18 lines
1.1 KiB
YAML
18 lines
1.1 KiB
YAML
---
|
|
- block:
|
|
- name: Install the socat binary needed to talk to the haproxy socket
|
|
apt: name=socat state=latest update_cache=yes cache_valid_time=3600
|
|
|
|
- name: Install a script that refreshes the OCSP configuration and reloads haproxy if needed
|
|
get_url: url='https://raw.githubusercontent.com/pierky/haproxy-ocsp-stapling-updater/master/hapos-upd' dest=/usr/local/bin/hapos-upd owner=root group=root mode=0755
|
|
|
|
- name: Install a cron job that refreshes the OCSP configuration
|
|
cron:
|
|
name: "Refresh the haproxy OCSP information"
|
|
user: root
|
|
special_time: daily
|
|
job: "/usr/local/bin/hapos-upd {% if haproxy_docker_container %}-S{% endif %} --cert {{ haproxy_cert_dir }}/haproxy.pem -v {{ letsencrypt_acme_certs_dir }}/fullchain -s {% if not haproxy_docker_container %}{{ haproxy_admin_socket }}{% else %}{{ haproxy_docker_socket_dir }}/{{ haproxy_admin_socket_file }}{% endif %} -v - >/var/log/hapos-upd.log 2>&1{% if haproxy_docker_container %} ; docker kill --signal USR2 $(docker container ls --filter name=haproxy_haproxy --quiet){% endif %}"
|
|
|
|
tags: [ 'haproxy', 'letsencrypt', 'ssl', 'ssl_ocsp' ]
|
|
|