ezhulkov · January 2, 2019 06:54
diff --git a/main.yml b/main.yml
 - name: enabling ssl
  block:
  - name: certbot dirs
    file: path={{item}} state=directory mode=0755 group=root owner=root
    with_items:
    - "/var/lib/certbot/www"
    - "/var/log/certbot"
    - "/var/lib/certbot/conf/live/{{server_name}}"
  - name: creating dummy certificate
    docker_container:
      name: 'openssl'
      image: 'frapsoft/openssl'
      state: 'started'
      auto_remove: yes
      command: "req -x509 -nodes -newkey rsa:1024 -days 1 \
        -keyout '/etc/letsencrypt/live/{{server_name}}/privkey.pem' \
        -out '/etc/letsencrypt/live/{{server_name}}/fullchain.pem' \
        -subj '/CN=localhost'"
      volumes:
      - "/var/lib/certbot/conf:/etc/letsencrypt"
  - name: copying options-ssl-nginx.conf
    copy: src=options-ssl-nginx.conf dest=/var/lib/certbot/conf/options-ssl-nginx.conf owner=root group=root mode=0644
  - name: copying ssl-dhparams.pem
    copy: src=ssl-dhparams.pem dest=/var/lib/certbot/conf/ssl-dhparams.pem owner=root group=root mode=0644
  - name: starting nginx with dummy certificate
    docker_container:
      name: 'nginx'
      state: 'started'
  - name: waiting for nginx
    wait_for: port=80
  - name: deleting dummy certificates
    file: path={{item}} state=absent mode=0640 group=root owner=root
    with_items:
    - "/var/lib/certbot/conf/live/{{server_name}}"
  - name: requesting letsencrypt certificate
    docker_container:
      name: 'certbot'
      image: 'certbot/certbot'
      state: 'started'
      auto_remove: yes
      command: "certonly --webroot --webroot-path /var/www/certbot \
        --email [email protected] --cert-name {{server_name}} \
        -d {{server_name}} --rsa-key-size 4096 \
        --agree-tos --force-renewal"
      volumes:
      - "/var/lib/certbot/conf:/etc/letsencrypt"
      - "/var/lib/certbot/www:/var/www/certbot"
      - "/var/log/certbot:/var/log/letsencrypt"
  - name: waiting for certbot
    wait_for: path=/var/log/certbot/letsencrypt.log search_regex="Your key file has been saved at"
  - name: restart nginx with prod certificate
    docker_container:
      name: 'nginx'
      state: 'started'
      restart: yes
  - name: waiting for nginx
    wait_for: port=80
  when: docker_nginx_ssl == "true"
	- name: enabling ssl
	block:
	- name: certbot dirs
	file: path={{item}} state=directory mode=0755 group=root owner=root
	with_items:
	- "/var/lib/certbot/www"
	- "/var/log/certbot"
	- "/var/lib/certbot/conf/live/{{server_name}}"
	- name: creating dummy certificate
	docker_container:
	name: 'openssl'
	image: 'frapsoft/openssl'
	state: 'started'
	auto_remove: yes
	command: "req -x509 -nodes -newkey rsa:1024 -days 1 \
	-keyout '/etc/letsencrypt/live/{{server_name}}/privkey.pem' \
	-out '/etc/letsencrypt/live/{{server_name}}/fullchain.pem' \
	-subj '/CN=localhost'"
	volumes:
	- "/var/lib/certbot/conf:/etc/letsencrypt"
	- name: copying options-ssl-nginx.conf
	copy: src=options-ssl-nginx.conf dest=/var/lib/certbot/conf/options-ssl-nginx.conf owner=root group=root mode=0644
	- name: copying ssl-dhparams.pem
	copy: src=ssl-dhparams.pem dest=/var/lib/certbot/conf/ssl-dhparams.pem owner=root group=root mode=0644
	- name: starting nginx with dummy certificate
	docker_container:
	name: 'nginx'
	state: 'started'
	- name: waiting for nginx
	wait_for: port=80
	- name: deleting dummy certificates
	file: path={{item}} state=absent mode=0640 group=root owner=root
	with_items:
	- "/var/lib/certbot/conf/live/{{server_name}}"
	- name: requesting letsencrypt certificate
	docker_container:
	name: 'certbot'
	image: 'certbot/certbot'
	state: 'started'
	auto_remove: yes
	command: "certonly --webroot --webroot-path /var/www/certbot \
	--email [email protected] --cert-name {{server_name}} \
	-d {{server_name}} --rsa-key-size 4096 \
	--agree-tos --force-renewal"
	volumes:
	- "/var/lib/certbot/conf:/etc/letsencrypt"
	- "/var/lib/certbot/www:/var/www/certbot"
	- "/var/log/certbot:/var/log/letsencrypt"
	- name: waiting for certbot
	wait_for: path=/var/log/certbot/letsencrypt.log search_regex="Your key file has been saved at"
	- name: restart nginx with prod certificate
	docker_container:
	name: 'nginx'
	state: 'started'
	restart: yes
	- name: waiting for nginx
	wait_for: port=80
	when: docker_nginx_ssl == "true"