Renew certs on the kodi host.

Should have been there, got lost in the shuffle.

Renew certs on the kodi host.
85c42db1 · nimrod · 209cf095 · 85c42db1 · 85c42db1
Commit 85c42db1 authored 4 years ago by nimrod
--- a/renew-certs.yaml
+++ b/renew-certs.yaml
@@ -65,6 +65,24 @@
      tags:
        - host01

+    - name: Issue certificate for kodi
+      include_tasks:
+        apply:
+          tags:
+            - kodi
+        file: '{{ playbook_dir }}/tasks/renew-cert.yaml'
+      vars:
+        domains:
+          - jellyfin.shore.co.il
+          - kodi.shore.co.il
+          - library.shore.co.il
+          - transmission.shore.co.il
+        handlers:
+          - Restart Nginx on kodi
+        host: kodi
+      tags:
+        - kodi
+
    - name: Issue certificate for smtp
      include_tasks:
        apply:

--- a/roles/router/files/haproxy.cfg
+++ b/roles/router/files/haproxy.cfg
@@ -23,9 +23,10 @@ defaults
 frontend http
        bind 62.219.131.121:80
        mode http
+        acl kodi hdr(host) -i jellyfin.shore.co.il
        acl kodi hdr(host) -i kodi.shore.co.il
        acl kodi hdr(host) -i library.shore.co.il
-        acl kodi hdr(host) -i jellyfin.shore.co.il
+        acl kodi hdr(host) -i transmission.shore.co.il
        use_backend kodi_http if kodi
        default_backend host01_http

@@ -35,9 +36,10 @@ frontend https
        option tcplog
        tcp-request inspect-delay 5s
        tcp-request content accept if { req_ssl_hello_type 1 }
+        acl kodi req_ssl_sni -i jellyfin.shore.co.il
        acl kodi req_ssl_sni -i kodi.shore.co.il
        acl kodi req_ssl_sni -i library.shore.co.il
-        acl kodi req_ssl_sni -i jellyfin.shore.co.il
+        acl kodi req_ssl_sni -i transmission.shore.co.il
        use_backend kodi_https if kodi
        default_backend host01_https