Minor fixes on reverse proxy

2020-05-02 13:03:29 +02:00 · 2020-05-02 13:03:29 +02:00 · 0a16ac0b0c
parent ee1cb0e86e
commit 0a16ac0b0c
6 changed files with 20 additions and 4 deletions
--- a/network.yml
+++ b/network.yml
@ -50,7 +50,7 @@
    - bind-authoritative

 # Deploy reverse proxy
- hosts: bakdaur.adm.crans.org
+- hosts: bakdaur.adm.crans.org,sputnik.adm.crans.org
  vars:
    certbot:
      dns_rfc2136_name: certbot_challenge.
@ -93,7 +93,6 @@
        - {from: www.crans.org, to: 10.231.136.46}
        - {from: doc.crans.org, to: 10.231.136.46}
        - {from: limesurvey.crans.org, to: 10.231.136.253}
-        - {from: lutim.crans.org, to: 10.231.136.69}
        - {from: perso.crans.org, to: 10.231.136.1}
        - {from: webnews.crans.org, to: 10.231.136.63}
        - {from: re2o.crans.org, to: 10.231.136.9}
--- a/roles/certbot/tasks/main.yml
+++ b/roles/certbot/tasks/main.yml
@ -22,6 +22,11 @@
    mode: 0600
    owner: root

+- name: Create /etc/letsencrypt/conf.d
+  file:
+    path: /etc/letsencrypt/conf.d
+    state: directory
+
 - name: Add Certbot configuration
  template:
    src: "letsencrypt/conf.d/certname.ini.j2"
--- a/roles/nginx-reverseproxy/tasks/main.yml
+++ b/roles/nginx-reverseproxy/tasks/main.yml
@ -2,11 +2,19 @@
 - name: Install NGINX
  apt:
    update_cache: true
-    name: nginx
+    name:
+      - nginx
+      - python3-certbot-nginx  # for options-ssl-nginx.conf
  register: apt_result
  retries: 3
  until: apt_result is succeeded

+- name: Copy certbot SSL snippet
+  copy:
+    remote_src: true
+    src: /usr/lib/python3/dist-packages/certbot_nginx/options-ssl-nginx.conf
+    dest: /etc/letsencrypt/options-ssl-nginx.conf
+
 - name: Copy reverse proxy sites
  template:
    src: "nginx/{{ item }}.j2"
--- a/roles/nginx-reverseproxy/templates/nginx/redirect.j2
+++ b/roles/nginx-reverseproxy/templates/nginx/redirect.j2
@ -43,6 +43,7 @@ server {
 {% for dname in nginx.redirect_dnames %}
 {% for site in nginx.redirect_sites %}
 {% set from = site.from | regex_replace('crans.org', dname) %}
+{% if from != site.from %}
 # Redirect http://{{ from }} to http://{{ site.to }}
 server {
    listen 80;
@ -79,5 +80,6 @@ server {
    }
 }

+{% endif %}
 {% endfor %}
 {% endfor %}
--- a/roles/nginx-reverseproxy/templates/nginx/reverseproxy.j2
+++ b/roles/nginx-reverseproxy/templates/nginx/reverseproxy.j2
@ -4,7 +4,7 @@
 # Redirect http://{{ site.from }} to https://{{ site.from }}
 server {
    listen 80;
-    listen [::]:80
+    listen [::]:80;

    server_name {{ site.from }};

--- a/roles/nginx-reverseproxy/templates/nginx/reverseproxy_redirect_dname.j2
+++ b/roles/nginx-reverseproxy/templates/nginx/reverseproxy_redirect_dname.j2
@ -4,6 +4,7 @@
 {% for site in nginx.reverseproxy_sites %}
 {% set from = site.from | regex_replace('crans.org', dname) %}
 {% set to = site.from %}
+{% if from != site.from %}
 # Redirect http://{{ from }} to http://{{ to }}
 server {
    listen 80;
@ -40,5 +41,6 @@ server {
    }
 }

+{% endif %}
 {% endfor %}
 {% endfor %}