CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

Deploy certs for keycloak-admin and id.ccchh.net using certbot role

Browse source
This commit is contained in:
June 2023-08-02 23:07:21 +02:00 committed by julian
commit 6651f4568d
5 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
playbooks/files/configs/keycloak/nginx/id.ccchh.net.conf
View file

@ -15,10 +15,10 @@ server {
server_name id.ccchh.net;
ssl_certificate /etc/ansible_certs/certs/id.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/ansible_certs/certs/id.ccchh.net/privkey.pem;
ssl_certificate /etc/letsencrypt/live/id.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/id.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/ansible_certs/certs/id.ccchh.net/chain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/id.ccchh.net/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

6
playbooks/files/configs/keycloak/nginx/keycloak-admin.ccchh.net.conf
View file

@ -7,10 +7,10 @@ server {
server_name keycloak-admin.ccchh.net;
ssl_certificate /etc/ansible_certs/certs/keycloak-admin.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/ansible_certs/certs/keycloak-admin.ccchh.net/privkey.pem;
ssl_certificate /etc/letsencrypt/live/keycloak-admin.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/keycloak-admin.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/ansible_certs/certs/keycloak-admin.ccchh.net/chain.pem;
ssl_trusted_certificate /etc/letsencrypt/live/keycloak-admin.ccchh.net/chain.pem;
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
add_header Strict-Transport-Security "max-age=63072000" always;

2
playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -8,6 +8,8 @@ map $host $upstream_acme_challenge_host {
thinkcccore3.ccchh.net 10.31.242.6;
wiki.ccchh.net 10.31.206.13;
zigbee2mqtt.ccchh.net 10.31.208.25:31820;
id.ccchh.net 10.31.206.12:31820;
keycloak-admin.ccchh.net 10.31.206.12:31820;
default "";
}