Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/erdii/ansible-cdn-letsencrypt

A hacky ansible playbook to set up a controller server with an ansible playbook to set up cdn-reverse proxies with one shared letsencrypt certificate - wtf 😱🔫
https://github.com/erdii/ansible-cdn-letsencrypt

ansible cdn certificate letsencrypt reverse-proxies

Last synced: 21 days ago
JSON representation

A hacky ansible playbook to set up a controller server with an ansible playbook to set up cdn-reverse proxies with one shared letsencrypt certificate - wtf 😱🔫

Host: GitHub
URL: https://github.com/erdii/ansible-cdn-letsencrypt
Owner: erdii
License: mit
Created: 2017-05-05T16:50:06.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2018-08-27T13:33:55.000Z (over 6 years ago)
Last Synced: 2024-12-01T00:40:08.571Z (3 months ago)
Topics: ansible, cdn, certificate, letsencrypt, reverse-proxies
Language: Shell
Homepage:
Size: 11.7 KB
Stars: 4
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE.md

Awesome Lists containing this project

README

# ansible-cdn-letsencrypt

An Ansible playbook to set up a bunch of reverse proxies with a shared letsencrypt certificate

-> EXPERIMENTAL

This is mostly obsolete because the new ACMEv2 API supports DNS challenges, that make it a lot easier to get and distribute ssl certificates from let's encrypt

## Prerequisites

* ansible on your local host
* one blank controller server
* some blank proxy servers
* a domain pointing to your controller server eg. `ctrl.example.com`
* a domain pointing to your distribution consisting of all your reverse proxies eg. `www.example.com`

* an `inventory` file with content like this:
```
[controller]
x.x.x.x

[proxies]
y.y.y.y proxy_number=1
z.z.z.z proxy_number=2
```

## Setting up the controller and deploying the 'stage-2' playbook

* run `ansible-playbook -i inventory playbook.yml`

## Initializing the proxy-servers and aquiring a certificate from letsencrypt

* ssh into the controller
* run `./init_proxies.sh`
* you should be fine to go now

## Renewing the certificate

* ssh into the controller
* run `./update_proxies.sh`

## Caveats

* *ssh hostkeys*: for now we dont automatically trust **new** ssh host keys after the initial setup. **workaround**:
* ssh into all new proxy servers from your machine before starting
* ssh into all new proxy server from the controller before running `./init_proxies.sh`
**or**
* run `./trust_hosts.sh y.y.y.y z.z.z.z` from your machine before starting
* run `./trust_hosts.sh y.y.y.y z.z.z.z` from the controller before running `./init_proxies.sh`

* *adding new proxies*: this is currently **untested**:
* theoretically updating the `inventory` file, re-deploying the 'stage-2' playbook and executing `./update_proxies` on the controller should work

## Todo

* handle multiple domains (nginx config and letsencrypt)
* automated tests?
* test adding another proxy after the initial setup
* automate certificate renewal with a cronjob

## Disclaimer

```
I am not responsible for damages to your soft- or hardware or bugs eating your cat that occur through usage of this code or part of it.
```