From b6e25d1ab8d905070bfdca080869a4f76b1bdcb8 Mon Sep 17 00:00:00 2001
From: Jason Rothstein <fdragon@fdragon.org>
Date: Mon, 25 Oct 2021 22:39:42 -0500
Subject: [PATCH] Add default TLS Certificates for "localhost"

---
 tasks/main.yml                                  | 12 ++++++++++++
 templates/Fedora/34/etc/httpd/conf.d/vhost.conf |  4 ++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index 2c252e8..f10cbc2 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -125,6 +125,18 @@
   loop: '{{ http_vhost }}'
   loop_control:
     label: '{{ item.fqdn }} will be ensured'
+- name: 'base vhost document root'
+  when:
+    - ansible_system == 'Linux'
+    - ensure_apache is defined
+    - http_vhost is defined
+    - http_vhost is iterable
+  ansible.builtin.file:
+    group: 'root'
+    owner: 'root'
+    mode: '0775'
+    path: '/srv/http'
+    state: 'directory'
 - name: 'ensure vhost document roots'
   when:
     - ansible_system == 'Linux'
diff --git a/templates/Fedora/34/etc/httpd/conf.d/vhost.conf b/templates/Fedora/34/etc/httpd/conf.d/vhost.conf
index a3d257a..da323d8 100644
--- a/templates/Fedora/34/etc/httpd/conf.d/vhost.conf
+++ b/templates/Fedora/34/etc/httpd/conf.d/vhost.conf
@@ -65,8 +65,8 @@
   SSLHonorCipherOrder on
   SSLCipherSuite PROFILE=SYSTEM
   SSLProxyCipherSuite PROFILE=SYSTEM
-  # SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-  # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
   ServerName {{ item.fqdn }}
   ServerAdmin webmaster@firedragonenterprises.com
   DocumentRoot /srv/http/{{ item.fqdn }}