santerikainulainen/ansible-role-caddy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-caddy/README.MD
Santeri Kainulainen 062fbff659 Install newest Caddy version with role nvjacobo.caddy and update template and pre-generated certs 
This commit will also allow Caddy to properly generate certs
with longer lifetimes than 12 hours, and by default it has been set to 1
month
2025-12-10 10:16:50 +02:00

50 lines
2.2 KiB
Markdown
Raw Blame History

# Kifi Caddy
Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing.\
By default, the Caddyfile defaults to 1 month for the leaf certificates and 1 year for the intermediate certificate.\
Pre-generated certificates can be found in `files/certs`, but you can also generate your own ones by using this role while the directory is empty, and then copy-pasting them from the VM to this directory.\
This is for mostly convenience, as multiple VM's might use this role so you only need to import the `root.crt` to your browser once.
## Example usage
In your playbook, define the role and config paths. Most likely the defaults are fine, so you can just simply add the role. Remember to add this before any certbot role. The ACME server is hosted at port 8443. You can also change the `templates/Caddyfile.j2` to fit your own needs.\
\
Example for tilastot.kirjastot.fi.local:
```
- role: kifi.caddy
caddy_config_path: /etc/caddy/Caddyfile
caddy_root: /var/www/caddy
caddy_service_name: caddy
```
Another example of how to use this in combination with the kifi.certbot role:
```
tasks:
- name: Run Certbot role
include_role:
name: kifi.certbot
vars:
certbot_disable_certbot_cron: yes
certbot_host_with_certs: tilastot.kirjastot.fi.local
certbot_create_if_missing: yes
certbot_admin_email: tekniikka@kirjastot.fi
certbot_certs:
- domains:
- tilastot.kirjastot.fi.local
certbot_create_command: >
sudo -E REQUESTS_CA_BUNDLE=/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt
certbot certonly --server https://localhost:8443/acme/local/directory
--standalone
--email {{ certbot_admin_email }}
--agree-tos
--non-interactive
-d {{ certbot_certs | map(attribute='domains') | flatten | join(' -d ') }}
tags: certbot, ssl
```
Note that the domains get looped over, so you can have multiple of them.
Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
# Dependencies
[nvjacobo.caddy](https://github.com/nvjacobo/caddy.git) - Used for installing Caddy
Reference in a new issue View git blame Copy permalink