Install newest Caddy version with role nvjacobo.caddy and update template and pre-generated certs
This commit will also allow Caddy to properly generate certs with longer lifetimes than 12 hours, and by default it has been set to 1 month
This commit is contained in:
parent
733c3ed250
commit
292c7b5887
8 changed files with 38 additions and 35 deletions
10
README.MD
10
README.MD
|
|
@ -1,7 +1,9 @@
|
||||||
# Kifi Caddy
|
# Kifi Caddy
|
||||||
|
|
||||||
Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing.
|
Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing.
|
||||||
This role should function as of now, but for example certificate lifetime changes don't work (defaults to 12h).
|
By default, the Caddyfile defaults to 1 month for the leaf certificates and 1 year for the intermediate certificate.
|
||||||
|
Pre-generated certificates can be found in `files/certs`, but you can also generate your own ones by using this role while the directory is empty, and then copy-pasting them from the VM to this directory.
|
||||||
|
This is for mostly convenience, as multiple VM's might use this role so you only need to import the `root.crt` to your browser once.
|
||||||
|
|
||||||
## Example usage
|
## Example usage
|
||||||
|
|
||||||
|
|
@ -41,4 +43,8 @@ tasks:
|
||||||
```
|
```
|
||||||
|
|
||||||
Note that the domains get looped over, so you can have multiple of them.
|
Note that the domains get looped over, so you can have multiple of them.
|
||||||
Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
|
Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
|
||||||
|
|
||||||
|
# Dependencies
|
||||||
|
|
||||||
|
[nvjacobo.caddy](https://github.com/nvjacobo/caddy.git) - Used for installing Caddy
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,12 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIBtDCCAVqgAwIBAgIRAMHp+q/ddqH+S9fE5V7QhhkwCgYIKoZIzj0EAwIwJjEk
|
MIIBtDCCAVqgAwIBAgIRALrzZ2s5VtqAmn4XFGu/r7owCgYIKoZIzj0EAwIwJjEk
|
||||||
MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwMTEz
|
MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwOTEz
|
||||||
MTg1M1oXDTI1MTIwODEzMTg1M1owKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF
|
MTYyMloXDTI2MTIwOTEzMTYyMlowKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF
|
||||||
Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZL83Hyar
|
Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5QvpDkl0
|
||||||
iIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOCYo5I6E99zZiVD2SZNe1x
|
/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0khYH+2WaT8/E9yfP5G9J5
|
||||||
uVXYV6mcERDnC6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
|
a4nDOM6rKsL/rqNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
|
||||||
AQAwHQYDVR0OBBYEFJII7wjwySNFSJWt700GYE1JfsGxMB8GA1UdIwQYMBaAFHCv
|
AQAwHQYDVR0OBBYEFBSQKBjweZcJtluzSEzdfA3rCMH+MB8GA1UdIwQYMBaAFLf7
|
||||||
EafSET7wyiMUOd3eZrQx3lw8MAoGCCqGSM49BAMCA0gAMEUCIQCCj54nwceSHHJ+
|
HOJMt7rcWgyNVQFwg1ibX4rkMAoGCCqGSM49BAMCA0gAMEUCIQCt4S/kc8bZ1amw
|
||||||
RCN2CyEByqMh/RdDd/FijJ800x3J6gIgemnp9J3CrKN/Fzy3JOhetVCRkVqjDNLc
|
NRkwxfNEJn8xWMeLVgT/t50PWTfA1gIgJ1/6IoyRmrsNmHdChA+WcINK/1jsAOMV
|
||||||
ZH4K1pYnDBA=
|
CcvYlcfWNH0=
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
-----BEGIN EC PRIVATE KEY-----
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
MHcCAQEEIDLfKjCXLIseInlVmkL1dx6K/Iv6uxjhJjRmI4xr9kXNoAoGCCqGSM49
