santerikainulainen/ansible-role-caddy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Install newest Caddy version with role nvjacobo.caddy and update template and pre-generated certs

Browse source 
This commit will also allow Caddy to properly generate certs
with longer lifetimes than 12 hours, and by default it has been set to 1
month
This commit is contained in:
Santeri Kainulainen 2025-12-09 15:33:36 +02:00
parent 733c3ed250
commit a2cdabb464
8 changed files with 37 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.MD
View file

@ -1,7 +1,8 @@
# Kifi Caddy # Kifi Caddy
Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing. Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing.
This role should function as of now, but for example certificate lifetime changes don't work (defaults to 12h). By default, the Caddyfile defaults to 1 month for the leaf certificates and 1 year for the intermediate certificate.
Pre-generated certificates can be found in `files/certs`, but you can also generate your own ones by using this role while the directory is empty, and then copy-pasting them from the VM to this directory. This is for mostly convenience, as multiple VM's might use this role so you only need to import theroot.crt to your browser once.
## Example usage ## Example usage
@ -42,3 +43,7 @@ tasks:
Note that the domains get looped over, so you can have multiple of them. Note that the domains get looped over, so you can have multiple of them.
Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
# Dependencies
[nvjacobo.caddy](https://github.com/nvjacobo/caddy.git) - Used for installing Caddy

20
files/certs/intermediate.crt
View file

@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBtDCCAVqgAwIBAgIRAMHp+q/ddqH+S9fE5V7QhhkwCgYIKoZIzj0EAwIwJjEk MIIBtDCCAVqgAwIBAgIRALrzZ2s5VtqAmn4XFGu/r7owCgYIKoZIzj0EAwIwJjEk
MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwMTEz MCIGA1UEAxMbTXkgTG9jYWwgQ0EgLSAyMDI1IEVDQyBSb290MB4XDTI1MTIwOTEz
MTg1M1oXDTI1MTIwODEzMTg1M1owKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF MTYyMloXDTI2MTIwOTEzMTYyMlowKTEnMCUGA1UEAxMeTXkgTG9jYWwgQ0EgLSBF
Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZL83Hyar Q0MgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5QvpDkl0
iIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOCYo5I6E99zZiVD2SZNe1x /zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0khYH+2WaT8/E9yfP5G9J5
uVXYV6mcERDnC6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C a4nDOM6rKsL/rqNmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFJII7wjwySNFSJWt700GYE1JfsGxMB8GA1UdIwQYMBaAFHCv AQAwHQYDVR0OBBYEFBSQKBjweZcJtluzSEzdfA3rCMH+MB8GA1UdIwQYMBaAFLf7
EafSET7wyiMUOd3eZrQx3lw8MAoGCCqGSM49BAMCA0gAMEUCIQCCj54nwceSHHJ+ HOJMt7rcWgyNVQFwg1ibX4rkMAoGCCqGSM49BAMCA0gAMEUCIQCt4S/kc8bZ1amw
RCN2CyEByqMh/RdDd/FijJ800x3J6gIgemnp9J3CrKN/Fzy3JOhetVCRkVqjDNLc NRkwxfNEJn8xWMeLVgT/t50PWTfA1gIgJ1/6IoyRmrsNmHdChA+WcINK/1jsAOMV
ZH4K1pYnDBA= CcvYlcfWNH0=
-----END CERTIFICATE----- -----END CERTIFICATE-----

6
files/certs/intermediate.key
View file

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIDLfKjCXLIseInlVmkL1dx6K/Iv6uxjhJjRmI4xr9kXNoAoGCCqGSM49 MHcCAQEEIDWrFHeV74K3DqFXy8kAxk/mNFXIU4ZASGof0zcJcmEfoAoGCCqGSM49
AwEHoUQDQgAEZL83HyariIsBkRtRNxRtHoiW7KEUuxq4gVyNrJjtdYZwlfZE+qOC AwEHoUQDQgAE5QvpDkl0/zAug3sHNQDig0khq1oIRWL8TjNf92zgXm65tTI9HL0k
Yo5I6E99zZiVD2SZNe1xuVXYV6mcERDnCw== hYH+2WaT8/E9yfP5G9J5a4nDOM6rKsL/rg==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

