handle default and per vhost ports

tasks/configure.yml

@@ -1,14 +1,30 @@
 ---
-- name: Allow HTTP traffic
+- name: Allow default HTTP traffic
   ufw:
     rule: allow
     port: "{{ web_port }}"
 
-- name: Allow HTTPS traffic
+- name: Allow HTTP traffic for vhosts
+  ufw:
+    rule: allow
+    port: "{{ item.web_port }}"
+  loop: "{{ vhosts }}"
+
+- name: Allow HTTPS default traffic
   ufw:
     rule: allow
     port: "{{ ssl_port | default(443) }}"
-  when: ssl
+  when:
+    - ssl
+
+- name: Allow HTTPS traffic for vhosts
+  ufw:
+    rule: allow
+    port: "{{ item.ssl_port | default(443) }}"
+  loop: "{{ vhosts }}"
+  when:
+    - ssl
+    - item.ssl
 
 - name: Ensure MPM Worker module is disabled
   shell: a2dismod mpm_worker

tasks/configure_certificate.yml

@@ -12,5 +12,5 @@
     creates: "/etc/letsencrypt/archive/{{ item.vhostname }}"
   when:
     - "'ssl' in item"
-    - item['ssl']
+    - item.ssl
   loop: "{{ vhosts }}"

tasks/main.yml

@@ -10,7 +10,9 @@
     path: "/etc/letsencrypt/archive/{{ item.vhostname }}"
   register: certificate_folder
   loop: "{{ vhosts }}"
-  when: ssl
+  when:
+    ssl
+    item.ssl
 
 - name: Initialize need_certificate
   set_fact:
@@ -23,6 +25,7 @@
   when:
     - not item.stat.exists
     - ssl
+    - item.ssl
   loop: "{{ certificate_folder.results }}"
 
 - name: Ensure certificate is created if needed