switch to dev.publik.love domain (#27824)
Download the certifcate chain and adapt nginx configuration. publik.love certificates beeing handled by letsencrypt, we can also get rid of the hacks around request.
This commit is contained in:
parent
f456b0107f
commit
fd1148098c
|
@ -3,73 +3,73 @@ django_version: 1.11.15
|
|||
git_ssh: false
|
||||
clone_repo: true
|
||||
src_dir: "/home/{{user}}/src"
|
||||
ssl_certificate: "/etc/ssl/certs/*.local.publik.crt"
|
||||
ssl_certificate_key: "/etc/ssl/private/*.local.publik.key"
|
||||
ssl_certificate: "{{venv_certs}}/dev.publik.love-fullchain.pem"
|
||||
ssl_certificate_key: "{{venv_certs}}/dev.publik.love-privkey.pem"
|
||||
venv: "/home/{{user}}/envs/publik-env"
|
||||
user: publik
|
||||
apps:
|
||||
authentic:
|
||||
db_name: authentic_multitenant
|
||||
host_pattern: "*-authentic.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-authentic\.local\.publik$'
|
||||
host_pattern: "*authentic.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)authentic\.dev\.publik\.love$'
|
||||
project_name: authentic-multitenant
|
||||
server_port: 8000
|
||||
combo:
|
||||
db_name: combo
|
||||
host_pattern: "*-combo.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-combo\.local\.publik$'
|
||||
host_pattern: "*combo.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)combo\.dev\.publik\.love$'
|
||||
project_name: combo
|
||||
server_port: 8004
|
||||
hobo:
|
||||
db_name: hobo
|
||||
host_pattern: "*-hobo.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-hobo\.local\.publik$'
|
||||
host_pattern: "*hobo.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)hobo\.dev\.publik\.love$'
|
||||
project_name: hobo
|
||||
server_port: 8016
|
||||
passerelle:
|
||||
db_name: passerelle
|
||||
host_pattern: "*-passerelle.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-passerelle\.local\.publik$'
|
||||
host_pattern: "*passerelle.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)passerelle\.dev\.publik\.love$'
|
||||
project_name: passerelle
|
||||
server_port: 8024
|
||||
fargo:
|
||||
db_name: fargo
|
||||
host_pattern: "*-fargo.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-fargo\.local\.publik$'
|
||||
host_pattern: "*fargo.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)fargo\.dev\.publik\.love$'
|
||||
project_name: fargo
|
||||
server_port: 8036
|
||||
chrono:
|
||||
db_name: chrono
|
||||
host_pattern: "*-chrono.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-chrono\.local\.publik$'
|
||||
host_pattern: "*chrono.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)chrono\.dev\.publik\.love$'
|
||||
project_name: chrono
|
||||
server_port: 8040
|
||||
bijoe:
|
||||
db_name: bijoe
|
||||
host_pattern: "*-bijoe.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-bijoe\.local\.publik$'
|
||||
host_pattern: "*bijoe.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)bijoe\.dev\.publik\.love$'
|
||||
project_name: bijoe
|
||||
server_port: 8048
|
||||
wcs:
|
||||
db_name: wcs
|
||||
host_pattern: "*-wcs.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-wcs\.local\.publik$'
|
||||
host_pattern: "*wcs.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)wcs\.dev\.publik\.love$'
|
||||
project_name: wcs
|
||||
server_port: 8032
|
||||
welco:
|
||||
db_name: welco
|
||||
host_pattern: "*-welco.local.publik"
|
||||
nginx_host_pattern: '~^(.*)\-welco\.local\.publik$'
|
||||
host_pattern: "*welco.dev.publik.love"
|
||||
nginx_host_pattern: '~^(.*)welco\.dev\.publik\.love$'
|
||||
project_name: welco
|
||||
server_port: 8052
|
||||
tenants_conf:
|
||||
connexion-authentic: "connexion-authentic.local.publik"
|
||||
agent-combo: "agent-combo.local.publik"
|
||||
user-combo: "user-combo.local.publik"
|
||||
dev-hobo: "dev-hobo.local.publik"
|
||||
demarches-wcs: "demarches-wcs.local.publik"
|
||||
dev-passerelle: "dev-passerelle.local.publik"
|
||||
dev-fargo: "dev-fargo.local.publik"
|
||||
dev-chrono: "dev-chrono.local.publik"
|
||||
dev-bijoe: "dev-bijoe.local.publik"
|
||||
dev-welco: # disabled by default -- could be "dev-welco.local.publik"
|
