michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5a79646daf80311329b67a93b62f0d42a7e2b821
michaelschiemer/deployment/ansible/playbooks/setup-ssl-certificates.yml
Michael Schiemer 16d586ecdf chore: Update deployment configuration and documentation 
- Update Gitea configuration (remove DEFAULT_ACTIONS_URL)
- Fix deployment documentation
- Update Ansible playbooks
- Clean up deprecated files
- Add new deployment scripts and templates
2025-10-31 21:11:11 +01:00

87 lines
2.8 KiB
YAML
Raw Blame History

---
- name: Setup Let's Encrypt SSL Certificates via Traefik
hosts: production
become: no
gather_facts: yes
vars:
# ssl_domains and acme_email are defined in group_vars/production.yml
# Can be overridden via -e flag if needed
domains: "{{ ssl_domains | default([gitea_domain, app_domain]) }}"
tasks:
- name: Check if acme.json exists and is a file
stat:
path: "{{ deploy_user_home }}/de iployment/stacks/traefik/acme.json"
register: acme_stat
- name: Remove acme.json if it's a directory
file:
path: "{{ deploy_user_home }}/deployment/stacks/traefik/acme.json"
state: absent
become: yes
when: acme_stat.stat.exists and acme_stat.stat.isdir
- name: Ensure Traefik acme.json exists and has correct permissions
file:
path: "{{ deploy_user_home }}/deployment/stacks/traefik/acme.json"
state: touch
mode: '0600'
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
become: yes
- name: Verify Traefik is running
command: docker compose -f {{ deploy_user_home }}/deployment/stacks/traefik/docker-compose.yml ps traefik
register: traefik_status
changed_when: false
- name: Fail if Traefik is not running
fail:
msg: "Traefik is not running. Please start it first."
when: traefik_status.rc != 0 or "Up" not in traefik_status.stdout
- name: Force Traefik to reload configuration
command: docker compose -f {{ deploy_user_home }}/deployment/stacks/traefik/docker-compose.yml restart traefik
changed_when: true
- name: Wait for Traefik to be ready
wait_for:
timeout: 10
changed_when: false
- name: Trigger certificate request by accessing each domain
uri:
url: "https://{{ item }}"
method: GET
validate_certs: no
timeout: 5
status_code: [200, 301, 302, 303, 404, 502, 503]
loop: "{{ domains }}"
register: certificate_trigger
changed_when: false
ignore_errors: yes
- name: Wait for ACME certificate generation (30 seconds)
wait_for:
timeout: 30
changed_when: false
- name: Check if acme.json contains certificates
stat:
path: "{{ stacks_base_path }}/traefik/acme.json"
register: acme_file
- name: Display certificate status
debug:
msg: |
Certificate setup triggered.
Traefik will request Let's Encrypt certificates for:
{{ domains | join(', ') }}
ACME Email: {{ acme_email }}
Check Traefik logs to see certificate generation progress:
docker compose -f {{ stacks_base_path }}/traefik/docker-compose.yml logs traefik | grep -i acme
Certificates should be ready within 1-2 minutes.
Reference in New Issue View Git Blame Copy Permalink