Solved cert bugs

group_vars/all

@@ -246,7 +246,7 @@ keycloak_administrator_username:  "{{administrator_username}}"
 
 #### LDAP
 ldap_version:                     "latest"
-ldap_admin_version:               "latest"
+ldap_admin_version:               "2.0.0-dev"
 ldap_administrator_username:      "{{administrator_username}}"
 ldap_administrator_password:      "{{user_administrator_initial_password}}" #CHANGE for security reasons
 

roles/docker-ldap/tasks/main.yml

@@ -2,7 +2,6 @@
 - name: "include docker/compose/common.yml"
   include_tasks: docker/compose/common.yml
 
-# optimize 
 - name: "include tasks nginx-docker-proxy-domain.yml"
   include_tasks: nginx-docker-proxy-domain.yml
 

roles/docker-ldap/templates/docker-compose.yml.j2

@@ -35,10 +35,10 @@ services:
       LDAP_LDAPS_PORT_NUMBER:   636                         # Port used for TLS secure traffic. Priviledged port is supported (e.g. 636). Default: 1636 (non privileged port).
       LDAP_TLS_CERT_FILE:       /certs/cert.pem             # File containing the certificate file for the TLS traffic. No defaults.
       LDAP_TLS_KEY_FILE:        /certs/key.pem              # File containing the key for certificate. No defaults.
-      #LDAP_TLS_CA_FILE:                                    # File containing the CA of the certificate. No defaults.
+      LDAP_TLS_CA_FILE:         /certs/chain.pem            # File containing the CA of the certificate. No defaults.
       #LDAP_TLS_DH_PARAMS_FILE:                             # File containing the DH parameters. No defaults.
     volumes:
-      - {{cert_mount_directory}}:/certs
+      - {{cert_mount_directory}}:/certs:ro
       - 'data:/bitnami/openldap'
 {% include 'templates/docker/container/networks.yml.j2' %}
 {% include 'templates/docker/compose/volumes.yml.j2' %}

roles/docker-ldap/vars/main.yml

@@ -1,3 +1,4 @@
 docker_compose_project_name:  "ldap"
 ldap_root:                    "dc={{primary_domain_sld}},dc={{primary_domain_tld}}"
-ldap_admin_dm:                      "cn={{ldap_administrator_username}},{{ldap_root}}"
+ldap_admin_dn:                "cn={{ldap_administrator_username}},{{ldap_root}}"
+cert_mount_directory:         "{{docker_compose_instance_directory}}/certs/"

roles/docker-mailu/templates/docker-compose.yml.j2

@@ -32,7 +32,7 @@ services:
       - "{{ ip4_address }}:4190:4190"
     volumes:
       - "/etc/mailu/overrides/nginx:/overrides:ro"
-      - "{{docker_compose_instance_directory}}/certs/:/certs"
+      - "{{cert_mount_directory}}:/certs:ro"
 {% include 'templates/docker/container/depends-on-also-database.yml.j2' %}
       resolver:
         condition: service_started

roles/docker-mailu/vars/main.yml

@@ -1,3 +1,4 @@
 docker_compose_project_name:  "mailu"
 database_password:  	        "{{mailu_database_password}}"
 database_type:                "mariadb"
+cert_mount_directory:         "{{docker_compose_instance_directory}}/certs/"

roles/nginx-docker-cert-deploy/files/nginx-docker-cert-deploy.sh

@@ -11,14 +11,35 @@ domain="$1"
 docker_compose_instance_directory="$2"
 
 # Copy certificates
-cp "/etc/letsencrypt/live/$domain/privkey.pem" "$docker_compose_instance_directory/certs/key.pem" || exit 1
+cp -Rv "/etc/letsencrypt/live/$domain/"* "$docker_compose_instance_directory/certs" || exit 1
-cp "/etc/letsencrypt/live/$domain/fullchain.pem" $docker_compose_instance_directory/certs/cert.pem || exit 1
+
+# Flag to track if any Nginx reload was successful
+nginx_reload_successful=false
 
 # Reload Nginx in all containers within the Docker Compose setup
 cd "$docker_compose_instance_directory" || exit 1
-docker compose ps --services | while read -r service; do
+
-    docker compose exec "$service" nginx -s reload && exit 0
+# Iterate over all services
+for service in $(docker compose ps --services); do
+    echo "Checking service: $service"
+    # Check if Nginx exists in the container
+    if docker compose exec -T "$service" which nginx > /dev/null 2>&1; then
+        echo "Reloading Nginx for service: $service"
+        if docker compose exec -T "$service" nginx -s reload; then
+            nginx_reload_successful=true
+            echo "Successfully reloaded Nginx for service: $service"
+        else
+            echo "Failed to reload Nginx for service: $service" >&2
+        fi
+    else
+        echo "Nginx not found in service: $service, skipping."
+    fi
 done
 
-# Restart all docker containers if no nginx reload is possible
+# Restart all containers if no Nginx reload was successful
+if [ "$nginx_reload_successful" = false ]; then
+    echo "No Nginx reload was successful. Restarting all Docker containers."
     docker compose restart || exit 1
+else
+    echo "At least one Nginx reload was successful. No restart needed."
+fi

roles/nginx-docker-cert-deploy/handlers/main.yml

@@ -1,7 +1,7 @@
 ---
 - name: "restart nginx-docker-cert-deploy.cymais.service"
   systemd:
-    name:           nginx-docker-cert-deploy.{{domain}}.cymais.service
+    name:           nginx-docker-cert-deploy.{{docker_compose_project_name}}.cymais.service
     state:          restarted
     enabled:        yes
     daemon_reload:  yes

roles/nginx-docker-cert-deploy/vars/main.yml

@@ -1,2 +1 @@
-cert_mount_directory:             "{{docker_compose_instance_directory}}/certs/"
 nginx_docker_cert_deploy_script:  "{{path_administrator_scripts}}nginx-docker-cert-deploy.sh"