0.1.46-DEV-20210712-130208

-------------------------- * MODIFY: - updated references for renewed certs - re-ordered 2 entries in proxy_sites.yml * ADD: - add vars for the chris-hammer.com and christian-hammer.com certs
2021-07-12 13:03:36 -04:00 · 2021-07-12 13:03:36 -04:00 · 42eeb2ea30
commit 42eeb2ea30
parent 6bae34fea3
2 changed files with 23 additions and 16 deletions
--- a/defaults/main/proxy_site_defs.yml
+++ b/defaults/main/proxy_site_defs.yml
@ -33,11 +33,15 @@
    - "54.94.142.218"


-  proxy_site_ssl_directory       : /etc/nginx/ssl
-  proxy_site_ssl_certificate     : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain12.pem"
-  proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey12.pem"
-  proxy_site_ssl_protocols       : TLSv1.2
-  proxy_site_ssl_ciphers         : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
+  proxy_site_ssl_directory           : /etc/nginx/ssl
+  proxy_site_ssl_certificate         : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain13.pem"
+  proxy_site_ssl_certificate_key     : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey13.pem"
+  proxy_site_ssl_certificate_ch      : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain3.pem"
+  proxy_site_ssl_certificate_key_ch  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey3.pem"
+  proxy_site_ssl_certificate_cht     : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain12.pem"
+  proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey12.pem"
+  proxy_site_ssl_protocols           : TLSv1.2
+  proxy_site_ssl_ciphers             : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256


  # many websites are run from an apache host
--- a/defaults/main/proxy_sites.yml
+++ b/defaults/main/proxy_sites.yml
@ -196,8 +196,17 @@ proxy_sites:
    proto      : http
    dest       : "{{ proxy_default_host }}"
    port       : 80
-    ssl_cert   : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain2.pem"
-    ssl_key    : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey2.pem"
+    ssl_cert   : "{{ proxy_site_ssl_certificate_ch }}"
+    ssl_key    : "{{ proxy_site_ssl_certificate_key_ch }}"
+    max_upload : "{{ proxy_default_max_upload }}"
+
+
+  chris-hammer.com:
+    proto      : http
+    dest       : "{{ proxy_default_host }}"
+    port       : 80
+    ssl_cert   : "{{ proxy_site_ssl_certificate_ch }}"
+    ssl_key    : "{{ proxy_site_ssl_certificate_key_ch }}"
    max_upload : "{{ proxy_default_max_upload }}"


@ -206,15 +215,9 @@ proxy_sites:
    proto      : http
    dest       : "{{ proxy_default_host }}"
    port       : 80
-    ssl_cert   : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain11.pem"
-    ssl_key    : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey11.pem"
+    ssl_cert   : "{{ proxy_site_ssl_certificate_cht }}"
+    ssl_key    : "{{ proxy_site_ssl_certificate_key_cht }}"
    max_upload : "{{ proxy_default_max_upload }}"


-  chris-hammer.com:
-    proto      : http
-    dest       : "{{ proxy_default_host }}"
-    port       : 80
-    ssl_cert   : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain2.pem"
-    ssl_key    : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey2.pem"
-    max_upload : "{{ proxy_default_max_upload }}"
+...