diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2024-01-20 14:00:53 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2024-01-20 14:00:53 +0100 |
| commit | 3d6ec4049505349fe9da26857a09aafd7e206de4 (patch) | |
| tree | 4db2c44d45b16b4b5dc0c5277e5f55ed91ee5f06 | |
| parent | x509: fix duplicate inclusion problem (diff) | |
apps publish: always include hostname in cert/vhost names
| -rw-r--r-- | roles/apps/node-red/instance/tasks/main.yml | 10 | ||||
| -rw-r--r-- | roles/apps/whawty/auth/instance/tasks/main.yml | 10 |
2 files changed, 6 insertions, 14 deletions
diff --git a/roles/apps/node-red/instance/tasks/main.yml b/roles/apps/node-red/instance/tasks/main.yml index 38547f58..410a1b9f 100644 --- a/roles/apps/node-red/instance/tasks/main.yml +++ b/roles/apps/node-red/instance/tasks/main.yml @@ -52,7 +52,7 @@ x509_certificate_config: ca: "{{ node_red_instances[node_red_instance].publish.zone.certificate_ca_config }}" cert: - common_name: "node-red-{{ node_red_instance }}" + common_name: "node-red-{{ node_red_instance }}.{{ inventory_hostname }}" extended_key_usage: - serverAuth extended_key_usage_critical: yes @@ -125,11 +125,7 @@ - name: configure nginx vhost for publishment vars: nginx_vhost__yaml: | - {% if node_red_instances[node_red_instance].publish.zone.publisher == inventory_hostname %} - name: "node-red-{{ node_red_instance }}" - {% else %} - name: "node-red-{{ node_red_instance }}-{{ inventory_hostname }}" - {% endif %} + name: "node-red-{{ node_red_instance }}.{{ inventory_hostname }}" template: generic {% if 'tls' in node_red_instances[node_red_instance].publish %} tls: @@ -151,7 +147,7 @@ certificate_key: "/etc/ssl/apps-publish-{{ node_red_instances[node_red_instance].publish.zone.name }}/apps-publish-{{ node_red_instances[node_red_instance].publish.zone.name }}-key.pem" trusted_certificate: "/etc/ssl/apps-publish-{{ node_red_instances[node_red_instance].publish.zone.name }}/apps-publish-{{ node_red_instances[node_red_instance].publish.zone.name }}-ca-crt.pem" verify: "on" - name: "node-red-{{ node_red_instance }}" + name: "node-red-{{ node_red_instance }}.{{ inventory_hostname }}" protocols: "TLSv1.3" {% if 'location_extra_directives' in node_red_instances[node_red_instance].publish %} extra_directives: | diff --git a/roles/apps/whawty/auth/instance/tasks/main.yml b/roles/apps/whawty/auth/instance/tasks/main.yml index 1e2f6c0d..26ba63df 100644 --- a/roles/apps/whawty/auth/instance/tasks/main.yml +++ b/roles/apps/whawty/auth/instance/tasks/main.yml @@ -41,7 +41,7 @@ x509_certificate_config: ca: "{{ whawty_auth_instances[whawty_auth_instance].publish.zone.certificate_ca_config }}" cert: - common_name: "whawty-auth-{{ whawty_auth_instance }}" + common_name: "whawty-auth-{{ whawty_auth_instance }}.{{ inventory_hostname }}" extended_key_usage: - serverAuth extended_key_usage_critical: yes @@ -125,11 +125,7 @@ - name: configure nginx vhost for publishment vars: nginx_vhost__yaml: | - {% if whawty_auth_instances[whawty_auth_instance].publish.zone.publisher == inventory_hostname %} - name: "whawty-auth-{{ whawty_auth_instance }}" - {% else %} - name: "whawty-auth-{{ whawty_auth_instance }}-{{ inventory_hostname }}" - {% endif %} + name: "whawty-auth-{{ whawty_auth_instance }}.{{ inventory_hostname }}" template: generic {% if 'tls' in whawty_auth_instances[whawty_auth_instance].publish %} tls: @@ -149,7 +145,7 @@ proxy_ssl: trusted_certificate: "/etc/ssl/apps-publish-{{ whawty_auth_instances[whawty_auth_instance].publish.zone.name }}/apps-publish-{{ whawty_auth_instances[whawty_auth_instance].publish.zone.name }}-ca-crt.pem" verify: "on" - name: "whawty-auth-{{ whawty_auth_instance }}" + name: "whawty-auth-{{ whawty_auth_instance }}.{{ inventory_hostname }}" protocols: "TLSv1.3" nginx_vhost: "{{ nginx_vhost__yaml | from_yaml }}" include_role: |