handle default and per vhost ports

2023-09-24 10:12:28 +03:00 · 2023-09-24 10:12:28 +03:00 · 0fb2850687
commit 0fb2850687
parent 1d15dab732
3 changed files with 24 additions and 5 deletions
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -1,14 +1,30 @@
 ---
- name: Allow HTTP traffic
+- name: Allow default HTTP traffic
  ufw:
    rule: allow
    port: "{{ web_port }}"

- name: Allow HTTPS traffic
+- name: Allow HTTP traffic for vhosts
+  ufw:
+    rule: allow
+    port: "{{ item.web_port }}"
+  loop: "{{ vhosts }}"
+
+- name: Allow HTTPS default traffic
  ufw:
    rule: allow
    port: "{{ ssl_port | default(443) }}"
-  when: ssl
+  when:
+    - ssl
+
+- name: Allow HTTPS traffic for vhosts
+  ufw:
+    rule: allow
+    port: "{{ item.ssl_port | default(443) }}"
+  loop: "{{ vhosts }}"
+  when:
+    - ssl
+    - item.ssl

 - name: Ensure MPM Worker module is disabled
  shell: a2dismod mpm_worker
--- a/tasks/configure_certificate.yml
+++ b/tasks/configure_certificate.yml
@ -12,5 +12,5 @@
    creates: "/etc/letsencrypt/archive/{{ item.vhostname }}"
  when:
    - "'ssl' in item"
-    - item['ssl']
+    - item.ssl
  loop: "{{ vhosts }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -10,7 +10,9 @@
    path: "/etc/letsencrypt/archive/{{ item.vhostname }}"
  register: certificate_folder
  loop: "{{ vhosts }}"
-  when: ssl
+  when:
+    ssl
+    item.ssl

 - name: Initialize need_certificate
  set_fact:
@ -23,6 +25,7 @@
  when:
    - not item.stat.exists
    - ssl
+    - item.ssl
  loop: "{{ certificate_folder.results }}"

 - name: Ensure certificate is created if needed