typisttech / trellis-cloudflare-origin-ca Goto Github PK
View Code? Open in Web Editor NEWAdd Cloudflare Origin CA to Trellis as a SSL provider
Home Page: https://www.typist.tech/projects/trellis-cloudflare-origin-ca
License: MIT License
Add Cloudflare Origin CA to Trellis as a SSL provider
Home Page: https://www.typist.tech/projects/trellis-cloudflare-origin-ca
License: MIT License
Hi, simple question. You have set the certificate days default value to 7. What happens when the certificate generated by this expires? Does it auto renew or do you have to reprovision the take again to generate a new one?
Many thanks
Hello,
I've used your package several times. Now when trying to reprovision a new server it is failing with the below. Any ideas? All my setup is correct as I have used your package before.
Many thanks,
Aaron
TASK [TypistTech.trellis-cloudflare-origin-ca : Add Cloudflare key] ************
fatal: [***********]: FAILED! => {"changed": false, "msg": "Failed to download key at https://pkg.cloudflare.com/pubkey.gpg: HTTP Error 404: Not Found"}
Trellis task named "Remove unmanaged files from includes.d" removes all cert configs on each server provisions. Very annoying.
What is the current behavior?
When adding domains or changing the site_hosts the cloudflare_origin_ca doesn't get updated because {site_key}.pem already exists.
[FATAL] Certificate file "{site_key}.pem" already exists, use -overwrite to overwrite
This results in cloudflare not adding the origin ca to additional domains or updating the hostnames.
What is the expected or desired behavior?
I think this behavior should be documented and/or be resolved. A solution would be to allowing to overwrite the certificate file name or passing -overwrite using an argument.
Replace any X
with your information.
What is the current behavior?
400 Bad Request
No required SSL certificate was sent after running ansible-playbook server.yml -e env=staging -t cloudflare-origin-ca
(delete this section if not applicable)
Please provide steps to reproduce, including full log output:
X Somehow nothing in nginx logs.
Please describe your local environment:
Ansible version: 2.5
OS: macOS 10.13.3
Vagrant version: n/a
Trellis commit: 9dfddfd
Where did the bug happen? Development or remote servers?
X Remote
Why don't you create a pull request to fix it?
X Not sure what causes the error
Other relevant information:
X Cloudflare has generated the Origin cert, and it seems client cert field has been updated in nginx config.
Hi,
I have started using Trellis recently and in the last couple of days, I see that my Cloudflare dashboard has about 4 origin certificates with the same domains in it.
Is it not possible that we create one origin certificate defining example.com and *.example.com from the dashboard and this plugin picks that instead of creating a new one every time?
I am not very clear about what exactly triggered the new certificates, it might be the creation of a new machine on Google Cloud. I have provisioned the server multiple times so higher chances are that creation of a new machine and then the first provision on that creates a new origin certificate.
Nonetheless, could you please shed some light on this matter. Does Cloudflare limit the number of origin certificates creation? And if by any chance referencing an old manually created certificate is possible, and if that would help.
All I see is 4 certificates on my dashboard which I will manually delete.
I have multiple sites on one trellis, and some use different cloudflare accounts. When attempting to use a combination of manual and cloudflare it says that it can't find the domain (predictably) but, it shouldn't be trying to because i have those set to manual SSL.
What I've done for now is set all sites to manual, then it provisions successfully.
Another solution could be using multiple account keys and setting them for each site in wordpress_sites.yml or vault.yml
This could just be some weird edge case that nobody ever does though. :)
TASK [TypistTech.trellis-cloudflare-origin-ca : fail] **************************
[DEPRECATION WARNING]: evaluating ssl_enabled and item.value.ssl.provider |
default('manual') == 'cloudflare-origin-ca' as a bare variable, this behaviour
will go away and you might need to add |bool to the expression in the future.
Also see CONDITIONAL_BARE_VARS configuration toggle.. This feature will be
removed in version 2.12. Deprecation warnings can be disabled by setting
deprecation_warnings=False in ansible.cfg.
Prevent users using insecure settings
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.