51工具盒子

依楼听风雨
笑看云卷云舒,淡观潮起潮落

ansible 安装 ssl 实现https访问

ansible 安装 ssl 实现https访问

1-配置 在负载均衡上配置 ssl

2-在 web上 的配置文件, 开启 fastcgi_param HTTPS on;

[root@m01 /etc/ansible/roles/ssl/tasks]#cat main.yml 
- name:  copy ssl_lb_proxy.conf 
  copy: 
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - {src: 'wp_ssl_lb_proxy.conf', dest: '/etc/nginx/conf.d/lb_proxy.conf' }
    - {src: 'admin_ssl_lb_proxy.conf', dest: '/etc/nginx/conf.d/admin_lb_proxy.conf'}
    - {src: 'ssl_key', dest: '/etc/nginx/' }
  when: ansible_hostname is match "lb*"  
  notify: Restart Nginx Server
- name: copy wordpress.conf 
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - {src: 'a_wordpress.conf', dest: '/etc/nginx/conf.d/a_wordpress.conf' }
    - {src: 'admin.conf', dest: '/etc/nginx/conf.d/admin.conf' }
  when: ansible_hostname is match "web*"
  notify: Restart Nginx Serve

[root@m01 /etc/ansible/roles/ssl/files]#cat admin.conf 
server {
listen 80;
server_name admin.baimei.com;

location / {
root /code/admin;
index index.php index.html;
}

location ~ \.php$ {
root /code/admin;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param HTTPS on;
}
}

[root@m01 /etc/ansible/roles/ssl/files]#cat admin_ssl_lb_proxy.conf 
upstream blog1 {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
}

server {

	listen 80;
	server_name admin.baimei.com;
	location / {
	return 302 https://$server_name$1;
}
}

server {
        listen 443 ssl;
        server_name admin.baimei.com;
	ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        
        location / {
                proxy_pass http://blog1;
                include proxy_params;
        }
}

[root@m01 /etc/ansible/roles/ssl/files]#cat a_wordpress.conf 
server {
    listen 80;
    server_name wordpress.baimei.com;
    root /code/wordpress;
    index index.php index.html;

        location ~ \.php$ {
        root /code/wordpress;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include        fastcgi_params;
                fastcgi_param HTTPS on;
        }
}

[root@m01 /etc/ansible/roles/ssl/files]#cat wp_ssl_lb_proxy.conf 
upstream blog {
        server 172.16.1.7:80;
        server 172.16.1.8:80;
}

server {

	listen 80;
	server_name wordpress.baimei.com;
	location / {
	return 302 https://$server_name$1;
}
}

server {
        listen 443 ssl;
        server_name wordpress.baimei.com;
	ssl_certificate ssl_key/server.crt;
        ssl_certificate_key ssl_key/server.key;
        
        location / {
                proxy_pass http://blog;
                include proxy_params;
        }
}



server {
        listen 80;
        server_name zh.baimei.com;
       
        location / {
                proxy_pass http://blog;
                include proxy_params;
        }       
}
赞(4)
未经允许不得转载:工具盒子 » ansible 安装 ssl 实现https访问