added nginx, certbot, self_signed_certs role and removed galaxyextras…

… role

.github/workflows/single.sh

@@ -18,7 +18,6 @@ docker --version
 docker info
 
 # start building this repo
-git submodule update --init --recursive
 sudo chown 1450 /tmp && sudo chmod a=rwx /tmp
 
 ## define a container size check function, first parameter is the container name, second the max allowed size in MB
@@ -90,7 +89,7 @@ curl -v --fail $BIOBLEND_GALAXY_URL/api/version
 docker_run -d --name httpstest -p 443:443 -e "USE_HTTPS=True" $DOCKER_RUN_CONTAINER
 
 sleep 180s && curl -v -k --fail https://127.0.0.1:443/api/version
-echo | openssl s_client -connect 127.0.0.1:443 2>/dev/null | openssl x509 -issuer -noout| grep selfsigned
+echo | openssl s_client -connect 127.0.0.1:443 2>/dev/null | openssl x509 -issuer -noout| grep localhost
 
 docker logs httpstest && docker stop httpstest && docker rm httpstest
 

.travis.yml

@@ -38,7 +38,6 @@ before_install:
 
 
   # start building this repo
-  - git submodule update --init --recursive
   - sudo chown 1450 /tmp && sudo chmod a=rwx /tmp
   - export WORKING_DIR="$TRAVIS_BUILD_DIR"
   - export DOCKER_RUN_CONTAINER="quay.io/bgruening/galaxy"
@@ -109,7 +108,7 @@ script:
   - docker_run -d --name httpstest -p 443:443 -e "USE_HTTPS=True" $DOCKER_RUN_CONTAINER
 
   - sleep 180s && curl -v -k --fail https://127.0.0.1:443/api/version
-  - echo | openssl s_client -connect 127.0.0.1:443 2>/dev/null | openssl x509 -issuer -noout| grep selfsigned
+  - echo | openssl s_client -connect 127.0.0.1:443 2>/dev/null | openssl x509 -issuer -noout| grep localhost
 
   - docker logs httpstest && docker stop httpstest && docker rm httpstest
 

README.md

@@ -14,7 +14,7 @@ One of the main goals is to make the access to entire tool suites as easy as pos
 this includes the setup of a public available web-service that needs to be maintained, or that the Tool-user needs to either setup a Galaxy Server by its own or to have Admin access to a local Galaxy server.
 With docker, tool developers can create their own Image with all dependencies and the user only needs to run it within docker.
 
-The Image is based on [Ubuntu 14.04 LTS](http://releases.ubuntu.com/14.04/) and all recommended Galaxy requirements are installed. The following chart should illustrate the [Docker](http://www.docker.io) image hierarchy we have build to make is as easy as possible to build on different layers of our stack and create many exciting Galaxy flavors.
+The Image is based on [Ubuntu 22.04 LTS](http://releases.ubuntu.com/22.04/) and all recommended Galaxy requirements are installed. The following chart should illustrate the [Docker](http://www.docker.io) image hierarchy we have build to make is as easy as possible to build on different layers of our stack and create many exciting Galaxy flavors.
 
 ![Docker hierarchy](https://raw.githubusercontent.com/bgruening/docker-galaxy-stable/master/chart.png)
 
@@ -757,7 +757,7 @@ Letsencrypt with the following environment variables:
 
 | Name   | Description   |
 |---|---|
-| `USE_HTTPS` | Set `USE_HTTPS=True` to set up HTTPS via self-signed certificates. If you have your own certificates, copy them to `/export/{server.key,server.crt}`. |
+| `USE_HTTPS` | Set `USE_HTTPS=True` to set up HTTPS via self-signed certificates (CN is set to the value of `GALAXY_DOMAIN` variable, defaulting to `localhost` if no value is provided). If you have your own certificates, copy them to `/export/{server.key,server.crt}`. |
 | `USE_HTTPS_LETSENCRYPT` | Set `USE_HTTPS_LETSENCRYPT=True` to automatically set up HTTPS using Letsencrypt as a certificate authority. (Requires you to also set `GALAXY_DOMAIN`) Note: only set one of `USE_HTTPS` and `USE_HTTPS_LETSENCRYPT` to true. |
 | `GALAXY_DOMAIN` | Set `GALAXY_DOMAIN=<your_domain>` so that Letsencrypt can test your that you own the domain you claim to own in order to issue you your HTTPS cert. |
 
