣ Systemd Service & Timer**
|
||||
The role includes a **`systemd` service** that runs the deployment script whenever certificates are updated.
|
||||
|
||||
Example `nginx-docker-cert-deploy.service.j2`:
|
||||
```ini
|
||||
[Unit]
|
||||
Description=Let's Encrypt deploy to {{docker_compose.directories.instance}}
|
||||
OnFailure=systemd-notifier.cymais@%n.service
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart=/usr/bin/bash {{path_administrator_scripts}}/nginx-docker-cert-deploy.sh {{primary_domain}} {{docker_compose.directories.instance}}
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 🎯 **Summary**
|
||||
|
||||
36
roles/nginx-docker-cert-deploy/SETUP.md
Normal file
36
roles/nginx-docker-cert-deploy/SETUP.md
Normal file
@@ -0,0 +1,36 @@
|
||||
## **🔐 Wildcard Certificate Setup with Let's Encrypt**
|
||||
If you enabled `enable_wildcard_certificate`, follow these steps to manually request a **wildcard certificate**.
|
||||
|
||||
### **1️⃣ Run the Certbot Command 🖥️**
|
||||
```sh
|
||||
certbot certonly --manual --preferred-challenges=dns --agree-tos \
|
||||
--email administrator@primary_domain -d primary_domain -d "*.primary_domain"
|
||||
```
|
||||
|
||||
### **2️⃣ Add DNS TXT Record for Validation 📜**
|
||||
Certbot will prompt you to add a DNS TXT record:
|
||||
```
|
||||
Please create a TXT record under the name:
|
||||
_acme-challenge.primary_domain.
|
||||
|
||||
with the following value:
|
||||
9oVizYIYVGlZ3VtWQIKRS5UghyXiqGoUNlCtIE7LiA
|
||||
```
|
||||
➡ **Go to your DNS provider** and create a new **TXT record**:
|
||||
- **Host:** `_acme-challenge.primary_domain`
|
||||
- **Value:** `"9oVizYIYVGlZ3VtWQIKRS5UghyXiqGoUNlCtIE7LiA"`
|
||||
- **TTL:** Set to **300 seconds (or lowest possible)**
|
||||
|
||||
✅ **Verify the DNS record** before continuing:
|
||||
```sh
|
||||
dig TXT _acme-challenge.primary_domain @8.8.8.8
|
||||
```
|
||||
|
||||
### **3️⃣ Complete the Certificate Request ✅**
|
||||
Once the DNS changes have propagated, **press Enter** in the Certbot terminal.
|
||||
If successful, Certbot will save the certificates under:
|
||||
```
|
||||
/etc/letsencrypt/live/primary_domain/
|
||||
```
|
||||
- **fullchain.pem** → The certificate
|
||||
- **privkey.pem** → The private key
|
||||
Reference in New Issue
Block a user