From 4b5ba892baed94251ecf01d134ec7ead87b482ab Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Tue, 2 Dec 2025 13:51:22 +0100 Subject: [PATCH] Introduced SSL_ENABLED flag --- group_vars/all/00_general.yml | 9 ++++++--- roles/web-app-bookwyrm/templates/env.j2 | 2 +- roles/web-app-confluence/templates/env.j2 | 2 +- roles/web-app-jira/templates/env.j2 | 2 +- roles/web-app-magento/templates/env.j2 | 6 +++--- roles/web-app-openproject/templates/env.j2 | 4 ++-- roles/web-app-wordpress/tasks/04_update_domain.yml | 2 +- 7 files changed, 15 insertions(+), 12 deletions(-) diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml index 1e5be3e9..84444276 100644 --- a/group_vars/all/00_general.yml +++ b/group_vars/all/00_general.yml @@ -22,12 +22,15 @@ HOST_TIME_FORMAT: "HH:mm" HOST_THOUSAND_SEPARATOR: "." HOST_DECIMAL_MARK: "," +# Encryptiom +SSL_ENABLED: true + # Web -WEB_PROTOCOL: "https" # Web protocol type. Use https or http. If you run local you need to change it to http -WEB_PORT: "{{ 443 if WEB_PROTOCOL == 'https' else 80 }}" # Default port web applications will listen to +WEB_PROTOCOL: "{{ 'https' if SSL_ENABLED | bool else 'http' }}" # Web protocol type. Use https or http. If you run local you need to change it to http +WEB_PORT: "{{ 443 if SSL_ENABLED | bool else 80 }}" # Default port web applications will listen to # Websocket -WEBSOCKET_PROTOCOL: "{{ 'wss' if WEB_PROTOCOL == 'https' else 'ws' }}" +WEBSOCKET_PROTOCOL: "{{ 'wss' if SSL_ENABLED | bool else 'ws' }}" # WWW-Redirect to None WWW-Domains enabled WWW_REDIRECT_ENABLED: "{{ ('web-opt-rdr-www' in group_names) | bool }}" diff --git a/roles/web-app-bookwyrm/templates/env.j2 b/roles/web-app-bookwyrm/templates/env.j2 index 0d6e4793..646c352c 100644 --- a/roles/web-app-bookwyrm/templates/env.j2 +++ b/roles/web-app-bookwyrm/templates/env.j2 @@ -54,7 +54,7 @@ REDIS_ACTIVITY_URL="{{ BOOKWYRM_REDIS_ACTIVITY_URL }}" # Proxy (if BookWyrm sits behind reverse proxy) FORWARDED_ALLOW_IPS="*" USE_X_FORWARDED_HOST="true" -SECURE_PROXY_SSL_HEADER="{{ (WEB_PORT == 443) | string | lower }}" +SECURE_PROXY_SSL_HEADER="{{ SSL_ENABLED | bool | string | lower }}" # OIDC (optional – only if BOOKWYRM_OIDC_ENABLED) {% if BOOKWYRM_OIDC_ENABLED %} diff --git a/roles/web-app-confluence/templates/env.j2 b/roles/web-app-confluence/templates/env.j2 index 4d9a0e36..c2bc84e3 100644 --- a/roles/web-app-confluence/templates/env.j2 +++ b/roles/web-app-confluence/templates/env.j2 @@ -5,7 +5,7 @@ CONFLUENCE_HOME="{{ CONFLUENCE_HOME }}" ATL_PROXY_NAME={{ CONFLUENCE_HOSTNAME }} ATL_PROXY_PORT={{ WEB_PORT }} ATL_TOMCAT_SCHEME={{ WEB_PROTOCOL }} -ATL_TOMCAT_SECURE={{ (WEB_PORT == 443) | lower }} +ATL_TOMCAT_SECURE={{ SSL_ENABLED | bool | lower }} JVM_MINIMUM_MEMORY={{ CONFLUENCE_JVM_MIN }} JVM_MAXIMUM_MEMORY={{ CONFLUENCE_JVM_MAX }} diff --git a/roles/web-app-jira/templates/env.j2 b/roles/web-app-jira/templates/env.j2 index 1dc89fe2..697f789e 100644 --- a/roles/web-app-jira/templates/env.j2 +++ b/roles/web-app-jira/templates/env.j2 @@ -11,7 +11,7 @@ ATL_JDBC_PASSWORD={{ database_password }} ATL_PROXY_NAME={{ JIRA_HOSTNAME }} ATL_PROXY_PORT={{ WEB_PORT }} ATL_TOMCAT_SCHEME={{ WEB_PROTOCOL }} -ATL_TOMCAT_SECURE={{ (WEB_PORT == 443) | lower }} +ATL_TOMCAT_SECURE={{ SSL_ENABLED | bool | lower }} JVM_MINIMUM_MEMORY={{ JIRA_JVM_MIN }} JVM_MAXIMUM_MEMORY={{ JIRA_JVM_MAX }} diff --git a/roles/web-app-magento/templates/env.j2 b/roles/web-app-magento/templates/env.j2 index bf29bdfa..801c2c33 100644 --- a/roles/web-app-magento/templates/env.j2 +++ b/roles/web-app-magento/templates/env.j2 @@ -5,9 +5,9 @@ # Host & URLs MAGENTO_URL="{{ MAGENTO_URL }}" MAGENTO_BACKEND_FRONTNAME="admin" -MAGENTO_USE_SECURE={{ (WEB_PORT == 443) | ternary('1','0') }} -MAGENTO_BASE_URL_SECURE={{ (WEB_PORT == 443) | ternary('1','0') }} -MAGENTO_USE_SECURE_ADMIN={{ (WEB_PORT == 443) | ternary('1','0') }} +MAGENTO_USE_SECURE={{ SSL_ENABLED | bool | ternary('1','0') }} +MAGENTO_BASE_URL_SECURE={{ SSL_ENABLED | bool | ternary('1','0') }} +MAGENTO_USE_SECURE_ADMIN={{ SSL_ENABLED | bool | ternary('1','0') }} # Admin (seed from global administrator) MAGENTO_ADMIN_USERNAME="{{ users.administrator.username }}" diff --git a/roles/web-app-openproject/templates/env.j2 b/roles/web-app-openproject/templates/env.j2 index 8372797b..14c8f255 100644 --- a/roles/web-app-openproject/templates/env.j2 +++ b/roles/web-app-openproject/templates/env.j2 @@ -6,11 +6,11 @@ # Please refer to our documentation to see all possible variables: # https://www.openproject.org/docs/installation-and-operations/configuration/environment/ # -OPENPROJECT_HTTPS={{ WEB_PORT == 443 | string | lower }} +OPENPROJECT_HTTPS={{ SSL_ENABLED | bool | string | lower }} OPENPROJECT_HOST__NAME={{ domains | get_domain(application_id) }} OPENPROJECT_RAILS__RELATIVE__URL__ROOT= IMAP_ENABLED=false -OPENPROJECT_HSTS={{ WEB_PORT == 443 | string | lower }} +OPENPROJECT_HSTS={{ SSL_ENABLED | bool | string | lower }} RAILS_CACHE_STORE: "memcache" OPENPROJECT_CACHE__MEMCACHE__SERVER: "cache:11211" OPENPROJECT_RAILS__RELATIVE__URL__ROOT: "" diff --git a/roles/web-app-wordpress/tasks/04_update_domain.yml b/roles/web-app-wordpress/tasks/04_update_domain.yml index b62a8b6d..b2ce83f7 100644 --- a/roles/web-app-wordpress/tasks/04_update_domain.yml +++ b/roles/web-app-wordpress/tasks/04_update_domain.yml @@ -60,7 +60,7 @@ --path={{ WORDPRESS_DOCKER_HTML_PATH }} register: wp_sr_scheme changed_when: "{{ ('Success: Made 0 replacements.' not in wp_sr_scheme.stdout) | bool }}" - when: WEB_PORT == 443 + when: SSL_ENABLED | bool - name: Flush caches and rewrite rules command: >