+1 from me
On 9 September 2017 at 19:04, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote:
> Hi,
>
> Could I get +1s for these patches:
>
> From 596ccf8bc44bad969a2ee9395c2c0ae7ee994a43 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date: Sat, 9 Sep 2017 22:25:08 +0000
> Subject: [PATCH 1/3] Allow setting up a vhost for certgetter
>
> Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> ---
> roles/httpd/website/defaults/main.yml | 1 +
> roles/httpd/website/templates/website.conf | 4 ++++
> 2 files changed, 5 insertions(+)
>
> diff --git a/roles/httpd/website/defaults/main.yml
> b/roles/httpd/website/defaults/main.yml
> index 99aa8b0..8ad299d 100644
> --- a/roles/httpd/website/defaults/main.yml
> +++ b/roles/httpd/website/defaults/main.yml
> @@ -4,6 +4,7 @@
>
> server_aliases: []
> server_admin: webmaster@xxxxxxxxxxxxxxxxx
> +certbot: false
> ssl: true
> sslonly: false
> SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
> diff --git a/roles/httpd/website/templates/website.conf
> b/roles/httpd/website/templates/website.conf
> index 6547452..8eed648 100644
> --- a/roles/httpd/website/templates/website.conf
> +++ b/roles/httpd/website/templates/website.conf
> @@ -10,6 +10,10 @@
> SetOutputFilter DEFLATE
> {% endif %}
>
> +{% if certbot %}
> + ProxyPass "/.well-known/acme-challenge"
> "http://certgetter01/.well-known/acme-challenge";
> +{% endif %}
> +
> {% if sslonly %}
> RewriteEngine On
> RewriteCond %{HTTPS} off
> --
> 1.8.3.1
>
> From 403f97fc772c4a1d9fc55aab981e6bf0293c19b1 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date: Sat, 9 Sep 2017 22:26:40 +0000
> Subject: [PATCH 2/3] Enable certbot for secondary kojis
>
> Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> ---
> playbooks/include/proxies-websites.yml | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/playbooks/include/proxies-websites.yml
> b/playbooks/include/proxies-websites.yml
> index 9735c89..6362509 100644
> --- a/playbooks/include/proxies-websites.yml
> +++ b/playbooks/include/proxies-websites.yml
> @@ -499,6 +499,7 @@
> - role: httpd/website
> name: ppc.koji.fedoraproject.org
> sslonly: true
> + certbot: true
> server_aliases:
> - ppcpkgs.fedoraproject.org
> cert_name: secondary.koji.fedoraproject.org.letsencrypt
> @@ -507,6 +508,7 @@
> - role: httpd/website
> name: s390.koji.fedoraproject.org
> sslonly: true
> + certbot: true
> server_aliases:
> - s390pkgs.fedoraproject.org
> cert_name: secondary.koji.fedoraproject.org.letsencrypt
> @@ -515,6 +517,7 @@
> - role: httpd/website
> name: arm.koji.fedoraproject.org
> sslonly: true
> + certbot: true
> server_aliases:
> - armpkgs.fedoraproject.org
> cert_name: secondary.koji.fedoraproject.org.letsencrypt
> --
> 1.8.3.1
>
> From 49a05d85c2af5d3288e095c837ff7013d77f5756 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date: Sat, 9 Sep 2017 23:02:21 +0000
> Subject: [PATCH 3/3] Add certgetter01 ccd file
>
> Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> ---
> roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org | 2 ++
> 1 file changed, 2 insertions(+)
> create mode 100644
> roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
>
> diff --git a/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> new file mode 100644
> index 0000000..6b4c087
> --- /dev/null
> +++ b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> @@ -0,0 +1,2 @@
> +# ifconfig-push actualIP PtPIP
> +ifconfig-push 192.168.1.177 192.168.0.177
> --
> 1.8.3.1
> _______________________________________________
> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
--
Stephen J Smoogen.
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
