diff --git a/docs/rolereference.rst b/docs/rolereference.rst index c50c4d97abe311127956cba7fe7cfc75c1089f4f..5f36c34ce430a3dacf1ac52fc6719ced38726e72 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -916,6 +916,7 @@ The role implements the following: * Adds website administrator to website's group, so administrator could manage the code and data. * Installs additional packages required for running the role (as configured). +* Deploys the HTTPS TLS private key and certificate (for website vhost). * Configures PHP FPM and nginx to serve the website. The role is implemented with the following layout/logic in mind: @@ -965,6 +966,14 @@ Parameters succession, until the first match, or until it runs out of matches, when a client requests an URI pointing to directory. Default is ``index.php``. +**https_tls_certificate** (string, mandatory) + Path to file on Ansible host that contains the X.509 certificate used for TLS + for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``. + +**https_tls_key** (string, mandatory) + Path to file on Ansible host that contains the private key used for TLS for + HTTPS service. The file will be copied to directory ``/etc/ssl/private/``. + **php_file_regex** (string, optional) Regular expression used for determining which file should be interepted via PHP. Default is ``\.php$``. @@ -1020,6 +1029,8 @@ running *ownCloud* and *The Bug Genie* applications): - php5-json - php5-mysql - php5-curl + https_tls_key: "{{ inventory_dir }}/tls/cloud.example.com_https.key" + https_tls_certificate: "{{ inventory_dir }}/tls/cloud.example.com_https.pem" - role: php_website admin: admin deny_files_regex: @@ -1028,7 +1039,8 @@ running *ownCloud* and *The Bug Genie* applications): - ^(.*) /index.php?url=$1 fqdn: tbg.example.com uid: 2007 - + https_tls_key: "{{ inventory_dir }}/tls/tbg.example.com_https.key" + https_tls_certificate: "{{ inventory_dir }}/tls/tbg.example.com_https.pem" WSGI Website @@ -1058,6 +1070,7 @@ The role implements the following: * Installs additional packages required for running the role in Python virtual environment (as configured). * Configures systemd to run the website code (using Gunicorn) +* Deploys the HTTPS TLS private key and certificate (for website vhost). * Configures nginx to serve the website (static files served directly, requests passed on to Gunicorn). @@ -1103,6 +1116,14 @@ Parameters for calculating the user/group name for dedicated website user, as well as home directory of the website user (where data/code should be stored at). +**https_tls_certificate** (string, mandatory) + Path to file on Ansible host that contains the X.509 certificate used for TLS + for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``. + +**https_tls_key** (string, mandatory) + Path to file on Ansible host that contains the private key used for TLS for + HTTPS service. The file will be copied to directory ``/etc/ssl/private/``. + **packages** (list, optional) A list of additional packages to install for this particular WSGI website. This is usually going to be development libraries for building Python @@ -1147,8 +1168,6 @@ running a bare Django project): .. code-block:: yaml - --- - - role: wsgi_website admin: admin fqdn: django.example.com @@ -1159,3 +1178,5 @@ running a bare Django project): virtualenv_packages: - django wsgi_application: django_example_com.wsgi:application + https_tls_key: "{{ inventory_dir }}/tls/wsgi.example.com_https.key" + https_tls_certificate: "{{ inventory_dir }}/tls/wsgi.example.com_https.pem"