parent
685d029806
commit
df63295ef9
@ -0,0 +1,22 @@
|
||||
$HTTP["host"] == "{{ fqdn }}" {
|
||||
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
|
||||
setenv.add-environment = ("fqdn" => "true")
|
||||
|
||||
# Enable the SSL engine with a LE cert, only for this specific host
|
||||
$SERVER["socket"] == ":443" {
|
||||
ssl.engine = "enable"
|
||||
ssl.pemfile = "/etc/letsencrypt/live/{{ fqdn }}/combined.pem"
|
||||
ssl.ca-file = "/etc/letsencrypt/live/{{ fqdn }}/fullchain.pem"
|
||||
ssl.honor-cipher-order = "enable"
|
||||
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
|
||||
ssl.use-sslv2 = "disable"
|
||||
ssl.use-sslv3 = "disable"
|
||||
}
|
||||
|
||||
# Redirect HTTP to HTTPS
|
||||
$HTTP["scheme"] == "http" {
|
||||
$HTTP["host"] =~ ".*" {
|
||||
url.redirect = (".*" => "https://%0$0")
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,64 @@
|
||||
# https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771
|
||||
|
||||
- hosts: attitude-adjuster
|
||||
vars_files:
|
||||
- vars.yml.private
|
||||
tasks:
|
||||
|
||||
- name: install certbot
|
||||
package:
|
||||
name: certbot
|
||||
state: present
|
||||
become: yes
|
||||
|
||||
- name: clone the pi-hole repo
|
||||
git:
|
||||
repo: https://github.com/pi-hole/pi-hole.git
|
||||
dest: ~/src/pi-hole
|
||||
depth: 1
|
||||
|
||||
- name: obtain ssl certificates
|
||||
command: >-
|
||||
certbot certonly
|
||||
--webroot --webroot-path /var/www/html
|
||||
-d {{ fqdn }}
|
||||
-m alpha+lets.encrypt@kejadlen.dev
|
||||
--agree-tos
|
||||
--non-interactive
|
||||
args:
|
||||
creates: /etc/letsencrypt/live/{{ fqdn }}
|
||||
become: yes
|
||||
|
||||
- name: create combined pemfile
|
||||
shell: >-
|
||||
cat /etc/letsencrypt/live/{{ fqdn }}/privkey.pem
|
||||
/etc/letsencrypt/live/{{ fqdn }}/cert.pem >
|
||||
/etc/letsencrypt/live/{{ fqdn }}/combined.pem
|
||||
args:
|
||||
creates: /etc/letsencrypt/live/{{ fqdn }}/combined.pem
|
||||
become: yes
|
||||
|
||||
- name: let lighttpd read the pemfile
|
||||
file:
|
||||
path: /etc/letsencrypt/live/{{ fqdn }}
|
||||
state: directory
|
||||
recurse: yes
|
||||
owner: www-data
|
||||
become: yes
|
||||
|
||||
- name: update lighttpd configuration
|
||||
template:
|
||||
src: external.conf
|
||||
dest: /etc/lighttpd/external.conf
|
||||
become: yes
|
||||
notify: restart lighttpd
|
||||
|
||||
handlers:
|
||||
- name: restart lighttpd
|
||||
service:
|
||||
name: lighttpd
|
||||
state: restarted
|
||||
become: yes
|
||||
|
||||
|
||||
|
Loading…
Reference in new issue