@@ -930,18 +930,16 @@ RabbitMQ is configured with:
 
 # Development <a name="Development" /> [[toc]](#toc)
 
-This repository uses a git submodule to include [Ansible roles](https://github.com/galaxyproject/ansible-galaxy-extras) maintained by the Galaxy project.
-
-You can clone this repository and the Ansible submodule with:
+You can clone this repository with:
 
 ```sh
 git clone --recursive https://github.com/bgruening/docker-galaxy-stable.git
 ```
 
-Updating already existing submodules is possible with:
+This repository uses various [Ansible](http://www.ansible.com/) roles as specified in [requirements.yml](galaxy/ansible/requirements.yml) to manage configurations and dependencies. You can install these roles with the following command:
 
 ```sh
-git submodule update --init --recursive
+cd galaxy/ansible/ && ansible-galaxy install -r requirements.yml -p roles
 ```
 
 If you simply want to change the Galaxy repository and/or the Galaxy branch, from which the container is build you can do this with Docker `--build-arg` during the `docker build` step. For example you can use these parameters during container build:

galaxy/Dockerfile

@@ -4,7 +4,7 @@
 
 FROM ubuntu:22.04
 
-MAINTAINER Björn A. Grüning, [email protected]
+LABEL maintainer="Björn A. Grüning <[email protected]>"
 
 # TODO
 #
@@ -92,7 +92,6 @@ RUN groupadd -r postgres -g $GALAXY_POSTGRES_GID \
     && useradd -u $GALAXY_UID -r -g $GALAXY_USER -d $GALAXY_HOME -c "Galaxy user" --shell /bin/bash $GALAXY_USER \
     && mkdir $EXPORT_DIR $GALAXY_HOME $GALAXY_LOGS_DIR && chown -R $GALAXY_USER:$GALAXY_USER $GALAXY_HOME $EXPORT_DIR $GALAXY_LOGS_DIR \
     && apt-get -qq update && apt-get install --no-install-recommends -y curl sudo ca-certificates nano git gridengine-common gridengine-drmaa1.0 libswitch-perl \
-    && apt-get install nginx-extras nginx-common --no-install-recommends -y \
     # cleanup dance
     && find /usr/lib/ -name '*.pyc' -delete \
     && rm -rf /tmp/* /root/.cache/ /var/cache/* $GALAXY_ROOT_DIR/client/node_modules/ $GALAXY_VIRTUAL_ENV/src/ /home/galaxy/.cache/ /home/galaxy/.npm/
@@ -155,19 +154,14 @@ ADD ansible/ /ansible/
 # Install ansible and related dependencies
 RUN apt update -qq && apt install --no-install-recommends -y software-properties-common dirmngr gpg gpg-agent bsdmainutils \
     && sudo add-apt-repository ppa:ansible/ansible-7 \
+    && apt install --no-install-recommends -y ansible \
     # Make python3 standard
     && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 \
-    && apt install --no-install-recommends -y ansible \
     && apt purge -y systemd && apt-get autoremove -y && apt-get clean
 
