1028 lines
28 KiB
YAML
1028 lines
28 KiB
YAML
- name: Set up those proxy websites. My, my..
|
|
hosts: proxies_stg:proxies
|
|
user: root
|
|
gather_facts: True
|
|
|
|
vars_files:
|
|
- /srv/web/infra/ansible/vars/global.yml
|
|
- "/srv/private/ansible/vars.yml"
|
|
- /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
|
|
|
|
handlers:
|
|
- import_tasks: "{{ handlers_path }}/restart_services.yml"
|
|
|
|
|
|
pre_tasks:
|
|
- name: Install policycoreutils-python
|
|
package: name={{item}} state=present
|
|
with_items:
|
|
- policycoreutils-python-utils
|
|
- policycoreutils-python
|
|
|
|
- name: Create /srv/web/ for all the goodies.
|
|
file: >
|
|
dest=/srv/web state=directory
|
|
owner=root group=root mode=0755
|
|
tags:
|
|
- httpd
|
|
- httpd/website
|
|
|
|
- name: check the selinux context of webdir
|
|
command: matchpathcon /srv/web
|
|
register: webdir
|
|
check_mode: no
|
|
changed_when: "1 != 1"
|
|
tags:
|
|
- config
|
|
- selinux
|
|
- httpd
|
|
- httpd/website
|
|
|
|
- name: /srv/web file contexts
|
|
command: semanage fcontext -a -t httpd_sys_content_t "/srv/web(/.*)?"
|
|
when: webdir.stdout.find('httpd_sys_content_t') == -1
|
|
tags:
|
|
- config
|
|
- selinux
|
|
- httpd
|
|
- httpd/website
|
|
|
|
roles:
|
|
|
|
- role: httpd/website
|
|
site_name: fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
server_aliases:
|
|
- stg.fedoraproject.org
|
|
- localhost
|
|
- www.fedoraproject.org
|
|
- hotspot-nocache.fedoraproject.org
|
|
- infinote.fedoraproject.org
|
|
|
|
# This is for all the other domains we own
|
|
# that redirect to https://fedoraproject.org
|
|
- role: httpd/website
|
|
site_name: fedoraproject.com
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
server_aliases:
|
|
- epel.io
|
|
- fedp.org
|
|
- fedora.asia
|
|
- fedora.com.my
|
|
- fedora.cr
|
|
- fedora.events
|
|
- fedora.me
|
|
- fedora.mobi
|
|
- fedora.my
|
|
- fedora.org
|
|
- fedora.org.cn
|
|
- fedora.pe
|
|
- fedora.pt
|
|
- fedora.redhat.com
|
|
- fedora.software
|
|
- fedora.tk
|
|
- fedora.us
|
|
- fedora.wiki
|
|
- fedoralinux.com
|
|
- fedoralinux.net
|
|
- fedoralinux.org
|
|
- fedoraproject.asia
|
|
- fedoraproject.cn
|
|
- fedoraproject.co.uk
|
|
- fedoraproject.com
|
|
- fedoraproject.com.cn
|
|
- fedoraproject.com.gr
|
|
- fedoraproject.com.my
|
|
- fedoraproject.cz
|
|
- fedoraproject.eu
|
|
- fedoraproject.gr
|
|
- fedoraproject.info
|
|
- fedoraproject.net
|
|
- fedoraproject.net.cn
|
|
- fedoraproject.org.uk
|
|
- fedoraproject.pe
|
|
- fedoraproject.su
|
|
- projectofedora.org
|
|
- www.fedora.asia
|
|
- www.fedora.com.my
|
|
- www.fedora.cr
|
|
- www.fedora.events
|
|
- www.fedora.me
|
|
- www.fedora.mobi
|
|
- www.fedora.org
|
|
- www.fedora.org.cn
|
|
- www.fedora.pe
|
|
- www.fedora.pt
|
|
- www.fedora.redhat.com
|
|
- www.fedora.software
|
|
- www.fedora.tk
|
|
- www.fedora.us
|
|
- www.fedora.wiki
|
|
- www.fedoralinux.com
|
|
- www.fedoralinux.net
|
|
- www.fedoralinux.org
|
|
- www.fedoraproject.asia
|
|
- www.fedoraproject.cn
|
|
- www.fedoraproject.co.uk
|
|
- www.fedoraproject.com
|
|
- www.fedoraproject.com.cn
|
|
- www.fedoraproject.com.gr
|
|
- www.fedoraproject.com.my
|
|
- www.fedoraproject.cz
|
|
- www.fedoraproject.eu
|
|
- www.fedoraproject.gr
|
|
- www.fedoraproject.info
|
|
- www.fedoraproject.net
|
|
- www.fedoraproject.net.cn
|
|
- www.fedoraproject.org.uk
|
|
- www.fedoraproject.pe
|
|
- www.fedoraproject.su
|
|
- www.projectofedora.org
|
|
- www.getfedora.com
|
|
- getfedora.com
|
|
- fedoraplayground.org
|
|
- fedoraplayground.com
|
|
|
|
- role: httpd/website
|
|
site_name: admin.fedoraproject.org
|
|
server_aliases: [admin.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: cloud.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: mirrors.fedoraproject.org
|
|
server_aliases:
|
|
- mirrors.stg.fedoraproject.org
|
|
- fedoramirror.net
|
|
- www.fedoramirror.net
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: src.fedoraproject.org
|
|
server_aliases: [src.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
sslonly: true
|
|
use_h2: false
|
|
|
|
- role: httpd/website
