use https

This commit is contained in:
Jean-Marie Mineau 2021-01-27 00:26:01 +01:00
parent 2f6663b164
commit 05ad85b946
4 changed files with 52 additions and 6 deletions

View file

@ -4,5 +4,4 @@
- hosts: gitea_host - hosts: gitea_host
roles: roles:
- install_docker - install_docker
- generate_self_signed_certificate
- install_gitea - install_gitea

View file

@ -0,0 +1,5 @@
---
- name: restart gitea
docker_compose:
project_src: /var/local/gitea
restarted: yes

View file

@ -4,6 +4,17 @@
path: /var/local/gitea path: /var/local/gitea
state: directory state: directory
- name: Ensure the user gitea exist
user:
name: gitea
create_home: no
password_lock: yes
register: gitea_user
- name: Retrieve info about users
getent:
database: passwd
- name: Warning - name: Warning
debug: debug:
msg: This is a test server, do not use in production msg: This is a test server, do not use in production
@ -23,11 +34,42 @@
- name: Copy key - name: Copy key
copy: copy:
src: /var/certificates/{{ server_hostname }}_privkey.pem src: /var/certificates/{{ server_hostname }}_privkey.pem
dest: /var/local/keycloak/certificates/tls.key dest: /var/local/gitea/gitea/key.pem
owner: gitea
group: gitea
mode: 0600
remote_src: yes remote_src: yes
notify: restart gitea
- name: Copy certificate - name: Copy certificate
copy: copy:
src: /var/certificates/{{ server_hostname }}_cert.pem src: /var/certificates/{{ server_hostname }}_cert.pem
dest: /var/local/keycloak/certificates/tls.crt dest: /var/local/gitea/gitea/cert.pem
owner: gitea
group: gitea
remote_src: yes remote_src: yes
notify: restart gitea
- name: Specify the link the private key
lineinfile:
path: /var/local/gitea/gitea/gitea/conf/app.ini
insertafter: '^\[server\]'
regexp: '^KEY_FILE'
line: KEY_FILE = /data/key.pem
notify: restart gitea
- name: Specify the link the private key
lineinfile:
path: /var/local/gitea/gitea/gitea/conf/app.ini
insertafter: '^\[server\]'
regexp: '^CERT_FILE'
line: CERT_FILE = /data/cert.pem
notify: restart gitea
- name: Use https
lineinfile:
path: /var/local/gitea/gitea/gitea/conf/app.ini
insertafter: '^\[server\]'
regexp: '^PROTOCOL'
line: PROTOCOL = https
notify: restart gitea

View file

@ -10,8 +10,8 @@ services:
image: gitea/gitea:1.13.1 image: gitea/gitea:1.13.1
container_name: gitea container_name: gitea
environment: environment:
- USER_UID=1000 - USER_UID={{ getent_passwd["gitea"].1 }}
- USER_GID=1000 - USER_GID={{ getent_passwd["gitea"].2 }}
- DB_TYPE=postgres - DB_TYPE=postgres
- DB_HOST=db:5432 - DB_HOST=db:5432
- DB_NAME=gitea - DB_NAME=gitea
@ -25,7 +25,7 @@ services:
- /etc/timezone:/etc/timezone:ro - /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
ports: ports:
- "80:3000" - "443:3000"
- "222:22" - "222:22"
depends_on: depends_on:
- db - db