Re: FBR: Setup proxying and VPN for certgetter01

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+1 from me

On 9 September 2017 at 19:04, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> wrote:
> Hi,
>
> Could I get +1s for these patches:
>
> From 596ccf8bc44bad969a2ee9395c2c0ae7ee994a43 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date: Sat, 9 Sep 2017 22:25:08 +0000
> Subject: [PATCH 1/3] Allow setting up a vhost for certgetter
>
> Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> ---
>  roles/httpd/website/defaults/main.yml      | 1 +
>  roles/httpd/website/templates/website.conf | 4 ++++
>  2 files changed, 5 insertions(+)
>
> diff --git a/roles/httpd/website/defaults/main.yml
> b/roles/httpd/website/defaults/main.yml
> index 99aa8b0..8ad299d 100644
> --- a/roles/httpd/website/defaults/main.yml
> +++ b/roles/httpd/website/defaults/main.yml
> @@ -4,6 +4,7 @@
>
>  server_aliases: []
>  server_admin: webmaster@xxxxxxxxxxxxxxxxx
> +certbot: false
>  ssl: true
>  sslonly: false
>  SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
> diff --git a/roles/httpd/website/templates/website.conf
> b/roles/httpd/website/templates/website.conf
> index 6547452..8eed648 100644
> --- a/roles/httpd/website/templates/website.conf
> +++ b/roles/httpd/website/templates/website.conf
> @@ -10,6 +10,10 @@
>    SetOutputFilter DEFLATE
>  {% endif %}
>
> +{% if certbot %}
> +  ProxyPass "/.well-known/acme-challenge"
> "http://certgetter01/.well-known/acme-challenge";
> +{% endif %}
> +
>  {% if sslonly %}
>    RewriteEngine On
>    RewriteCond %{HTTPS} off
> --
> 1.8.3.1
>
> From 403f97fc772c4a1d9fc55aab981e6bf0293c19b1 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date: Sat, 9 Sep 2017 22:26:40 +0000
> Subject: [PATCH 2/3] Enable certbot for secondary kojis
>
> Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> ---
>  playbooks/include/proxies-websites.yml | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/playbooks/include/proxies-websites.yml
> b/playbooks/include/proxies-websites.yml
> index 9735c89..6362509 100644
> --- a/playbooks/include/proxies-websites.yml
> +++ b/playbooks/include/proxies-websites.yml
> @@ -499,6 +499,7 @@
>    - role: httpd/website
>      name: ppc.koji.fedoraproject.org
>      sslonly: true
> +    certbot: true
>      server_aliases:
>      - ppcpkgs.fedoraproject.org
>      cert_name: secondary.koji.fedoraproject.org.letsencrypt
> @@ -507,6 +508,7 @@
>    - role: httpd/website
>      name: s390.koji.fedoraproject.org
>      sslonly: true
> +    certbot: true
>      server_aliases:
>      - s390pkgs.fedoraproject.org
>      cert_name: secondary.koji.fedoraproject.org.letsencrypt
> @@ -515,6 +517,7 @@
>    - role: httpd/website
>      name: arm.koji.fedoraproject.org
>      sslonly: true
> +    certbot: true
>      server_aliases:
>      - armpkgs.fedoraproject.org
>      cert_name: secondary.koji.fedoraproject.org.letsencrypt
> --
> 1.8.3.1
>
> From 49a05d85c2af5d3288e095c837ff7013d77f5756 Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> Date: Sat, 9 Sep 2017 23:02:21 +0000
> Subject: [PATCH 3/3] Add certgetter01 ccd file
>
> Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx>
> ---
>  roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org | 2 ++
>  1 file changed, 2 insertions(+)
>  create mode 100644
> roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
>
> diff --git a/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> new file mode 100644
> index 0000000..6b4c087
> --- /dev/null
> +++ b/roles/openvpn/server/files/ccd/certgetter01.phx2.fedoraproject.org
> @@ -0,0 +1,2 @@
> +# ifconfig-push actualIP PtPIP
> +ifconfig-push 192.168.1.177 192.168.0.177
> --
> 1.8.3.1
> _______________________________________________
> infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx



-- 
Stephen J Smoogen.
_______________________________________________
infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux