ansible 安装 ssl 实现https访问
1-配置 在负载均衡上配置 ssl
2-在 web上 的配置文件, 开启 fastcgi_param HTTPS on;
[root@m01 /etc/ansible/roles/ssl/tasks]#cat main.yml
- name: copy ssl_lb_proxy.conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- {src: 'wp_ssl_lb_proxy.conf', dest: '/etc/nginx/conf.d/lb_proxy.conf' }
- {src: 'admin_ssl_lb_proxy.conf', dest: '/etc/nginx/conf.d/admin_lb_proxy.conf'}
- {src: 'ssl_key', dest: '/etc/nginx/' }
when: ansible_hostname is match "lb*"
notify: Restart Nginx Server
- name: copy wordpress.conf
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
with_items:
- {src: 'a_wordpress.conf', dest: '/etc/nginx/conf.d/a_wordpress.conf' }
- {src: 'admin.conf', dest: '/etc/nginx/conf.d/admin.conf' }
when: ansible_hostname is match "web*"
notify: Restart Nginx Serve
[root@m01 /etc/ansible/roles/ssl/files]#cat admin.conf
server {
listen 80;
server_name admin.baimei.com;
location / {
root /code/admin;
index index.php index.html;
}
location ~ \.php$ {
root /code/admin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param HTTPS on;
}
}
[root@m01 /etc/ansible/roles/ssl/files]#cat admin_ssl_lb_proxy.conf
upstream blog1 {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name admin.baimei.com;
location / {
return 302 https://$server_name$1;
}
}
server {
listen 443 ssl;
server_name admin.baimei.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://blog1;
include proxy_params;
}
}
[root@m01 /etc/ansible/roles/ssl/files]#cat a_wordpress.conf
server {
listen 80;
server_name wordpress.baimei.com;
root /code/wordpress;
index index.php index.html;
location ~ \.php$ {
root /code/wordpress;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param HTTPS on;
}
}
[root@m01 /etc/ansible/roles/ssl/files]#cat wp_ssl_lb_proxy.conf
upstream blog {
server 172.16.1.7:80;
server 172.16.1.8:80;
}
server {
listen 80;
server_name wordpress.baimei.com;
location / {
return 302 https://$server_name$1;
}
}
server {
listen 443 ssl;
server_name wordpress.baimei.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
location / {
proxy_pass http://blog;
include proxy_params;
}
}
server {
listen 80;
server_name zh.baimei.com;
location / {
proxy_pass http://blog;
include proxy_params;
}
}