|
|
site_name: download.fedoraproject.org
|
|
server_aliases:
|
|
- download01.fedoraproject.org
|
|
- download02.fedoraproject.org
|
|
- download03.fedoraproject.org
|
|
- download04.fedoraproject.org
|
|
- download05.fedoraproject.org
|
|
- download06.fedoraproject.org
|
|
- download07.fedoraproject.org
|
|
- download08.fedoraproject.org
|
|
- download09.fedoraproject.org
|
|
- download10.fedoraproject.org
|
|
- download-rdu01.fedoraproject.org
|
|
- download.stg.fedoraproject.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: translate.fedoraproject.org
|
|
server_aliases: [translate.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: pki.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: spins.fedoraproject.org
|
|
server_aliases:
|
|
- spins.stg.fedoraproject.org
|
|
- spins-test.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: labs.fedoraproject.org
|
|
server_aliases:
|
|
- labs.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: arm.fedoraproject.org
|
|
server_aliases:
|
|
- arm.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: iot.fedoraproject.org
|
|
server_aliases:
|
|
- iot.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: budget.fedoraproject.org
|
|
server_aliases:
|
|
- budget.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: boot.fedoraproject.org
|
|
server_aliases: [boot.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: boot.fedoraproject.org
|
|
server_aliases: [boot.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: smolts.org
|
|
ssl: false
|
|
server_aliases:
|
|
- smolt.fedoraproject.org
|
|
- stg.smolts.org
|
|
- www.smolts.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: docs.fedoraproject.org
|
|
server_aliases:
|
|
- doc.fedoraproject.org
|
|
- docs.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: docs-old.fedoraproject.org
|
|
server_aliases:
|
|
- docs-old.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: bodhi.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [bodhi.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: "updates.coreos{{ env_suffix }}.fedoraproject.org"
|
|
sslonly: true
|
|
certbot: true
|
|
tags:
|
|
- updates.coreos.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: caiapi.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [caiapi.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: caiapi
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: ostree.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: ostree
|
|
|
|
- role: httpd/website
|
|
site_name: flocktofedora.org
|
|
server_aliases:
|
|
- flocktofedora.org
|
|
- www.flocktofedora.org
|
|
ssl: true
|
|
sslonly: true
|
|
cert_name: flocktofedora.org
|
|
SSLCertificateChainFile: flocktofedora.org.intermediate.cert
|
|
|
|
- role: httpd/website
|
|
site_name: flocktofedora.net
|
|
server_aliases:
|
|
- flocktofedora.com
|
|
- www.flocktofedora.net
|
|
- www.flocktofedora.com
|
|
ssl: false
|
|
|
|
- role: httpd/website
|
|
site_name: fedora.my
|
|
server_aliases:
|
|
- fedora.my
|
|
ssl: false
|
|
|
|
- role: httpd/website
|
|
site_name: copr.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [copr.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: copr
|
|
|
|
- role: httpd/website
|
|
site_name: bugz.fedoraproject.org
|
|
server_aliases: [bugz.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: fas.fedoraproject.org
|
|
server_aliases:
|
|
- fas.stg.fedoraproject.org
|
|
- accounts.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: fedoracommunity.org
|
|
server_aliases:
|
|
- www.fedoracommunity.org
|
|
- stg.fedoracommunity.org
|
|
- fedoraproject.community
|
|
- fedora.community
|
|
- www.fedora.community
|
|
- www.fedoraproject.community
|
|
ssl: true
|
|
cert_name: fedoracommunity.org
|
|
SSLCertificateChainFile: fedoracommunity.org.intermediate.cert
|
|
|
|
- role: httpd/website
|
|
site_name: get.fedoraproject.org
|
|
server_aliases: [get.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: help.fedoraproject.org
|
|
server_aliases: [help.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: it.fedoracommunity.org
|
|
