Add default TLS Certificates for "localhost"

2021-10-25 22:39:42 -05:00
parent 4afbe76369
commit b6e25d1ab8
2 changed files with 14 additions and 2 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -125,6 +125,18 @@
  loop: '{{ http_vhost }}'
  loop_control:
    label: '{{ item.fqdn }} will be ensured'
+- name: 'base vhost document root'
+  when:
+    - ansible_system == 'Linux'
+    - ensure_apache is defined
+    - http_vhost is defined
+    - http_vhost is iterable
+  ansible.builtin.file:
+    group: 'root'
+    owner: 'root'
+    mode: '0775'
+    path: '/srv/http'
+    state: 'directory'
 - name: 'ensure vhost document roots'
  when:
    - ansible_system == 'Linux'
--- a/templates/Fedora/34/etc/httpd/conf.d/vhost.conf
+++ b/templates/Fedora/34/etc/httpd/conf.d/vhost.conf
@@ -65,8 +65,8 @@
  SSLHonorCipherOrder on
  SSLCipherSuite PROFILE=SYSTEM
  SSLProxyCipherSuite PROFILE=SYSTEM
-  # SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-  # SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+  SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+  SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
  ServerName {{ item.fqdn }}
  ServerAdmin webmaster@firedragonenterprises.com
  DocumentRoot /srv/http/{{ item.fqdn }}