This playbook intended to generate letsencrypt certs and deploy it (with corresponding nginx domain confs) to "loadbalancer" nodes.
For local env:
- Installed latest Ansible
- Installed latest docker
- Domain registered in route53 (that required letsencrypt certs)
- Route53 user key/secret with sufficient permissions (see letsencrypt-route53 for more information)
- The user used in playbook
playmust have ssh (auth by key is strongly recommended) access to "loadbalancer" node with passwordless sudo permissions.
aws_target_domain=<OUR_AWS_DOMAIN>
generate_ssl_cert=true/false(default)aws_access_key_id=<AWS_ACCESS_KEY_ID> #aws_secret_access_key=<AWS_SECRET_ACCESS_KEY> # This vars should be defined if you want to generate/renew letsencrypt certificates (whengenerate_ssl_cert/renew_ssl_certis defined)admin_email=<YOUR_EMAIL_HERE>" #deploy_nginx_conf=true/false(default) <define when you want to deploy generated nginx conf. By default will be deployed http conf. Ifdeploy_ssl_certis defined also will be deployed https >deploy_ssl_cert=true/false(default) <define when you want to deploy generated/renewed letsencrypt certificate>
- When we want to generate new letsencrypt certificate
ansible-playbook -i inventories/testing all.yaml --extra-vars "aws_target_domain=<OUR_AWS_DOMAIN> generate_ssl_cert=true aws_access_key_id=<AWS_ACCESS_KEY_ID> aws_secret_access_key=<AWS_SECRET_ACCESS_KEY> admin_email=<YOUR_EMAIL_HERE> --ask-sudo --private-key=~/.ssh/<YOUR_PRIVATE_KEY>"
- When we want to deploy nginx http configuration
ansible-playbook -i inventories/testing all.yaml --extra-vars "aws_target_domain=<OUR_AWS_DOMAIN> deploy_nginx_conf=true --ask-sudo --private-key=~/.ssh/<YOUR_PRIVATE_KEY>"
- When we want to deploy nginx http/https configurations and new/renewed certificates
ansible-playbook -i inventories/testing all.yaml --extra-vars "aws_target_domain=<OUR_AWS_DOMAIN> deploy_nginx_conf=true deploy_ssl_cert=true --ask-sudo --private-key=~/.ssh/<YOUR_PRIVATE_KEY>"