Merge pull request #280 from marioqxx/main

Fix a bug in nc_apache2.j2 template concerning intermed-CA. Remove ansible-lint warnings and add config-variable needed for SSO to nc_apache2.j2 template.
nextcloud · Jun 28, 2023 · 89326cb · 89326cb
2 parents 640a5e3 + 2febd3b
commit 89326cb
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 14 deletions.
diff --git a/roles/install_nextcloud/tasks/tls_installed.yml b/roles/install_nextcloud/tasks/tls_installed.yml
@@ -7,7 +7,7 @@
   ansible.builtin.set_fact:
     nextcloud_tls_cert_key_file: "{{ nextcloud_tls_cert_key }}"
 
-- name: "[INSTALLED TLS] - Define certificate chain  path"
+- name: "[INSTALLED TLS] - Define certificate chain path"
   ansible.builtin.set_fact:
-    nextcloud_tls_cert_chain_file: "{{ nextcloud_tls_cert_chain }}"
+    nextcloud_tls_chain_file: "{{ nextcloud_tls_cert_chain }}"
   when: nextcloud_tls_cert_chain is defined
diff --git a/roles/install_nextcloud/tasks/tls_signed.yml b/roles/install_nextcloud/tasks/tls_signed.yml
@@ -12,7 +12,7 @@
     nextcloud_tls_chain_file: "{{ nextcloud_tls_chain_file | default(cert_path + nextcloud_instance_name + \".pem\") }}"
   when: nextcloud_tls_src_chain is defined
 
-- name: "[SIGNED TLS] - Copy certificate to the host"
+- name: "[SIGNED TLS] - Copy certificate file for apache2 to the host"
   ansible.builtin.copy:
     dest: "{{ nextcloud_tls_cert_file }}"
     src: "{{ nextcloud_tls_src_cert }}"
@@ -36,21 +36,23 @@
     - nextcloud_tls_src_chain is defined
     - nextcloud_websrv in ["nginx"]
 
-- name: "[SIGNED TLS] - Key is copied to the host"
+- name: "[SIGNED TLS] - Copy certificate chain file for apache2 to the host"
   ansible.builtin.copy:
-    dest: "{{ nextcloud_tls_cert_key_file }}"
-    src: "{{ nextcloud_tls_src_cert_key }}"
+    dest: "{{ nextcloud_tls_chain_file }}"
+    src: "{{ nextcloud_tls_src_chain }}"
     owner: "{{ nextcloud_websrv_user }}"
     group: "{{ nextcloud_websrv_group }}"
-    mode: "0400"
+    mode: 0400
     force: false
+  when:
+    - nextcloud_tls_src_chain is defined
+    - nextcloud_websrv not in ["nginx"]
 
-- name: "[SIGNED TLS] - Certificate chain is copied to the host"
+- name: "[SIGNED TLS] - Key is copied to the host"
   ansible.builtin.copy:
-    dest: "{{ nextcloud_tls_chain_file }}"
-    src: "{{ nextcloud_tls_src_chain }}"
+    dest: "{{ nextcloud_tls_cert_key_file }}"
+    src: "{{ nextcloud_tls_src_cert_key }}"
     owner: "{{ nextcloud_websrv_user }}"
     group: "{{ nextcloud_websrv_group }}"
-    mode: "0640"
+    mode: 0400
     force: false
-  when: nextcloud_tls_src_chain is defined
diff --git a/roles/install_nextcloud/templates/apache2_nc.j2 b/roles/install_nextcloud/templates/apache2_nc.j2
@@ -46,12 +46,13 @@
   DocumentRoot {{ nextcloud_webroot }}
   {% if (nextcloud_max_upload_size_in_bytes|int) <= 2147483647-%}
   LimitRequestBody {{ nextcloud_max_upload_size_in_bytes }}
+  LimitRequestFieldsize 32768
   {% endif -%}
   SSLEngine on
   SSLCertificateFile      {{ nextcloud_tls_cert_file }}
   SSLCertificateKeyFile   {{ nextcloud_tls_cert_key_file }}
-{% if nextcloud_tls_cert_chain_file is defined %}
-  SSLCertificateChainFile {{ nextcloud_tls_cert_chain_file }}
+{% if nextcloud_tls_chain_file is defined %}
+  SSLCertificateChainFile {{ nextcloud_tls_chain_file }}
 {% endif %}
 
   # enable HTTP/2, if available