server_aliases: [it.fedoracommunity.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: uk.fedoracommunity.org
|
|
server_aliases:
|
|
- uk.fedoracommunity.org
|
|
- www.uk.fedoracommunity.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: tw.fedoracommunity.org
|
|
server_aliases:
|
|
- tw.fedoracommunity.org
|
|
- www.tw.fedoracommunity.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: communityblog.fedoraproject.org
|
|
server_aliases: [communityblog.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: people.fedoraproject.org
|
|
server_aliases: [people.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: join.fedoraproject.org
|
|
server_aliases: [join.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: l10n.fedoraproject.org
|
|
server_aliases: [l10n.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: start.fedoraproject.org
|
|
server_aliases: [start.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: kde.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: nightly.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: store.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: port389.org
|
|
server_aliases:
|
|
- www.port389.org
|
|
- 389tcp.org
|
|
- www.389tcp.org
|
|
ssl: false
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: transtats.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [transtats.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags:
|
|
- transtats
|
|
|
|
- role: httpd/website
|
|
site_name: whatcanidoforfedora.org
|
|
server_aliases:
|
|
- www.whatcanidoforfedora.org
|
|
- stg.whatcanidoforfedora.org
|
|
ssl: true
|
|
sslonly: true
|
|
certbot: true
|
|
tags:
|
|
- whatcanidoforfedora.org
|
|
|
|
- role: httpd/website
|
|
site_name: fedoramagazine.org
|
|
server_aliases: [www.fedoramagazine.org stg.fedoramagazine.org]
|
|
cert_name: fedoramagazine.org
|
|
SSLCertificateChainFile: fedoramagazine.org.intermediate.cert
|
|
sslonly: true
|
|
|
|
- role: httpd/website
|
|
site_name: k12linux.org
|
|
server_aliases:
|
|
- www.k12linux.org
|
|
ssl: false
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: fonts.fedoraproject.org
|
|
server_aliases: [fonts.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: meetbot.fedoraproject.org
|
|
server_aliases: [meetbot.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: meetbot-raw.fedoraproject.org
|
|
server_aliases: [meetbot-raw.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: fudcon.fedoraproject.org
|
|
server_aliases: [fudcon.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: ask.fedoraproject.org
|
|
server_aliases: [ask.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: badges.fedoraproject.org
|
|
server_aliases: [badges.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: paste.fedoraproject.org
|
|
server_aliases:
|
|
- paste.stg.fedoraproject.org
|
|
- modernpaste.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: coreos.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
when: env == "production"
|
|
tags:
|
|
- coreos.fedoraproject.org
|
|
|
|
|
|
#
|
|
# Make a website here so we can redirect it to paste.fedoraproject.org
|
|
#
|
|
- role: httpd/website
|
|
site_name: fpaste.org
|
|
certbot: true
|
|
server_aliases:
|
|
- www.fpaste.org
|
|
tags:
|
|
- fpaste.org
|
|
|
|
- role: httpd/website
|
|
site_name: koji.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases:
|
|
- koji.stg.fedoraproject.org
|
|
- kojipkgs.stg.fedoraproject.org
|
|
- buildsys.fedoraproject.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: kojipkgs.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases:
|
|
- kojipkgs01.fedoraproject.org
|
|
- kojipkgs02.fedoraproject.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
use_h2: false
|
|
|
|
- role: httpd/website
|
|
site_name: apps.fedoraproject.org
|
|
server_aliases: [apps.stg.fedoraproject.org]
|
|
sslonly: true
|
|
gzip: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: pdc.fedoraproject.org
|
|
server_aliases: [pdc.stg.fedoraproject.org]
|
|
sslonly: true
|
|
gzip: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: developer.fedoraproject.org
