santerikainulainen/ansible-role-caddy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-caddy/README.MD
Santeri Kainulainen 7c614ae8ff Install newest Caddy version with role nvjacobo.caddy and update template and pre-generated certs 
This commit will also allow Caddy to properly generate certs
with longer lifetimes than 12 hours, and by default it has been set to 1
month. This commit removes the pre-generated certs for safety reasons.
This commit also updates the README.md thoroughly with some
guides about the certs and how to use the role in general.
2025-12-10 15:23:41 +02:00

52 lines
2.4 KiB
Markdown
Raw Blame History

# Kifi Caddy
Installs and configures Caddy for use as a local ACME CA server allowing certificates to be issued in testing.\
By default, the Caddyfile defaults to 1 month for the leaf certificates and 1 year for the intermediate certificate.\
To use the same certificates for all VM's that use this role, create directory `./files/certs` in the root of the repo, and using for example scp or sshfs move the certificates from one your VM's to the directory.\
The location of the certs is usually `/var/lib/caddy/.local/share/caddy/pki/authorities/local`. Simple copy-paste everything from there to your host machine and into the role directory.\
This is for mostly convenience, as multiple VM's might use this role so you only need to import the `root.crt` to your browser once.
## Example usage
In your playbook, define the role and config paths. Most likely the defaults are fine, so you can just simply add the role. Remember to add this before any certbot role. The ACME server is hosted at port 8443. You can also change the `templates/Caddyfile.j2` to fit your own needs.\
\
Example:
```
- role: kifi.caddy
caddy_config_path: /etc/caddy/Caddyfile
caddy_root: /var/www/caddy
caddy_service_name: caddy
```
Another example of how to use this in combination with the kifi.certbot role on domain tilastot.kirjastot.fi.local:
```
tasks:
- name: Run Certbot role
include_role:
name: kifi.certbot
vars:
certbot_disable_certbot_cron: yes
certbot_host_with_certs: tilastot.kirjastot.fi.local
certbot_create_if_missing: yes
certbot_admin_email: tekniikka@kirjastot.fi
certbot_certs:
- domains:
- tilastot.kirjastot.fi.local
certbot_create_command: >
sudo -E REQUESTS_CA_BUNDLE=/var/lib/caddy/.local/share/caddy/pki/authorities/local/root.crt
certbot certonly --server https://localhost:8443/acme/local/directory
--standalone
--email {{ certbot_admin_email }}
--agree-tos
--non-interactive
-d {{ certbot_certs | map(attribute='domains') | flatten | join(' -d ') }}
tags: certbot, ssl
```
Note that the domains get looped over, so you can have multiple of them.
Certificates for domains can be found in the folder /etc/letsencrypt/live/domainname though it might be wise to change this
# Dependencies
[nvjacobo.caddy](https://github.com/nvjacobo/caddy.git) - Used for installing Caddy
Reference in a new issue View git blame Copy permalink