michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
55c04e4fd03a88abed3fc5e58bd2e09defa77b70
michaelschiemer/deployment/infrastructure/roles/nginx-proxy/tasks/ssl-setup.yml
Michael Schiemer 9b74ade5b0 feat: Fix discovery system critical issues 
Resolved multiple critical discovery system issues:

## Discovery System Fixes
- Fixed console commands not being discovered on first run
- Implemented fallback discovery for empty caches
- Added context-aware caching with separate cache keys
- Fixed object serialization preventing __PHP_Incomplete_Class

## Cache System Improvements
- Smart caching that only caches meaningful results
- Separate caches for different execution contexts (console, web, test)
- Proper array serialization/deserialization for cache compatibility
- Cache hit logging for debugging and monitoring

## Object Serialization Fixes
- Fixed DiscoveredAttribute serialization with proper string conversion
- Sanitized additional data to prevent object reference issues
- Added fallback for corrupted cache entries

## Performance & Reliability
- All 69 console commands properly discovered and cached
- 534 total discovery items successfully cached and restored
- No more __PHP_Incomplete_Class cache corruption
- Improved error handling and graceful fallbacks

## Testing & Quality
- Fixed code style issues across discovery components
- Enhanced logging for better debugging capabilities
- Improved cache validation and error recovery

Ready for production deployment with stable discovery system.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-13 12:04:17 +02:00

162 lines
4.2 KiB
YAML
Raw Blame History

---
# SSL Certificate Setup
- name: Create SSL directories
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: '0755'
loop:
- /etc/ssl/private
- /etc/ssl/certs
- "{{ ssl_certificate_path | dirname }}"
tags:
- nginx
- ssl
- directories
- name: Generate DH parameters for SSL
openssl_dhparam:
path: /etc/ssl/certs/dhparam.pem
size: 2048
owner: root
group: root
mode: '0644'
tags:
- nginx
- ssl
- dhparam
- name: Generate self-signed certificate for initial setup
block:
- name: Generate private key
openssl_privatekey:
path: /etc/ssl/private/{{ domain_name }}.key
size: 2048
type: RSA
owner: root
group: root
mode: '0600'
- name: Generate self-signed certificate
openssl_certificate:
path: /etc/ssl/certs/{{ domain_name }}.crt
privatekey_path: /etc/ssl/private/{{ domain_name }}.key
provider: selfsigned
common_name: "{{ domain_name }}"
subject_alt_name:
- "DNS:{{ domain_name }}"
- "DNS:www.{{ domain_name }}"
owner: root
group: root
mode: '0644'
when: ssl_provider == 'self-signed' or environment == 'development'
tags:
- nginx
- ssl
- self-signed
- name: Setup Let's Encrypt certificates
block:
- name: Check if certificates already exist
stat:
path: "{{ ssl_certificate_path }}/fullchain.pem"
register: letsencrypt_cert
- name: Create temporary Nginx config for Let's Encrypt
template:
src: nginx-letsencrypt-temp.conf.j2
dest: /etc/nginx/sites-available/letsencrypt-temp
owner: root
group: root
mode: '0644'
when: not letsencrypt_cert.stat.exists
- name: Enable temporary Nginx config
file:
src: /etc/nginx/sites-available/letsencrypt-temp
dest: /etc/nginx/sites-enabled/letsencrypt-temp
state: link
when: not letsencrypt_cert.stat.exists
notify: reload nginx
- name: Start Nginx for Let's Encrypt validation
service:
name: "{{ nginx_service }}"
state: started
enabled: true
when: not letsencrypt_cert.stat.exists
- name: Obtain Let's Encrypt certificate
command: >
certbot certonly
--webroot
--webroot-path {{ letsencrypt_webroot_path }}
--email {{ letsencrypt_email }}
--agree-tos
--non-interactive
--expand
{% for domain in letsencrypt_domains %}
-d {{ domain }}
{% endfor %}
when: not letsencrypt_cert.stat.exists
tags:
- ssl
- letsencrypt
- certificate
- name: Remove temporary Nginx config
file:
path: /etc/nginx/sites-enabled/letsencrypt-temp
state: absent
when: not letsencrypt_cert.stat.exists
notify: reload nginx
- name: Setup automatic certificate renewal
cron:
name: "Renew Let's Encrypt certificates"
minute: "{{ letsencrypt_renewal_minute }}"
hour: "{{ letsencrypt_renewal_hour }}"
job: "certbot renew --quiet && systemctl reload nginx"
user: "{{ letsencrypt_renewal_user }}"
when: letsencrypt_renewal_cron | bool
when: letsencrypt_enabled | bool and environment != 'development'
tags:
- nginx
- ssl
- letsencrypt
- name: Set up SSL certificate paths
set_fact:
ssl_cert_file: >-
{%- if letsencrypt_enabled and environment != 'development' -%}
{{ ssl_certificate_path }}/fullchain.pem
{%- else -%}
/etc/ssl/certs/{{ domain_name }}.crt
{%- endif -%}
ssl_key_file: >-
{%- if letsencrypt_enabled and environment != 'development' -%}
{{ ssl_certificate_path }}/privkey.pem
{%- else -%}
/etc/ssl/private/{{ domain_name }}.key
{%- endif -%}
tags:
- nginx
- ssl
- config
- name: Verify SSL certificate files exist
stat:
path: "{{ item }}"
register: ssl_files_check
loop:
- "{{ ssl_cert_file }}"
- "{{ ssl_key_file }}"
failed_when: not ssl_files_check.results | selectattr('stat.exists') | list
tags:
- nginx
- ssl
- verification
Reference in New Issue View Git Blame Copy Permalink