Refactor anislbe role
* Divide tasks to different files
This commit is contained in:
@@ -1,18 +1,18 @@
|
||||
[ req ]
|
||||
prompt = no
|
||||
distinguished_name = dockerrepo.{{ domain.stdout }}
|
||||
distinguished_name = dockerrepo.{{ ansible_domain }}
|
||||
req_extensions = v3_req
|
||||
x509_extensions = v3_x509
|
||||
|
||||
|
||||
[ dockerrepo.{{ domain.stdout }} ]
|
||||
[ dockerrepo.{{ ansible_domain }} ]
|
||||
countryName = RU
|
||||
stateOrProvinceName = RU
|
||||
localityName = MSK
|
||||
organizationName = {{ domain.stdout }}
|
||||
organizationName = {{ ansible_domain }}
|
||||
organizationalUnitName = IT
|
||||
commonName = dockerrepo.{{ domain.stdout }}
|
||||
emailAddress = admin@{{ domain.stdout }}
|
||||
commonName = dockerrepo.{{ ansible_domain }}
|
||||
emailAddress = admin@{{ ansible_domain }}
|
||||
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:false
|
||||
@@ -25,5 +25,5 @@ keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ sans ]
|
||||
DNS.1 = dockerrepo.{{ domain.stdout }}
|
||||
IP.1 = {{ IP.stdout }}
|
||||
DNS.1 = dockerrepo.{{ ansible_domain }}
|
||||
IP.1 = {{ {{ ansible_facts['default_ipv4']['address'] }} }}
|
||||
@@ -1,18 +1,18 @@
|
||||
[ req ]
|
||||
prompt = no
|
||||
distinguished_name = repo.{{ domain.stdout }}
|
||||
distinguished_name = repo.{{ ansible_domain }}
|
||||
req_extensions = v3_req
|
||||
x509_extensions = v3_x509
|
||||
|
||||
|
||||
[ repo.{{ domain.stdout }} ]
|
||||
[ repo.{{ ansible_domain }} ]
|
||||
countryName = RU
|
||||
stateOrProvinceName = RU
|
||||
localityName = MSK
|
||||
organizationName = {{ domain.stdout }}
|
||||
organizationName = {{ ansible_domain }}
|
||||
organizationalUnitName = IT
|
||||
commonName = repo.{{ domain.stdout }}
|
||||
emailAddress = admin@{{ domain.stdout }}
|
||||
commonName = repo.{{ ansible_domain }}
|
||||
emailAddress = admin@{{ ansible_domain }}
|
||||
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:false
|
||||
@@ -25,5 +25,5 @@ keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ sans ]
|
||||
DNS.1 = repo.{{ domain.stdout }}
|
||||
IP.1 = {{ IP.stdout }}
|
||||
DNS.1 = repo.{{ ansible_domain }}
|
||||
IP.1 = {{ {{ ansible_facts['default_ipv4']['address'] }} }}
|
||||
@@ -1,18 +1,18 @@
|
||||
[ req ]
|
||||
prompt = no
|
||||
distinguished_name = {{ rproxy_service_name }}.{{ domain.stdout }}
|
||||
distinguished_name = {{ rproxy_service_name }}.{{ ansible_domain }}
|
||||
req_extensions = v3_req
|
||||
x509_extensions = v3_x509
|
||||
|
||||
|
||||
[ {{ rproxy_service_name }}.{{ domain.stdout }} ]
|
||||
[ {{ rproxy_service_name }}.{{ ansible_domain }} ]
|
||||
countryName = RU
|
||||
stateOrProvinceName = RU
|
||||
localityName = MSK
|
||||
organizationName = {{ domain.stdout }}
|
||||
organizationName = {{ ansible_domain }}
|
||||
organizationalUnitName = IT
|
||||
commonName = {{ rproxy_service_name }}.{{ domain.stdout }}
|
||||
emailAddress = admin@{{ domain.stdout }}
|
||||
commonName = {{ rproxy_service_name }}.{{ ansible_domain }}
|
||||
emailAddress = admin@{{ ansible_domain }}
|
||||
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:false
|
||||
@@ -25,5 +25,5 @@ keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ sans ]
|
||||
DNS.1 = {{ rproxy_service_name }}.{{ domain.stdout }}
|
||||
DNS.1 = {{ rproxy_service_name }}.{{ ansible_domain }}
|
||||
IP.1 = {{ rproxy_service_address }}
|
||||
@@ -1,10 +1,10 @@
|
||||
upstream {{ rproxy_service_name }}.{{ domain.stdout }} {
|
||||
upstream {{ rproxy_service_name }}.{{ ansible_domain }} {
|
||||
server {{ rproxy_service_address }}:{{ rproxy_service_port }};
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name {{ rproxy_service_name }}.{{ domain.stdout }};
|
||||
server_name {{ rproxy_service_name }}.{{ ansible_domain }};
|
||||
access_log /var/log/nginx/{{ rproxy_service_name }}.access.log;
|
||||
error_log /var/log/nginx/{{ rproxy_service_name }}.error.log;
|
||||
return 301 https://$server_name$request_uri;
|
||||
@@ -12,7 +12,7 @@ server {
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name {{ rproxy_service_name }}.{{ domain.stdout }};
|
||||
server_name {{ rproxy_service_name }}.{{ ansible_domain }};
|
||||
access_log /var/log/nginx/{{ rproxy_service_name }}.access.log;
|
||||
error_log /var/log/nginx/{{ rproxy_service_name }}.error.log;
|
||||
ssl_certificate /etc/nginx/certs/{{ rproxy_service_name }}.crt;
|
||||
@@ -30,6 +30,6 @@ server {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://{{ rproxy_service_name }}.{{ domain.stdout }}/;
|
||||
proxy_pass http://{{ rproxy_service_name }}.{{ ansible_domain }}/;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user