2024-07-11 01:21:55 +03:00
8 changed files with 219 additions and 60 deletions
--- a/roles/rproxy/tasks/main.yml
+++ b/roles/rproxy/tasks/main.yml
@@ -83,7 +83,7 @@
    - name: Sign server certificate
      ansible.builtin.shell:
-        cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.csr -out {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.crt -CAcreateserial -extfile {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.cnf'
+        cmd: 'openssl x509 -req -CA {{ rproxy_dir }}/certs/RootCA.crt -CAkey {{ rproxy_dir }}/certs/RootCA.key -in {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.csr -out {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.crt -CAcreateserial -config {{ rproxy_dir }}/certs/{{  rproxy_service_name  }}.cnf -days 365'
    - name: Create fullchain certificate
      ansible.builtin.shell:
--- a/roles/rproxy/templates/server.cnf.j2
+++ b/roles/rproxy/templates/server.cnf.j2
@@ -1,8 +1,8 @@
 [ req ]
 prompt                 = no
 days                   = 365
 distinguished_name     = {{ rproxy_service_name }}.{{ domain.stdout }}
 req_extensions         = v3_req
 x509_extensions		   = v3_x509
 [ {{  rproxy_service_name  }}.{{ domain.stdout }} ]
@@ -16,9 +16,14 @@ emailAddress           = admin@{{ domain.stdout }}
 [ v3_req ]
 basicConstraints       = CA:false
-keyUsage       = digitalSignature, keyEncipherment
+keyUsage               = digitalSignature, keyEncipherment
 subjectAltName         = @sans
 [ v3_x509 ]
 basicConstraints       = CA:false
 keyUsage               = digitalSignature, keyEncipherment
 subjectAltName         = @sans
 [ sans ]
-DNS.1 = *.{{ domain.stdout }}
+DNS.1 = {{ rproxy_service_name }}.{{ domain.stdout }}
 IP.1 = {{ rproxy_service_address }}