|
|
server_aliases: [developer.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
# This is just a redirect to developer, to make it easier for people to get
|
|
# here from Red Hat's developers.redhat.com (ticket #5216).
|
|
- role: httpd/website
|
|
site_name: developers.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: osbs.fedoraproject.org
|
|
server_aliases: [osbs.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: os.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
# The Connection and Upgrade headers don't work for h2
|
|
# So non-h2 is needed to fix websockets.
|
|
use_h2: false
|
|
tags:
|
|
- os.fedoraproject.org
|
|
|
|
- role: httpd/website
|
|
site_name: app.os.fedoraproject.org
|
|
server_aliases: ["*.app.os.fedoraproject.org"]
|
|
sslonly: true
|
|
cert_name: "{{os_wildcard_cert_name}}"
|
|
SSLCertificateChainFile: "{{os_wildcard_int_file}}"
|
|
# The Connection and Upgrade headers don't work for h2
|
|
# So non-h2 is needed to fix websockets.
|
|
use_h2: false
|
|
tags:
|
|
- app.os.fedoraproject.org
|
|
|
|
- role: httpd/website
|
|
site_name: os.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
# The Connection and Upgrade headers don't work for h2
|
|
# So non-h2 is needed to fix websockets.
|
|
use_h2: false
|
|
tags:
|
|
- os.stg.fedoraproject.org
|
|
|
|
- role: httpd/website
|
|
site_name: app.os.stg.fedoraproject.org
|
|
server_aliases: ["*.app.os.stg.fedoraproject.org"]
|
|
sslonly: true
|
|
cert_name: "{{os_wildcard_cert_name}}"
|
|
SSLCertificateChainFile: "{{os_wildcard_int_file}}"
|
|
# The Connection and Upgrade headers don't work for h2
|
|
# So non-h2 is needed to fix websockets.
|
|
use_h2: false
|
|
tags:
|
|
- app.os.stg.fedoraproject.org
|
|
|
|
- role: httpd/website
|
|
site_name: registry.fedoraproject.org
|
|
server_aliases: [registry.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: registry.centos.org
|
|
server_aliases: [registry.stg.centos.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: candidate-registry.fedoraproject.org
|
|
server_aliases: [candidate-registry.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: retrace.fedoraproject.org
|
|
server_aliases: [retrace.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: faf.fedoraproject.org
|
|
server_aliases: [faf.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: alt.fedoraproject.org
|
|
server_aliases:
|
|
- alt.stg.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
# Kinda silly that we have two entries here, one for prod and one for stg.
|
|
# This is inherited from our puppet setup -- we can collapse them as soon as
|
|
# is convenient. -- threebean
|
|
- role: httpd/website
|
|
site_name: taskotron.fedoraproject.org
|
|
server_aliases: [taskotron.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: taskotron.stg.fedoraproject.org
|
|
server_aliases: [taskotron.stg.fedoraproject.org]