 # Install ansible roles
 RUN ansible-galaxy install -r /ansible/requirements.yml -p /ansible/roles
 
-# to be removed after adding nginx role
-RUN ansible-playbook /ansible/nginx.yml \
-    --extra-vars nginx_use_remote_header=True \
-    --tags=nginx,proxy_prefix -c local
-
 # Install flower separately as systemd tasks (tagged with 'service') have to be skipped
 RUN export PATH=$GALAXY_CONDA_PREFIX/bin/:$PATH \
     && ansible-playbook /ansible/flower.yml --skip-tags service \
@@ -205,12 +199,10 @@ RUN mkdir -p /shed_tools $GALAXY_CONFIG_TUS_UPLOAD_STORE \
     --extra-vars tus_upload_store_path=$GALAXY_CONFIG_TUS_UPLOAD_STORE \
     --extra-vars gx_it_proxy_sessions_path=$GALAXY_CONFIG_INTERACTIVETOOLS_MAP \
     && . $GALAXY_VIRTUAL_ENV/bin/activate \
-    && pip install WeasyPrint \
+    && pip install weasyprint>=61.2 \
     && deactivate \
-    # this is needed here again to install any conditional dependencies
-    && cd $GALAXY_ROOT_DIR && ./scripts/common_startup.sh \
-    && cd config && find . -name 'node_modules' -type d -prune -exec rm -rf '{}' + \
-    && find . -name '.cache' -type d -prune -exec rm -rf '{}' + \
+    && find $GALAXY_ROOT_DIR/config -name 'node_modules' -type d -prune -exec rm -rf '{}' + \
+    && find $GALAXY_ROOT_DIR/config -name '.cache' -type d -prune -exec rm -rf '{}' + \
     && apt purge software-properties-common dirmngr gpg gpg-agent -y && apt-get autoremove -y && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ~/.cache/ \
     # cleanup dance
     && find $GALAXY_ROOT_DIR/ -name '*.pyc' -delete | true \
@@ -338,7 +330,8 @@ ENV SUPERVISOR_POSTGRES_AUTOSTART=False \
     GRAVITY_MANAGE_TUSD=True \
     GRAVITY_MANAGE_REPORTS=True \
     HOST_DOCKER_LEGACY= \
-    STARTUP_EXPORT_USER_FILES=True
+    STARTUP_EXPORT_USER_FILES=True \
+    LOAD_GALAXY_CONDITIONAL_DEPENDENCIES=True
 
 ENTRYPOINT ["/sbin/tini", "--"]
 

galaxy/ansible/files/nginx_sample.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE7TCCAtWgAwIBAgIUHBIplAOVmxyIRH51KvXuSWydCj8wDQYJKoZIhvcNAQEL
+BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MTEwNjIzMDU1NVoXDTM0MTEw
+NDIzMDU1NVowFDESMBAGA1UEAwwJbG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA1kSpfexOnDQvNDwSg/4Cjv13+41VF2RgJdpk0n1iBz92
+GKEl7SEh+nhUFinn+CKv2EaNQ7Nv5/+BNoPbBvS8Gm7ZtGt+cFXqRy4ka5It68sq
+bwZadmAGwksJbvcizs5D6XS3BPIB2FrxvBbhzOj+oDYxC3HItIgYwV0+Gv/GBDCi
+F4+b9dO//gfR1ywqsvGczaaMBkbhuOZ2WZph9nFEcdHgNEzLn/HJsYZv0crrFjCL
+o7+FWsYIdM1wNP2bkpPzRFpB1ujxfl9xxH4pTc06sHIKivnoVMs5VvsqdWtosJi/
+s84ALuofPDKuGN2JaTA8e0MVnC2ZxOcDFUtR/WvN8rkUMcNnP8nKJGlFuDRbVMCq
+MrzxglAUeOCc4sjOZxvSlCGa44xGUCvpiVvE9pVO0pNTXQGlNlC9DWnhO4VkOZf7
+rnx2a9u707g3GbyfjJfMmZIn3jZTpbOe+6JVgtgrxATa9g8aYKWVOe5HzJywgTkC
+ktNWcqZr4Kx4lKTM4so4dbsZe3pwHBi+XeInUzwEhFcbcP3UUZXpRmzOX7vIkd6+
+VVR1WwaWwOAEUx872chHLqabrFMWeQLa64vUeG/A82ltFD03anzTBVr7dEkxczIS
+2Ljt5Bzc/5hhbev8s/0CCLhQy89EucnIs1Ow+Fwdc9Ue6Qn/OvVjw65hJRruxrUC
+AwEAAaM3MDUwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBTorI9k0nHV
+1OA4uCA6/ciE3gdgRDANBgkqhkiG9w0BAQsFAAOCAgEAWYmTrc/h4kSv4W12JrTP
+mzMF5qGRUK5YBTxN656Pf9wENEMbZmWbCFu5e+Ewe+z3BCE/oZZFpHEx/mdT2ARO
+YbIXpw0THzrfRtwVRSlUDl7O2zt6DrT4AxIJzBLpf8TSWNSMIQwI/Hv1wewwClM9
+D7YM+S2WkwSu6jByXVfLCByjXsLLN25X16q+t7tnio6IMA2gB8XdnstMRzQmwQti
+dfki3mCSehuhDV6Ylj4Ln/JGkyJ648MzvGnl2J8l4FArR9E9Rzx0XEPbMiqZmYXq
+jPtBErrO4thXkgqr3TjLuxqt3RjG7cmmlsGY3oMtscs8QeNDhhCxoyWpz7ECmCpE
+43DtUMfLLf77XbDUSvakPAJ2ZdWl44+JgOS7v7CxiV6DFzRi5ZXfmx+KdZ3YakkV
+B6pvGHmxqy2uNAk2WX632BFa0OvGnYFF68x8flYQUOXVgC3B5/xMxWfy5JLC/jwE
+DFvLMZinxLiJIx9Bbn1PCPXNIk7waDK2Y1YYVj61tKupFEh470C1Rra/C+RP08Be
+5zJi0OZumpfCa+Hz4UDv9Cm6tTrrG/xwpicQidfPzkSublgzzW0Zvx/s6C+5Rqzm
+PLZw6l33bEQstPcJSxUmSNlaNwsUJxEGGNnAwfQq6vPTp0YJZ+xo0BUOeFpt7tdC
+pygM9OEmi1vuRknJr3vD+aM=
+-----END CERTIFICATE-----

galaxy/ansible/files/nginx_sample.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEA1kSpfexOnDQvNDwSg/4Cjv13+41VF2RgJdpk0n1iBz92GKEl
+7SEh+nhUFinn+CKv2EaNQ7Nv5/+BNoPbBvS8Gm7ZtGt+cFXqRy4ka5It68sqbwZa
+dmAGwksJbvcizs5D6XS3BPIB2FrxvBbhzOj+oDYxC3HItIgYwV0+Gv/GBDCiF4+b
+9dO//gfR1ywqsvGczaaMBkbhuOZ2WZph9nFEcdHgNEzLn/HJsYZv0crrFjCLo7+F
+WsYIdM1wNP2bkpPzRFpB1ujxfl9xxH4pTc06sHIKivnoVMs5VvsqdWtosJi/s84A
+LuofPDKuGN2JaTA8e0MVnC2ZxOcDFUtR/WvN8rkUMcNnP8nKJGlFuDRbVMCqMrzx
+glAUeOCc4sjOZxvSlCGa44xGUCvpiVvE9pVO0pNTXQGlNlC9DWnhO4VkOZf7rnx2
+a9u707g3GbyfjJfMmZIn3jZTpbOe+6JVgtgrxATa9g8aYKWVOe5HzJywgTkCktNW
+cqZr4Kx4lKTM4so4dbsZe3pwHBi+XeInUzwEhFcbcP3UUZXpRmzOX7vIkd6+VVR1
+WwaWwOAEUx872chHLqabrFMWeQLa64vUeG/A82ltFD03anzTBVr7dEkxczIS2Ljt
+5Bzc/5hhbev8s/0CCLhQy89EucnIs1Ow+Fwdc9Ue6Qn/OvVjw65hJRruxrUCAwEA
+AQKCAf8gSZuhrHbI4ElDmmH/c/j38/ceP1B3i0DRg5GbW2nGb424cjPYd6bVPqaP
+t1tmvLVh6wPD9j8wg8NMeFF9d/cqN0TS/+ogHMRcsqUmkuCGugjf9Pcm/6Rl9cq5
+AGReqc+25kmnDVaF8wA+VUtwvH+UQasGohDtLJdG47FVh2gTbEw1tAHaPlzCfnkA
+KvhbRi2ZBwx4GGkEjSuEVQ/xdiJP2KXG34ZxEDWi2Rcw9Jf7tHw4WiK3Tw2tW7sQ
+SlwSVzthUgEkPHJ19yD/gfDqKUXDg6Mn09YVVnNI6Lm5Jgw7DM4W/g0t60Dp+tTC
+ZLIv24OihQO+7yloi6MSgj3dQvmudbrGIaUQ3WuSVIeRyzlEBQRC6TfsIMNEIH7E
+GogW+uopWWMhdnZkesGzYRIMkOpkOiFd4gZ6zw7++IOB7SaiR7JkJnTVmFip4oDf
+tFXxxOOtZDlTpRzfjZggNzPm7Kyh4KFdKD27OdHwxpkl14GALtELncFCWBq6zt8g
+32HtFhMKTkjCjZ+oAe4X3PAZ2vISsKk7sEAebumy6E1xUAfDrfcXNN0rBz2jaMro
+SsdUeOsaaOQ3sB5KMyR04GvBdHsCI0rCEWJKtjxzbRkRryAftxXp1pOzDZg69xZO
+CFrNW+FrRLu19k6ZNuoToq7p7oSqwMSzj3BScD2EW+QL1PpJAoIBAQDkwyjL8/cL
+1gG52hodMjPUBXEQbQW6GDMvmt0rHUcX7tbpvfvidZuF35qPujVFsRIa/gQSH6sB
+VvIrarsioaqkNaRLBl1EmnF2JpGH1SJWw5yOt7FUpC95sqwWk5vkXdOxL3XCzLVy
+pIVbGKoy2bYe0lcYH804ggnTuGQYR7EkjSvv7/FpBZY2uDTzf3X2w5YzfaBQOuSF
+rzOMj7php61z/jA0POaVq6yr3mnZ0Hxk1aJfyX+a5mvKBGfChceIpcdzpNBuSpbS
+ZNKF4YBNmZ8ESd0qjUnBmtPg4h0gpOXR3wa86xHiboMoYyhor6eCo1yS33qxv6B+
+Xn1GzLGBkWJHAoIBAQDvx7YR91sAb/uwEHQB/nciXrynXEfjWC1fnDNiJMgF89Z9
+dUgEKPPeJNX7S8TrHNZryHBnLj4m8G3pWrIyJkTEvWZwr3jJKsl3x3ZTgS1LhkPZ
+KvXph6xlkpx+4BcDHFQX4B/mTOnsYZyIb0C71LMZ/vNE6J3WN5uVFtI7ShZDf6SJ
+GUKCBDckYXDaEAJ0WqK3b7Eu7wBhYjWq6EPTZxtudVMJkHvaLVJAPBUCgswtyE2o
+ETXoTExG4388XrPCQ/qosuUNPDm9pSMjTiWtDz0VQg+clJNdjTu7EfhqD2zx/sHM
+1KVJvoZUowrL5UdErKRJGoRvtev9ZIJl48m8a3EjAoIBAQDdaUKoPEXFL+nVvxH9
+ZiShtm6bTln3pwqLreEYpKq1sFZUP6x2oAvaA/Tt3XVIMbzrYSYBgKMbldKoURI0
+z7KAYubUMqG9D5p3l5bNmG02+vchbwt0d8D3kgZbh5yf6GxHFz9sPoP0JOZpqDK7
+KtrJdB4V3FndsobeY56FnYYHcZewEFVgp6ae6aVec+Rx5RYQWiv62zVpaoyDJG1p
+rUgFd2WiebtX66QhaRCcX9y2H8ub2EPoYdK74Y2nyaG5UXL9K+0Mgqb9ldXo/LwY
+33H4TaGBWOSlPTyLcW5ttQw3GBzGZuKVfQ723Ro0UKbZm1GzWhe/yFAHX17zUpUP
+ae5rAoIBAQDQ7SMn5G/WobycXLm4QxFrUUDwUugQn/RpKqFbEtF23lA2YMqvVT+o
+gFAy9oJOmoH6yFuojBJ7u2MJwY0jRVUGWEG6TirgnfeN9q6TdCsTc5oKz/QV17HP
+jz/tDTT/8N8VLqSc9secwDC0cLvm7h5guFUf5dAhp7JY5dmo75UWm1GyY+AfiazC
+dmTunKSG3bKKQzgPvRCHyhsZH+h5e43bYT9JRiukn3jbn35vAakG+1Eu8FAYaOLN
+ocxrvdjDnJf8BmSuc5ucMxe624zYjj6bF0SjGpKNIVK6XZ4mS+qRsXkMEP00lF5X
+wPjXUKAYppU/XWuoKsvFrp4wSZquIrAhAoIBAQCWE7gx9/Ao7hT5fq0ho+TVV7Cp
+5gnDlNVASexjOrVS8OuQntrKNbYrvcgdCivyxVXxi3HFoydHPg9U4VchrADj9qPL
+9BH3/BCZJPttGYVIfPThJCnj6kM11BuOSweG/nEU03N36XsxR4748RiRf+MyL2kX
+KxMEwt+RZvH5beqMLrbLuQ8ey7QNJx/XK3wYhl90q8eJgEFHaKz/LBB/Fwerj5mW
+f+5jNCbDg+ey7gUmYh8pHqc1KlI8orvRmYP2m2OJFXIHVY+O0U5k/lKXBndM8TpQ
+jzCf/N7e2g/7lkZKQhaMrfBsU1s9Ib2p7JuaOyeOKdN4qKURj8xtb3m6fymK
+-----END RSA PRIVATE KEY-----

galaxy/ansible/group_vars/all.yml

@@ -16,11 +16,8 @@ galaxy_pbs: false
 galaxy_k8s_jobs: false
 galaxy_supervisor: true
 galaxy_root: true
-galaxy_extra_dependencies: false
 galaxy_job_metrics: true
 galaxy_scripts: true
-galaxy_ssl: false
-galaxy_ssl_method: self-signed  # This may be 'own', 'self-signed' or 'letsencrypt'
 galaxy_domain: "localhost"  # This is used by letsencrypt and Interactive Tools, set it to the domain name under which galaxy can be reached
 galaxy_startup: true
 galaxy_rabbitmq: true
@@ -169,8 +166,8 @@ galaxy_it_fetch_neo: false
 galaxy_it_neo_image: quay.io/sanbi-sa/neo_ie:3.1.9
 
 # Nginx configuration.
-nginx_conf_path: /etc/nginx/nginx.conf
-nginx_conf_directory: /etc/nginx/conf.d
+nginx_conf_dir: /etc/nginx
+nginx_conf_file: "{{ nginx_conf_dir }}/nginx.conf"
 
 # Use nginx_*_location variables to control serving apps at subdirectories.
 # If galaxy should be served at subdirectory (e.g. example.com/galaxy) set nginx_galaxy_location: /galaxy
@@ -190,29 +187,35 @@ nginx_welcome_path: "/etc/galaxy/web"
 galaxy_errordocs_dest: "/root"
 
 #web security
-nginx_use_passwords: False
+nginx_use_passwords: false
 nginx_htpasswds:
   - "admin:WiBKbsJTSQ8dc"
-nginx_use_remote_header: False
+nginx_use_remote_header: true
 
 # Additional configurations to be appended to nginx config
 nginx_additional_config : []
 
-# Configure proxy to planemo-machine-web.
-nginx_serve_planemo_machine_web: false
+nginx_proxy_gunicorn: true
 nginx_proxy_reports: true
 nginx_proxy_rabbitmq_management: true
 nginx_proxy_flower: true
 nginx_proxy_interactive_tools: true
 
-nginx_ssl_certificate_key: /etc/ssl/private/nginx.key
-nginx_ssl_certificate: /etc/ssl/private/nginx.crt
-
-# Here you can set a path to a pair of ssl keys
-# These will be copied if galaxy_ssl_method is set to 'own'
-# This defaults to a set of self-generated keys
-src_nginx_ssl_certificate_key: nginx_sample.key
-src_nginx_ssl_certificate: nginx_sample.crt
+# Certbot Configuration.
+certbot_dir: "{{ galaxy_venv_dir }}"
+certbot_auto_renew_hour: "{{ 23 |random(seed=inventory_hostname)  }}"
+certbot_auto_renew_minute: "{{ 59 |random(seed=inventory_hostname)  }}"
+certbot_auth_method: --webroot
+certbot_install_method: virtualenv
+certbot_auto_renew: yes
+certbot_auto_renew_user: root
+certbot_environment: production
+certbot_well_known_root: "{{ nginx_conf_dir }}/_well-known_root"
+certbot_share_key_users:
+  - "{{ galaxy_user_name }}"
+certbot_post_renewal: |
+    supervisorctl restart nginx || true
+certbot_agree_tos: --agree-tos
 
 ## Proftp Configuration.
 proftpd_conf_path:  /etc/proftpd/proftpd.conf