33 lines
1.4 KiB
33 lines
1.4 KiB
5 years ago
|
---
|
||
|
|
||
|
- name: Handle Zimbra proxy ports
|
||
|
iptables_raw:
|
||
|
name: zcs_proxy_ports
|
||
|
state: present
|
||
|
rules: "{% if zcs_http_src_ip | length > 0 %}-A INPUT -m state --state NEW -p tcp -m multiport --dports 80,443 -s {{ zcs_http_src_ip | join(',') }} -j ACCEPT\n{% endif %}
|
||
|
{% if zcs_clients_src_ip | length > 0 %}-A INPUT -m state --state NEW -p tcp -m multiport --dports 110,995,143,993 -s {{ zcs_clients_src_ip | join(',') }} -j ACCEPT\n{% endif %}
|
||
|
{% if zcs_admin_src_ip | length > 0 %}-A INPUT -m state --state NEW -p tcp -m multiport --dports 9071 -s {{ zcs_admin_src_ip | join(',') }} -j ACCEPT{% endif %}"
|
||
|
when: iptables_manage | default(True)
|
||
|
tags: zcs
|
||
|
|
||
|
- name: Enable proxy for the admin interface
|
||
|
command: /opt/zimbra/bin/zmprov ms {{ inventory_hostname }} zimbraReverseProxyAdminEnabled TRUE
|
||
|
changed_when: False
|
||
|
become_user: zimbra
|
||
|
tags: zcs
|
||
|
|
||
|
- name: Build a list of vhosts to be used for Let's Encrypt cert
|
||
|
shell: |
|
||
|
for DOMAIN in $(/opt/zimbra/bin/zmprov getAllDomains); do
|
||
|
/opt/zimbra/bin/zmprov getDomain $DOMAIN zimbraVirtualHostname | perl -ne 'm/^zimbraVirtualHostname: (.*)/ && print "$1\n"'
|
||
|
done
|
||
|
become_user: zimbra
|
||
|
register: zcs_vhosts
|
||
|
changed_when: False
|
||
|
when: zcs_letsencrypt == True
|
||
|
tags: zcs
|
||
|
- set_fact: zcs_vhosts={{ zcs_vhosts.stdout_lines }}
|
||
|
when: zcs_vhosts.stdout_lines is defined
|
||
|
tags: zcs
|
||
|
|