Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Normalize SSL provider tasks #893

Closed
tangrufus opened this issue Sep 19, 2017 · 2 comments
Closed

Feature Request: Normalize SSL provider tasks #893

tangrufus opened this issue Sep 19, 2017 · 2 comments

Comments

@tangrufus
Copy link
Collaborator

What is the current behavior?

  • letsencrypt has its own role whereas self-signed-certificate is embedded inside wordpress-setup.

  • Although letsencrypt task is separated, its variables (for example: letsencrypt_cert_ids) are leaded to other tasks like wordpress-setup because they are used in Nginx templates.

What is the expected or desired behavior?

Normalize SSL provider tasks:

  • Separate self-signed-certificate task

  • SSL provider tasks (letsencrypt & self-signed-certificate) template their own Nginx config to {{ nginx_path }}/includes.d/{{ item.key }}/ssl/xxx.conf (Note: ssl subdirectory!)

  • Remove hardcoded Nginx ssl config, for example:

    trellis/roles/wordpress-setup/templates/wordpress-site.conf.j2

    Lines 88 to 103 in 12ac783

    {% if item.value.ssl.provider | default('manual') == 'manual' and item.value.ssl.cert is defined and item.value.ssl.key is defined -%}
    ssl_certificate {{ nginx_path }}/ssl/{{ item.value.ssl.cert | basename }};
    ssl_certificate_key {{ nginx_path }}/ssl/{{ item.value.ssl.key | basename }};
    {% elif item.value.ssl.provider | default('manual') == 'letsencrypt' -%}
    ssl_certificate {{ nginx_path }}/ssl/letsencrypt/{{ item.key }}-{{ letsencrypt_cert_ids[item.key] }}-bundled.cert;
    ssl_certificate_key {{ nginx_path }}/ssl/letsencrypt/{{ item.key }}.key;
    {% elif item.value.ssl.provider | default('manual') == 'self-signed' -%}
    ssl_certificate {{ nginx_path }}/ssl/{{ item.key }}.cert;
    ssl_trusted_certificate {{ nginx_path }}/ssl/{{ item.key }}.cert;
    ssl_certificate_key {{ nginx_path }}/ssl/{{ item.key }}.key;
    {% endif -%}
    {% endif -%}
    {% endblock -%}

  • Move SSL provider tasks after wordpress-setup to prevent wordpress-setup/nginx-includes from deleting ssl nginx config.

Please provide use cases for changing the current behavior:
@swalkinshaw
Copy link
Member

I like the sound of all of this 👍 seems like a nice improvement with the separate roles

But I reserve the right to see it first 😛

@tangrufus tangrufus mentioned this issue Sep 21, 2017
Closed
@swalkinshaw swalkinshaw reopened this Feb 3, 2018
@roots roots deleted a comment from roots-ladybug Feb 3, 2018
@fullyint fullyint mentioned this issue Mar 11, 2018
Closed
5 tasks
@strarsis strarsis mentioned this issue Jun 5, 2021
Open
3 tasks
@swalkinshaw
Copy link
Member

Closing since this issue was related to #896

#1310 is a potential successor to this that still needs work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@swalkinshaw @tangrufus @roots-ladybug