18
files/certs/root.crt
View file

@ -1,11 +1,11 @@
-----BEGIN CERTIFICATE----- -----BEGIN CERTIFICATE-----
MIIBjzCCATWgAwIBAgIQMNAFWqphrzOxuSOWVbSr4jAKBggqhkjOPQQDAjAmMSQw MIIBkDCCATWgAwIBAgIQdEKF0J4ML82roSwYCus/BjAKBggqhkjOPQQDAjAmMSQw
IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjAxMTMx IgYDVQQDExtNeSBMb2NhbCBDQSAtIDIwMjUgRUNDIFJvb3QwHhcNMjUxMjA5MTMx
ODUzWhcNMzUxMDEwMTMxODUzWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw NjIyWhcNMzUxMDE4MTMxNjIyWjAmMSQwIgYDVQQDExtNeSBMb2NhbCBDQSAtIDIw
MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASD2byYNpauRUOg MjUgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR5wtXojFvtONCz
LggkyrY/ZRMZIQMT+rXlQMctxnV77VOdaXccTC2vfpOS2tqwcwySyP1NYg1DqvD0 UjwelJcZY+6Xvc3+/UIrzUreWxD1qSFxoB7l2U4bx5b6C2ETA/HbJJ5vf9eyW6tC
L4VjUb/To0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd B91MpfKao0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
BgNVHQ4EFgQUcK8Rp9IRPvDKIxQ53d5mtDHeXDwwCgYIKoZIzj0EAwIDSAAwRQIh BgNVHQ4EFgQUt/sc4ky3utxaDI1VAXCDWJtfiuQwCgYIKoZIzj0EAwIDSQAwRgIh
AI4rOGX/GNjlUnwixzcXM1FFrBrarzRZd/6+z99I+1yhAiAqxxK69h4ae0nylgVO AKVHqPFqMh1fLY1h3ZRzOgoIiL0GlNZxKqF7LfaYOhzaAiEA7yTTzHsHLbKl6eHk
pKlmiO5bk38ZfwjN6qAIqMaCcg== T0OvbpceB13fDWHJmEo/SYtJQbo=
-----END CERTIFICATE----- -----END CERTIFICATE-----

6
files/certs/root.key
View file

@ -1,5 +1,5 @@
-----BEGIN EC PRIVATE KEY----- -----BEGIN EC PRIVATE KEY-----
MHcCAQEEICFWtuowkCW/82uhRaJUuisuQFQ3kQc6WH2xopi6aID8oAoGCCqGSM49 MHcCAQEEIKWFm7sak+X2jXs6gArHGn9g3QO1U+di1MHypsO7nScXoAoGCCqGSM49
AwEHoUQDQgAEg9m8mDaWrkVDoC4IJMq2P2UTGSEDE/q15UDHLcZ1e+1TnWl3HEwt AwEHoUQDQgAEecLV6Ixb7TjQs1I8HpSXGWPul73N/v1CK81K3lsQ9akhcaAe5dlO
r36TktrasHMMksj9TWINQ6rw9C+FY1G/0w== G8eW+gthEwPx2ySeb3/XslurQgfdTKXymg==
-----END EC PRIVATE KEY----- -----END EC PRIVATE KEY-----

3
meta/main.yml
View file

@ -9,4 +9,5 @@ galaxy_info:
- caddy - caddy
- tls - tls
- localca - localca
dependencies: [] dependencies:
- role: nvjacobo.caddy

5
tasks/main.yml
View file

@ -1,8 +1,3 @@
- name: Ensure Caddy is installed
ansible.builtin.package:
name: caddy
state: present
- name: Create Caddy configuration directory - name: Create Caddy configuration directory
become: yes become: yes
ansible.builtin.file: ansible.builtin.file:

3
templates/Caddyfile.j2
View file

@ -2,6 +2,7 @@
pki { pki {
ca local { ca local {
name "My Local CA" name "My Local CA"
intermediate_lifetime 365d
} }
} }
http_port 8080 http_port 8080
@ -11,6 +12,6 @@
localhost:8443 { localhost:8443 {
acme_server { acme_server {
ca local ca local
lifetime 720h lifetime 30d
} }
} }