Add https web

author: alex <alex@pdp7.net> 2025-10-11 13:51:20 +0200
committer: alex <alex@pdp7.net> 2025-10-11 13:51:20 +0200
commit: 6915da790011815ffb0f80d0708665e7dc3accb7 (patch)
tree: 980179cdfd37467323760caa67c630b0c789d651 /infrastructure/roles/web/tasks
parent: ca6fa08ffb491f5f41f53544af5ae8bd94f64565 (diff)
1 files changed, 26 insertions, 0 deletions
diff --git a/infrastructure/roles/web/tasks/main.yaml b/infrastructure/roles/web/tasks/main.yaml
new file mode 100644
index 0000000..2bf04e2
--- /dev/null
+++ b/infrastructure/roles/web/tasks/main.yaml
@@ -0,0 +1,26 @@
+- name: install apache2
+  ansible.builtin.package:
+    name: apache2
+- name: enable mod_md
+  ansible.builtin.command:
+    cmd: a2enmod md
+    creates: /etc/apache2/mods-enabled/md.load
+  notify: restart web
+- name: enable mod_ssl
+  ansible.builtin.command:
+    cmd: a2enmod ssl
+    creates: /etc/apache2/mods-enabled/ssl.load
+  notify: restart web
+- name: ssl site
+  ansible.builtin.copy:
+    dest: /etc/apache2/sites-enabled/ssl.conf
+    content: |
+      MDomain {{ public_hostname_punycode }}
+      MDCertificateAgreement accepted
+
+      <VirtualHost *:443>
+        ServerName {{ public_hostname_punycode }}
+        SSLEngine on
+        ServerAdmin {{ admin_email }}
+      </VirtualHost>
+  notify: restart web
author	alex <alex@pdp7.net>	2025-10-11 13:51:20 +0200
committer	alex <alex@pdp7.net>	2025-10-11 13:51:20 +0200
commit	6915da790011815ffb0f80d0708665e7dc3accb7 (patch)
tree	980179cdfd37467323760caa67c630b0c789d651 /infrastructure/roles/web/tasks
parent	ca6fa08ffb491f5f41f53544af5ae8bd94f64565 (diff)