|
MHcCAQEEIDWrFHeV74K3DqFXy8kAxk/mNFXIU4ZASGof0zcJcmEfoAoGCCqGSM49
|
||||||
AwEHoUQDQgAEZL83HyariIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOC
|
AwEHoUQDQgAE5QvpDkl0/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0k
|
||||||
Yo5I6E99zZiVD2SZNe1xuVXYV6mcERDnCw==
|
hYH+2WaT8/E9yfP5G9J5a4nDOM6rKsL/rg==
|
||||||
-----END EC PRIVATE KEY-----
|
-----END EC PRIVATE KEY-----
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,11 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
-----BEGIN CERTIFICATE-----
|
||||||
MIIBjzCCATWgAwIBAgIQMNAFWqphrzOxuSOWVbSr4jAKBggqhkjOPQQDAjAmMSQw
|
MIIBkDCCATWgAwIBAgIQdEKF0J4ML82roSwYCus/BjAKBggqhkjOPQQDAjAmMSQw
|
||||||
IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjAxMTMx
|
IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjA5MTMx
|
||||||
ODUzWhcNMzUxMDEwMTMxODUzWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw
|
NjIyWhcNMzUxMDE4MTMxNjIyWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw
|
||||||
MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASD2byYNpauRUOg
|
MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5wtXojFvtONCz
|
||||||
LggkyrY/ZRMZIQMT+rXlQMctxnV77VOdaXccTC2vfpOS2tqwcwySyP1NYg1DqvD0
|
UjwelJcZY+6Xvc3+/UIrzUreWxD1qSFxoB7l2U4bx5b6C2ETA/HbJJ5vf9eyW6tC
|
||||||
L4VjUb/To0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
|
B91MpfKao0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
|
||||||
BgNVHQ4EFgQUcK8Rp9IRPvDKIxQ53d5mtDHeXDwwCgYIKoZIzj0EAwIDSAAwRQIh
|
BgNVHQ4EFgQUt/sc4ky3utxaDI1VAXCDWJtfiuQwCgYIKoZIzj0EAwIDSQAwRgIh
|
||||||
AI4rOGX/GNjlUnwixzcXM1FFrBrarzRZd/6+z99I+1yhAiAqxxK69h4ae0nylgVO
|
AKVHqPFqMh1fLY1h3ZRzOgoIiL0GlNZxKqF7LfaYOhzaAiEA7yTTzHsHLbKl6eHk
|
||||||
pKlmiO5bk38ZfwjN6qAIqMaCcg==
|
T0OvbpceB13fDWHJmEo/SYtJQbo=
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
-----BEGIN EC PRIVATE KEY-----
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
MHcCAQEEICFWtuowkCW/82uhRaJUuisuQFQ3kQc6WH2xopi6aID8oAoGCCqGSM49
|
MHcCAQEEIKWFm7sak+X2jXs6gArHGn9g3QO1U+di1MHypsO7nScXoAoGCCqGSM49
|
||||||
AwEHoUQDQgAEg9m8mDaWrkVDoC4IJMq2P2UTGSEDE/q15UDHLcZ1e+1TnWl3HEwt
|
AwEHoUQDQgAEecLV6Ixb7TjQs1I8HpSXGWPul73N/v1CK81K3lsQ9akhcaAe5dlO
|
||||||
r36TktrasHMMksj9TWINQ6rw9C+FY1G/0w==
|
G8eW+gthEwPx2ySeb3/XslurQgfdTKXymg==
|
||||||
-----END EC PRIVATE KEY-----
|
-----END EC PRIVATE KEY-----
|
||||||
|
|
|
||||||
|
|
@ -9,4 +9,5 @@ galaxy_info:
|
||||||
- caddy
|
- caddy
|
||||||
- tls
|
- tls
|
||||||
- localca
|
- localca
|
||||||
dependencies: []
|
dependencies:
|
||||||
|
- role: nvjacobo.caddy
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,3 @@
|
||||||
- name: Ensure Caddy is installed
|
|
||||||
ansible.builtin.package:
|
|
||||||
name: caddy
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Create Caddy configuration directory
|
- name: Create Caddy configuration directory
|
||||||
become: yes
|
become: yes
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
pki {
|
pki {
|
||||||
ca local {
|
ca local {
|
||||||
name "My Local CA"
|
name "My Local CA"
|
||||||
|
intermediate_lifetime 365d
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
http_port 8080
|
http_port 8080
|
||||||
|
|
@ -11,6 +12,6 @@
|
||||||
localhost:8443 {
|
localhost:8443 {
|
||||||
acme_server {
|
acme_server {
|
||||||
ca local
|
ca local
|
||||||
lifetime 720h
|
lifetime 30d
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue