Feature Request: Normalize SSL provider tasks

**What is the current behavior?**

 - `letsencrypt` has its own [role](https://github.com/roots/trellis/tree/master/roles/letsencrypt) whereas `self-signed-certificate` is embedded [inside](https://github.com/roots/trellis/blob/master/roles/wordpress-setup/tasks/self-signed-certificate.yml) `wordpress-setup`.

 - Although `letsencrypt` task is separated, its variables (for example: `letsencrypt_cert_ids`) are *leaded* to other tasks like `wordpress-setup` because they are used in Nginx templates.

**What is the expected or desired behavior?**

Normalize SSL provider tasks:

 - Separate `self-signed-certificate` task

 - SSL provider tasks (`letsencrypt` & `self-signed-certificate`) template their own Nginx config to `{{ nginx_path }}/includes.d/{{ item.key }}/ssl/xxx.conf` (Note: `ssl` subdirectory!)

 - Remove hardcoded Nginx ssl config, for example: 
 https://github.com/roots/trellis/blob/12ac783d24bc62b9426e88cc2c34d2294e1d078a/roles/wordpress-setup/templates/wordpress-site.conf.j2#L88-L103

 - Move SSL provider tasks after `wordpress-setup` to prevent [wordpress-setup/nginx-includes](https://github.com/roots/trellis/blob/ec9324ccbc1910115d382d0559784824084d683f/roles/wordpress-setup/tasks/nginx-includes.yml#L44) from deleting ssl nginx config.

**Please provide use cases for changing the current behavior:**

 - Serve as a reference for [third party SSL providers](https://github.com/typisttech/trellis-cloudflare-origin-ca)

 - Less trouble when working with `tags`, see: https://github.com/roots/trellis/pull/888#discussion_r139036684

 - Other tasks and custom Nginx template need less knowledge about SSL config. Whenever needed, include `{{ nginx_path }}/includes.d/{{ item.key }}/ssl/*.conf` is enough, see: https://github.com/roots/trellis/pull/888#discussion_r139283502



	{% if item.value.ssl.provider \| default('manual') == 'manual' and item.value.ssl.cert is defined and item.value.ssl.key is defined -%}
	ssl_certificate {{ nginx_path }}/ssl/{{ item.value.ssl.cert \| basename }};
	ssl_certificate_key {{ nginx_path }}/ssl/{{ item.value.ssl.key \| basename }};

	{% elif item.value.ssl.provider \| default('manual') == 'letsencrypt' -%}
	ssl_certificate {{ nginx_path }}/ssl/letsencrypt/{{ item.key }}-{{ letsencrypt_cert_ids[item.key] }}-bundled.cert;
	ssl_certificate_key {{ nginx_path }}/ssl/letsencrypt/{{ item.key }}.key;

	{% elif item.value.ssl.provider \| default('manual') == 'self-signed' -%}
	ssl_certificate {{ nginx_path }}/ssl/{{ item.key }}.cert;
	ssl_trusted_certificate {{ nginx_path }}/ssl/{{ item.key }}.cert;
	ssl_certificate_key {{ nginx_path }}/ssl/{{ item.key }}.key;

	{% endif -%}
	{% endif -%}
	{% endblock -%}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Feature Request: Normalize SSL provider tasks #893

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Feature Request: Normalize SSL provider tasks #893

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions