diff options
Diffstat (limited to 'roles/apache_server/templates')
-rw-r--r-- | roles/apache_server/templates/deploy_static_site_certs | 6 | ||||
-rw-r--r-- | roles/apache_server/templates/virtualhost.conf.tmpl | 10 |
2 files changed, 14 insertions, 2 deletions
diff --git a/roles/apache_server/templates/deploy_static_site_certs b/roles/apache_server/templates/deploy_static_site_certs index 4933d56..1040144 100644 --- a/roles/apache_server/templates/deploy_static_site_certs +++ b/roles/apache_server/templates/deploy_static_site_certs @@ -32,10 +32,12 @@ run_certbot() } -systemctl stop apache2 +systemctl stop apache2 || true + for list in /etc/letsencrypt/*.list do certname="$(basename "$list" .list)" run_certbot "$list" "$certname" || true done -systemctl start apache2 +systemctl start apache2 || true + diff --git a/roles/apache_server/templates/virtualhost.conf.tmpl b/roles/apache_server/templates/virtualhost.conf.tmpl index 8d069ce..1e14db5 100644 --- a/roles/apache_server/templates/virtualhost.conf.tmpl +++ b/roles/apache_server/templates/virtualhost.conf.tmpl @@ -8,6 +8,10 @@ ErrorLog /var/log/apache2/{{ item.domain }}/error.log CustomLog /var/log/apache2/{{ item.domain }}/access.log combined <Directory /srv/http/{{ item.domain }}> +{% if item.redirect|default(false) %} + Redirect permanent / "https://{{ item.redirect }}/" + Require all granted +{% else %} {% if item.letsencrypt|default(false) %} Redirect permanent / "https://{{ item.domain }}/" Require all granted @@ -23,6 +27,7 @@ Require all granted {% endif %} {% endif %} +{% endif %} </Directory> Alias /.well-known/ /srv/letsencrypt/{{ item.domain }}/ @@ -45,6 +50,10 @@ CustomLog /var/log/apache2/{{ item.domain }}/access.log combined <Directory /srv/http/{{ item.domain }}> Options +SymlinksIfOwnerMatch +Indexes +MultiViews +{% if item.redirect|default(false) %} + Redirect permanent / "https://{{ item.redirect }}/" + Require all granted +{% else %} {% if item.htpasswd is defined %} AuthType Basic AuthName "{{ item.htpasswd_name }}" @@ -54,6 +63,7 @@ AllowOverride AuthConfig Require all granted {% endif %} +{% endif %} </Directory> SSLEngine on |