each server own cert

2024-07-01 20:55:57 +03:00
parent 6b4067be15
commit 68ce1cd6d5
3 changed files with 37 additions and 32 deletions
--- a/roles/rproxy/templates/server.cnf.j2
+++ b/roles/rproxy/templates/server.cnf.j2
@@ -1,17 +1,17 @@
 [ req ]
 prompt                 = no
 days                   = 365
-distinguished_name     = {{ domain.stdout }}
+distinguished_name     = {{  rproxy_service_name  }}.{{ domain.stdout }}
 req_extensions         = v3_req


-[ olsson.ul ]
+[ {{  rproxy_service_name  }}.{{ domain.stdout }} ]
 countryName            = RU
 stateOrProvinceName    = RU
 localityName           = MSK
 organizationName       = {{ domain.stdout }}
 organizationalUnitName = IT
-commonName             = {{ domain.stdout }}
+commonName             = {{  rproxy_service_name  }}.{{ domain.stdout }}
 emailAddress           = admin@{{ domain.stdout }}

 [ v3_req ]
@@ -20,4 +20,4 @@ extendedKeyUsage       = serverAuth
 subjectAltName         = @sans

 [ sans ]
-DNS.0 = *.{{ domain.stdout }}
+DNS.0 = {{  rproxy_service_name  }}.{{ domain.stdout }}
--- a/roles/rproxy/templates/server.conf.j2
+++ b/roles/rproxy/templates/server.conf.j2
@@ -15,8 +15,8 @@ server {
    server_name {{ rproxy_service_name }}.{{ domain.stdout }};
    access_log /var/log/nginx/{{ rproxy_service_name }}.access.log;
    error_log /var/log/nginx/{{ rproxy_service_name }}.error.log;
-    ssl_certificate /etc/nginx/certs/{{ domain.stdout }}.crt;
-    ssl_certificate_key /etc/nginx/certs/{{ domain.stdout }}.key;
+    ssl_certificate /etc/nginx/certs/{{  rproxy_service_name  }}.crt;
+    ssl_certificate_key /etc/nginx/certs/{{  rproxy_service_name  }}.key;
    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH:+AES256:-3DES:!RSA+AES:!RSA+3DES:!NULL:!RC4;
    ssl_prefer_server_ciphers on;