||||
connexion-authentic: "authentic.dev.publik.love"
|
||||
agent-combo: "agent-combo.dev.publik.love"
|
||||
user-combo: "combo.dev.publik.love"
|
||||
dev-hobo: "hobo.dev.publik.love"
|
||||
demarches-wcs: "wcs.dev.publik.love"
|
||||
dev-passerelle: "passerelle.dev.publik.love"
|
||||
dev-fargo: "fargo.dev.publik.love"
|
||||
dev-chrono: "chrono.dev.publik.love"
|
||||
dev-bijoe: "bijoe.dev.publik.love"
|
||||
dev-welco: # disabled by default -- could be "welco.dev.publik.love"
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
vars:
|
||||
themes_dir: "{{venv}}/themes"
|
||||
venv_bin: "{{venv}}/bin"
|
||||
venv_certs: "{{venv}}/certs"
|
||||
venv_conf: "{{venv}}/conf"
|
||||
venv_pip: "{{venv_bin}}/pip"
|
||||
venv_python: "{{venv_bin}}/python"
|
||||
|
|
|
@ -10,8 +10,6 @@ execfile('{{src_dir}}/hobo/debian/debian_config_common.py')
|
|||
|
||||
THEMES_DIRECTORY = '{{themes_dir}}'
|
||||
|
||||
os.environ['REQUESTS_CA_BUNDLE'] = '/etc/ssl/certs/ca-certificates.crt'
|
||||
|
||||
ALLOWED_HOSTS = ['*']
|
||||
|
||||
LOGGING = {
|
||||
|
|
|
@ -98,3 +98,24 @@
|
|||
src: "{{ src_dir }}/publik-base-theme"
|
||||
path: "{{themes_dir}}/publik-base"
|
||||
state: link
|
||||
|
||||
- name: create cert directory
|
||||
file:
|
||||
path: "{{venv_certs}}"
|
||||
state: directory
|
||||
tags:
|
||||
- tls
|
||||
|
||||
- name: Download fullchain.pem
|
||||
get_url:
|
||||
url: https://doc-publik.entrouvert.com/media/certificates/dev.publik.love/fullchain.pem
|
||||
dest: "{{venv_certs}}/dev.publik.love-fullchain.pem"
|
||||
tags:
|
||||
- tls
|
||||
|
||||
- name: Download privkey.pem
|
||||
get_url:
|
||||
url: https://doc-publik.entrouvert.com/media/certificates/dev.publik.love/privkey.pem
|
||||
dest: "{{venv_certs}}/dev.publik.love-privkey.pem"
|
||||
tags:
|
||||
- tls
|
||||
|
|
|
@ -24,9 +24,3 @@
|
|||
src: "{{ src_dir }}/bijoe/debian/import-wcs-data.sh"
|
||||
dest: "{{ venv_bin }}/import-wcs-data.sh"
|
||||
mode: u+x
|
||||
|
||||
- name: import-wcs-data wrapper script
|
||||
template:
|
||||
src: "bijoe-import-wcs-data.j2"
|
||||
dest: "{{ venv_bin }}/bijoe-import-wcs-data.sh"
|
||||
mode: u+x
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
|
||||
{{ venv_bin}}/import-wcs-data.sh
|
|
@ -12,7 +12,7 @@ AGENT_HOST_PATTERNS = {
|
|||
{% filter upper %}{{appkey}}{% endfilter %}_MANAGE_COMMAND = "{{venv_bin}}/{{app['project_name']}}-manage"
|
||||
{% filter upper %}{{appkey}}{% endfilter %}_MANAGE_TRY_COMMAND = {% filter upper %}{{appkey}}{% endfilter %}_MANAGE_COMMAND
|
||||
{% else %}
|
||||
WCS_MANAGE_COMMAND = "REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt {{venv_bin}}/wcsctl.py -f {{venv_conf}}/wcs.cfg"
|
||||
WCS_MANAGE_COMMAND = "{{venv_bin}}/wcsctl.py -f {{venv_conf}}/wcs.cfg"
|
||||
WCS_MANAGE_TRY_COMMAND = "{{venv_bin}}/wcsctl.py"
|
||||
{% endif %}
|
||||
{% endfor %}
|
|
@ -4,14 +4,14 @@ local:
|
|||
localhost:
|
||||
ansible_connection: local
|
||||
tenants_conf:
|
||||
connexion-authentic: "customname-authentic.local.publik"
|
||||
agent-combo: "customname-combo.local.publik"
|
||||
user-combo: "customname-combo.local.publik"
|
||||
dev-hobo: "customname-hobo.local.publik"
|
||||
demarches-wcs: "customname-wcs.local.publik"
|
||||
dev-passerelle: "customname-passerelle.local.publik"
|
||||
dev-fargo: "customname-fargo.local.publik"
|
||||
dev-chrono: "customname-chrono.local.publik"
|
||||
dev-bijoe: "customname-bijoe.local.publik"
|
||||
dev-welco: "customname-welco.local.publik"
|
||||
connexion-authentic: "customname-authentic.dev.publik.love"
|
||||
agent-combo: "customname-agent-combo.dev.publik.love"
|
||||
user-combo: "customname-combo.dev.publik.love"
|
||||
dev-hobo: "customname-hobo.dev.publik.love"
|
||||
demarches-wcs: "customname-wcs.dev.publik.love"
|
||||
dev-passerelle: "customname-passerelle.dev.publik.love"
|
||||
dev-fargo: "customname-fargo.dev.publik.love"
|
||||
dev-chrono: "customname-chrono.dev.publik.love"
|
||||
dev-bijoe: "customname-bijoe.dev.publik.love"
|
||||
dev-welco: "customname-welco.dev.publik.love"
|
||||
|
||||
|
|
Loading…
Reference in New Issue