From 85c42db108648280073cff093d03dd98220ec89c Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 30 Jan 2021 12:09:23 +0200
Subject: [PATCH] Renew certs on the kodi host.
Should have been there, got lost in the shuffle.
---
renew-certs.yaml | 18 ++++++++++++++++++
roles/router/files/haproxy.cfg | 6 ++++--
2 files changed, 22 insertions(+), 2 deletions(-)
diff --git a/renew-certs.yaml b/renew-certs.yaml
index ae5252c..451fe85 100644
--- a/renew-certs.yaml
+++ b/renew-certs.yaml
@@ -65,6 +65,24 @@
tags:
- host01
+ - name: Issue certificate for kodi
+ include_tasks:
+ apply:
+ tags:
+ - kodi
+ file: '{{ playbook_dir }}/tasks/renew-cert.yaml'
+ vars:
+ domains:
+ - jellyfin.shore.co.il
+ - kodi.shore.co.il
+ - library.shore.co.il
+ - transmission.shore.co.il
+ handlers:
+ - Restart Nginx on kodi
+ host: kodi
+ tags:
+ - kodi
+
- name: Issue certificate for smtp
include_tasks:
apply:
diff --git a/roles/router/files/haproxy.cfg b/roles/router/files/haproxy.cfg
index 89bed2b..1368fd4 100644
--- a/roles/router/files/haproxy.cfg
+++ b/roles/router/files/haproxy.cfg
@@ -23,9 +23,10 @@ defaults
frontend http
bind 62.219.131.121:80
mode http
+ acl kodi hdr(host) -i jellyfin.shore.co.il
acl kodi hdr(host) -i kodi.shore.co.il
acl kodi hdr(host) -i library.shore.co.il
- acl kodi hdr(host) -i jellyfin.shore.co.il
+ acl kodi hdr(host) -i transmission.shore.co.il
use_backend kodi_http if kodi
default_backend host01_http
@@ -35,9 +36,10 @@ frontend https
option tcplog
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
+ acl kodi req_ssl_sni -i jellyfin.shore.co.il
acl kodi req_ssl_sni -i kodi.shore.co.il
acl kodi req_ssl_sni -i library.shore.co.il
- acl kodi req_ssl_sni -i jellyfin.shore.co.il
+ acl kodi req_ssl_sni -i transmission.shore.co.il
use_backend kodi_https if kodi
default_backend host01_https
--
GitLab