mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-03-31 14:24:16 +02:00
Solved wildcard certificate for non-wildcard domains and network variable bug
This commit is contained in:
parent
b91a132407
commit
8e2c8360d4
@ -1,6 +1,7 @@
|
||||
ENABLE_COTURN=true
|
||||
COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/fullchain.pem
|
||||
COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ primary_domain if enable_one_letsencrypt_cert_for_all else domain }}/privkey.pem
|
||||
{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all and primary_domain in domain else domain %}
|
||||
COTURN_TLS_CERT_PATH=/etc/letsencrypt/live/{{ssl_cert_folder}}/fullchain.pem
|
||||
COTURN_TLS_KEY_PATH=/etc/letsencrypt/live/{{ssl_cert_folder}}/privkey.pem
|
||||
ENABLE_GREENLIGHT={{applications.bigbluebutton.enable_greenlight}}
|
||||
|
||||
# Enable Webhooks
|
||||
@ -41,12 +42,12 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
|
||||
|
||||
DOMAIN={{domain}}
|
||||
|
||||
EXTERNAL_IPv4={{{{networks.internet.ip4}}}}
|
||||
EXTERNAL_IPv4={{networks.internet.ip4}}
|
||||
EXTERNAL_IPv6=
|
||||
|
||||
# STUN SERVER
|
||||
# stun.freeswitch.org
|
||||
STUN_IP={{{{networks.internet.ip4}}}}
|
||||
STUN_IP={{networks.internet.ip4}}
|
||||
STUN_PORT=3478
|
||||
|
||||
# TURN SERVER
|
||||
|
@ -1,7 +1,7 @@
|
||||
matrix_servers:
|
||||
hosts:
|
||||
{{inventory_hostname}}:
|
||||
ansible_host: "{{{{networks.internet.ip4}}}}"
|
||||
ansible_host: "{{networks.internet.ip4}}"
|
||||
ansible_ssh_user: administrator
|
||||
become: true
|
||||
become_user: root
|
||||
|
@ -1,4 +1,4 @@
|
||||
{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all else domain %}
|
||||
{% set ssl_cert_folder = primary_domain if enable_one_letsencrypt_cert_for_all and primary_domain in domain else domain %}
|
||||
ssl_certificate /etc/letsencrypt/live/{{ ssl_cert_folder }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ ssl_cert_folder }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ ssl_cert_folder }}/chain.pem;
|
@ -10,7 +10,10 @@
|
||||
certbot certonly --agree-tos --email {{ administrator_email }}
|
||||
--non-interactive --webroot -w /var/lib/letsencrypt/ -d {{ primary_domain }} -d *.{{ primary_domain }}
|
||||
{{ '--test-cert' if mode_test | bool else '' }}
|
||||
when: enable_one_letsencrypt_cert_for_all and run_once_recieve_certificate is not defined
|
||||
when:
|
||||
- enable_one_letsencrypt_cert_for_all
|
||||
- primary_domain in domain
|
||||
- run_once_recieve_certificate is not defined
|
||||
|
||||
- name: "Cleanup dedicated cert for {{ domain }}"
|
||||
command: >-
|
||||
@ -18,6 +21,7 @@
|
||||
when:
|
||||
- mode_cleanup
|
||||
- enable_one_letsencrypt_cert_for_all
|
||||
- primary_domain in domain
|
||||
- domain != primary_domain
|
||||
ignore_errors: true
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user