|
|
# Set this explicitly to stg here.. as per the original puppet config.
|
|
SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: lists.fedoraproject.org
|
|
server_aliases: [lists.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: lists.fedorahosted.org
|
|
server_aliases: [lists.stg.fedorahosted.org]
|
|
sslonly: true
|
|
SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
|
|
cert_name: wildcard-2017.fedorahosted.org
|
|
|
|
- role: httpd/website
|
|
site_name: "id{{ env_suffix }}.fedoraproject.org"
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
stssubdomains: false
|
|
tags:
|
|
- id.fedoraproject.org
|
|
|
|
- role: httpd/website
|
|
site_name: "sso{{ env_suffix }}.fedoraproject.org"
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags:
|
|
- sso.fedoraproject.org
|
|
|
|
- role: httpd/website
|
|
site_name: username.id.fedoraproject.org
|
|
server_aliases:
|
|
- "*.id.fedoraproject.org"
|
|
# Must not be sslonly, because example.id.fedoraproject.org must be reachable
|
|
# via plain http for openid identity support
|
|
sslonly: false
|
|
cert_name: wildcard-2017.id.fedoraproject.org
|
|
SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert
|
|
tags:
|
|
- id.fedoraproject.org
|
|
when: env == "production"
|
|
|
|
- role: httpd/website
|
|
site_name: username.id.stg.fedoraproject.org
|
|
server_aliases:
|
|
- "*.id.stg.fedoraproject.org"
|
|
# Must not be sslonly, because example.id.fedoraproject.org must be reachable
|
|
# via plain http for openid identity support
|
|
sslonly: false
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
|
|
tags:
|
|
- id.fedoraproject.org
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: getfedora.org
|
|
server_aliases: [stg.getfedora.org]
|
|
sslonly: true
|
|
cert_name: getfedora.org
|
|
SSLCertificateChainFile: getfedora.org.intermediate.cert
|
|
|
|
- role: httpd/website
|
|
site_name: qa.fedoraproject.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
sslonly: true
|
|
|
|
- role: httpd/website
|
|
site_name: openqa.fedoraproject.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
server_aliases: [openqa.stg.fedoraproject.org]
|
|
sslonly: true
|
|
|
|
- role: httpd/website
|
|
site_name: redirect.fedoraproject.org
|
|
server_aliases: [redirect.stg.fedoraproject.org]
|
|
sslonly: true
|
|
gzip: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: geoip.fedoraproject.org
|
|
server_aliases: [geoip.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: codecs.fedoraproject.org
|
|
server_aliases: [codecs.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: jenkins.fedorainfracloud.org
|
|
cert_name: jenkins.fedorainfracloud.org
|
|
certbot: true
|
|
|
|
- role: httpd/website
|
|
site_name: beaker.qa.fedoraproject.org
|
|
server_aliases: [beaker.qa.fedoraproject.org]
|
|
# Set this explicitly to stg here.. as per the original puppet config.
|
|
SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
cert_name: "qa.fedoraproject.org"
|
|
|
|
- role: httpd/website
|
|
site_name: beaker.stg.fedoraproject.org
|
|
server_aliases: [beaker.stg.fedoraproject.org]
|
|
# Set this explicitly to stg here.. as per the original puppet config.
|
|
SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: qa.stg.fedoraproject.org
|
|
server_aliases: [qa.stg.fedoraproject.org]
|
|
cert_name: qa.stg.fedoraproject.org
|
|
SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: phab.qa.stg.fedoraproject.org
|
|
server_aliases: [phab.qa.stg.fedoraproject.org]
|
|
cert_name: qa.stg.fedoraproject.org
|
|
SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: docs.qa.stg.fedoraproject.org
|
|
server_aliases: [docs.qa.stg.fedoraproject.org]
|
|
cert_name: qa.stg.fedoraproject.org
|
|
SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
when: env == "staging"
|
|
|
|
- role: httpd/website
|
|
site_name: phab.qa.fedoraproject.org
|
|
server_aliases: [phab.qa.fedoraproject.org]
|
|
cert_name: qa.fedoraproject.org
|
|
SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
|
|
- role: httpd/website
|
|
site_name: data-analysis.fedoraproject.org
|
|
server_aliases: [data-analysis.stg.fedoraproject.org]
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: docs.qa.fedoraproject.org
|
|
server_aliases: [docs.qa.fedoraproject.org]
|
|
cert_name: qa.fedoraproject.org
|
|
SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
|
|
- role: httpd/website
|
|
site_name: nagios.fedoraproject.org
|
|
server_aliases: [nagios.stg.fedoraproject.org]
|
|
SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: mbs.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [mbs.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: odcs.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [odcs.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: odcs
|
|
|
|
- role: httpd/website
|
|
site_name: freshmaker.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [freshmaker.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: freshmaker
|
|
|
|
- role: httpd/website
|
|
site_name: greenwave.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [greenwave.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: koschei.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [koschei.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: koschei
|
|
|
|
- role: httpd/website
|
|
site_name: message-tagging-service.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [message-tagging-service.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: message-tagging-service
|
|
|
|
- role: httpd/website
|
|
site_name: waiverdb.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [waiverdb.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: silverblue.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [silverblue.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
- role: httpd/website
|
|
site_name: release-monitoring.org
|
|
sslonly: true
|
|
certbot: true
|
|
server_aliases: [stg.release-monitoring.org]
|
|
tags:
|
|
- release-monitoring.org
|
|
|
|
- role: httpd/website
|
|
site_name: lists.pagure.io
|
|
sslonly: true
|
|
certbot: true
|
|
tags:
|
|
- lists.pagure.io
|
|
|
|
- role: httpd/website
|
|
site_name: fpdc.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [fpdc.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: fpdc
|
|
|
|
- role: httpd/website
|
|
site_name: neuro.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [neuro.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: neuro
|
|
|
|
- role: httpd/website
|
|
site_name: elections.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [elections.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: elections
|
|
|
|
- role: httpd/website
|
|
site_name: wallpapers.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [wallpapers.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: wallpapers
|
|
|
|
- role: httpd/website
|
|
site_name: mdapi.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [mdapi.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: mdapi
|
|
|
|
- role: httpd/website
|
|
site_name: calendar.fedoraproject.org
|
|
sslonly: true
|
|
server_aliases: [calendar.stg.fedoraproject.org]
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags: calendar
|
|
|
|
# fedorahosted is retired. We have the site here so we can redirect it.
|
|
|
|
- role: httpd/website
|
|
site_name: fedorahosted.org
|
|
sslonly: true
|
|
server_aliases: [bzr.fedorahosted.org hg.fedorahosted.org svn.fedorahosted.org]
|
|
SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
|
|
cert_name: wildcard-2017.fedorahosted.org
|
|
|
|
- role: httpd/website
|
|
site_name: git.fedorahosted.org
|
|
sslonly: true
|
|
SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert
|
|
cert_name: wildcard-2017.fedorahosted.org
|
|
|
|
# planet.fedoraproject.org is not to be used, it's fedoraplanet.org
|
|
# We only have it here so we can redirect it with the correct cert
|
|
|
|
- role: httpd/website
|
|
site_name: planet.fedoraproject.org
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
|
|
# pkgs.fp.o will be an alias of src.fp.o once we get everyone over to https
|
|
# git push/pull. For now, we just want a cert via the certbot system.
|
|
- role: httpd/website
|
|
site_name: pkgs.fedoraproject.org
|
|
ssl: true
|
|
sslonly: true
|
|
certbot: true
|
|
certbot_addhost: pkgs02.phx2.fedoraproject.org
|
|
tags:
|
|
- pkgs.fedoraproject.org
|
|
when: env == "production" and "phx2" in inventory_hostname
|
|
|
|
- role: httpd/website
|
|
site_name: pkgs.stg.fedoraproject.org
|
|
ssl: true
|
|
sslonly: true
|
|
certbot: true
|
|
certbot_addhost: pkgs01.stg.phx2.fedoraproject.org
|
|
tags:
|
|
- pkgs.fedoraproject.org
|
|
when: env == "staging" and "phx2" in inventory_hostname
|
|
|
|
# Askbeta -> ask redirects
|
|
- role: httpd/website
|
|
site_name: askbeta.fedoraproject.org
|
|
ssl: true
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|
|
tags:
|
|
- askbeta.fedoraproject.org
|
|
|
|
|
|
#
|
|
# We setup this site for old ols papers
|
|
# This used to be on fedorapeople.org, but a new 'ols' user showed up, so
|
|
# that no longer works.
|
|
#
|
|
- role: httpd/website
|
|
site_name: ols.fedoraproject.org
|
|
sslonly: true
|
|
cert_name: "{{wildcard_cert_name}}"
|