mariadb.yml aktualisiert

This commit is contained in:
olli 2024-05-27 13:43:45 +02:00
parent 66fc3ec4ba
commit 05661d3c8b

View File

@ -61,25 +61,32 @@
marker: "# {mark} ANSIBLE MANAGED BLOCK"
block: |
cd /home/docker/mariadb.{{inventory_hostname}}
[ -d ssl ] && rm -r ssl
mkdir ssl
cd ssl
openssl genrsa 4096 > ca-key.pem
openssl req -new -x509 -nodes -days 109500 -key ca-key.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > ca-cert.pem
openssl req -newkey rsa:4096 -days 109500 -nodes -keyout server-key-pkcs8.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > server-req.pem
openssl rsa -in server-key-pkcs8.pem -out server-key.pem
openssl x509 -req -in server-req.pem -days 109500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
openssl req -newkey rsa:4096 -days 109500 -nodes -keyout client-key-pkcs8.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > client-req.pem
openssl rsa -in client-key-pkcs8.pem -out client-key.pem
openssl x509 -req -in client-req.pem -days 109500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
# take letsencrypt-certs from traefik
cat /home/docker/traefik/letsencrypt/acme.json | jq -r ".letsencrypt.Certificates[] | select(.domain.main==\"mail.{{inventory_hostname}}\") | .key" | base64 -d >/home/docker/mailcow-dockerized/data/assets/ssl/server-key.pem
cat /home/docker/traefik/letsencrypt/acme.json | jq -r ".letsencrypt.Certifcates[] | select(.domain.main==\"mail.{{inventory_hostname}}\") | .certificate" | base64 -d >/home/docker/mailcow-dockerized/data/assets/ssl/server-cert.pem
docker restart $(docker ps -qaf name=postfix-mailcow)
docker restart $(docker ps -qaf name=dovecot-mailcow)
chmod 400 *.pem
chown 999 *.pem
chown 999 *.pem
#openssl genrsa 4096 > ca-key.pem
#openssl req -new -x509 -nodes -days 109500 -key ca-key.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > ca-cert.pem
#
#openssl req -newkey rsa:4096 -days 109500 -nodes -keyout server-key-pkcs8.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > server-req.pem
#openssl rsa -in server-key-pkcs8.pem -out server-key.pem
#openssl x509 -req -in server-req.pem -days 109500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
#
#openssl req -newkey rsa:4096 -days 109500 -nodes -keyout client-key-pkcs8.pem -subj "/C=MD/ST=mariadb/L=mariadb/O=DB/CN=mariadb.{{inventory_hostname}}" > client-req.pem
#openssl rsa -in client-key-pkcs8.pem -out client-key.pem
#openssl x509 -req -in client-req.pem -days 109500 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem
#
#chmod 400 *.pem
#chown 999 *.pem
backup: yes
validate: /bin/bash -n %s
@ -106,7 +113,7 @@
block: |
[mariadbd]
ssl=1
ssl-ca=/etc/mysql/ca-cert.pem
#ssl-ca=/etc/mysql/ca-cert.pem
ssl-cert=/etc/mysql/server-cert.pem
ssl-key=/etc/mysql/server-key.pem
backup: yes
@ -125,11 +132,11 @@
// Use SSL for connection
$cfg['Servers'][$i]['ssl'] = true;
// Client secret key
$cfg['Servers'][$i]['ssl_key'] = '/etc/phpmyadmin/client-key.pem';
//$cfg['Servers'][$i]['ssl_key'] = '/etc/phpmyadmin/client-key.pem';
// Client certificate
$cfg['Servers'][$i]['ssl_cert'] = '/etc/phpmyadmin/client-cert.pem';
//$cfg['Servers'][$i]['ssl_cert'] = '/etc/phpmyadmin/client-cert.pem';
// Server certification authority
$cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ca-cert.pem';
//$cfg['Servers'][$i]['ssl_ca'] = '/etc/phpmyadmin/ca-cert.pem';
// Disable SSL verification
//$cfg['Servers'][$i]['ssl_verify'] = false;
backup: yes
@ -158,7 +165,7 @@
- /etc/localtime:/etc/localtime:ro
- /home/docker/_defaults/mariadb/99-server.cnf:/etc/mysql/mariadb.conf.d/99-server.cnf:ro
- ./ssl.cnf:/etc/mysql/mariadb.conf.d/99-ssl.cnf:ro
- ./ssl/ca-cert.pem:/etc/mysql/ca-cert.pem:ro
#- ./ssl/ca-cert.pem:/etc/mysql/ca-cert.pem:ro
- ./ssl/server-cert.pem:/etc/mysql/server-cert.pem:ro
- ./ssl/server-key.pem:/etc/mysql/server-key.pem:ro
env_file:
@ -177,9 +184,9 @@
volumes:
- /etc/localtime:/etc/localtime:ro
- ./phpmyadmin-config.user.inc.php:/etc/phpmyadmin/config.user.inc.php:ro
- ./ssl/ca-cert.pem:/etc/phpmyadmin/ca-cert.pem:ro
- ./ssl/client-cert.pem:/etc/phpmyadmin/client-cert.pem:ro
- ./ssl/client-key.pem:/etc/phpmyadmin/client-key.pem:ro
#- ./ssl/ca-cert.pem:/etc/phpmyadmin/ca-cert.pem:ro
#- ./ssl/client-cert.pem:/etc/phpmyadmin/client-cert.pem:ro
#- ./ssl/client-key.pem:/etc/phpmyadmin/client-key.pem:ro
networks:
- mariadb.{{inventory_hostname}}--network
- traefik