v8.1.5: Update LetsEncrypt setup for proxy support and HAProxy integration

Removed unused local connection in Ansible roles and added support to pass proxy settings to the LetsEncrypt role. Also introduced HAProxy directory handling in the certificate generation logic to improve flexibility with server configurations.
2025-01-21 11:11:34 +03:00 · 2025-01-21 11:11:34 +03:00 · b0251f7be8
parent ed0c1fddee
commit b0251f7be8
4 changed files with 9 additions and 4 deletions
--- a/app/scripts/ansible/roles/letsencrypt.yml
+++ b/app/scripts/ansible/roles/letsencrypt.yml
@ -7,3 +7,6 @@
  gather_facts: yes
  roles:
    - role: letsencrypt
+      environment:
+        http_proxy: "{{PROXY}}"
+        https_proxy: "{{PROXY}}"
--- a/app/scripts/ansible/roles/letsencrypt/tasks/install.yml
+++ b/app/scripts/ansible/roles/letsencrypt/tasks/install.yml
@ -34,7 +34,7 @@
        https_proxy: "{{PROXY}}"

    - name: Get cert
-      command: certbot certonly --standalone "{{domains_command}}" --non-interactive --agree-tos --email "{{email}}" --http-01-port=8888
+      command: "certbot certonly --standalone {{domains_command}} --non-interactive --agree-tos --email {{email}} --http-01-port=8888"

    - name: Combine into pem file
      shell: "cat /etc/letsencrypt/live/{{main_domain}}/fullchain.pem /etc/letsencrypt/live/{{main_domain}}/privkey.pem > {{ssl_path}}/{{main_domain}}.pem"
--- a/app/scripts/ansible/roles/letsencrypt_standalone.yml
+++ b/app/scripts/ansible/roles/letsencrypt_standalone.yml
@ -1,7 +1,6 @@
 ---
 - name: Obtain Lets Encrypt certificate
  hosts: all
-  connection: local
  become: yes
  become_method: sudo
  gather_facts: yes
--- a/app/views/service/lets_encrypt_views.py
+++ b/app/views/service/lets_encrypt_views.py
@ -263,6 +263,7 @@ class LetsEncryptView(MethodView):
        inv = {"server": {"hosts": {}}}
        masters = server_sql.is_master(server_ip)
        ssl_path = common.return_nice_path(sql.get_setting('cert_path'), is_service=0)
+        haproxy_dir = sql.get_setting('haproxy_dir')

        if data.type == 'standalone':
            server_ip = server_sql.get_server(data.server_id).ip
@ -292,7 +293,8 @@ class LetsEncryptView(MethodView):
                    'main_domain': main_domain,
                    'servers': servers,
                    'action': action,
-                    'cert_type': data.type
+                    'cert_type': data.type,
+                    'haproxy_dir': haproxy_dir
                }
                server_ips.append(master[0])

@ -305,7 +307,8 @@ class LetsEncryptView(MethodView):
            'main_domain': main_domain,
            'servers': servers,
            'action': action,
-            'cert_type': data.type
+            'cert_type': data.type,
+            'haproxy_dir': haproxy_dir
        }

        server_ips.append(server_ip)