From 0a50480ad7b1479bd3004af20aae7f0be6da6ec7 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 2 May 2020 13:03:29 +0200 Subject: [PATCH] Minor fixes on reverse proxy --- network.yml | 3 +-- roles/certbot/tasks/main.yml | 5 +++++ roles/nginx-reverseproxy/tasks/main.yml | 10 +++++++++- roles/nginx-reverseproxy/templates/nginx/redirect.j2 | 2 ++ .../nginx-reverseproxy/templates/nginx/reverseproxy.j2 | 2 +- .../templates/nginx/reverseproxy_redirect_dname.j2 | 2 ++ 6 files changed, 20 insertions(+), 4 deletions(-) diff --git a/network.yml b/network.yml index fdc49662..2bde72ff 100755 --- a/network.yml +++ b/network.yml @@ -50,7 +50,7 @@ - bind-authoritative # Deploy reverse proxy -- hosts: bakdaur.adm.crans.org +- hosts: bakdaur.adm.crans.org,sputnik.adm.crans.org vars: certbot: dns_rfc2136_name: certbot_challenge. @@ -93,7 +93,6 @@ - {from: www.crans.org, to: 10.231.136.46} - {from: doc.crans.org, to: 10.231.136.46} - {from: limesurvey.crans.org, to: 10.231.136.253} - - {from: lutim.crans.org, to: 10.231.136.69} - {from: perso.crans.org, to: 10.231.136.1} - {from: webnews.crans.org, to: 10.231.136.63} - {from: re2o.crans.org, to: 10.231.136.9} diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml index b32845cc..2e9c8b26 100644 --- a/roles/certbot/tasks/main.yml +++ b/roles/certbot/tasks/main.yml @@ -22,6 +22,11 @@ mode: 0600 owner: root +- name: Create /etc/letsencrypt/conf.d + file: + path: /etc/letsencrypt/conf.d + state: directory + - name: Add Certbot configuration template: src: "letsencrypt/conf.d/certname.ini.j2" diff --git a/roles/nginx-reverseproxy/tasks/main.yml b/roles/nginx-reverseproxy/tasks/main.yml index 3c95a8f7..1fee6a3c 100644 --- a/roles/nginx-reverseproxy/tasks/main.yml +++ b/roles/nginx-reverseproxy/tasks/main.yml @@ -2,11 +2,19 @@ - name: Install NGINX apt: update_cache: true - name: nginx + name: + - nginx + - python3-certbot-nginx # for options-ssl-nginx.conf register: apt_result retries: 3 until: apt_result is succeeded +- name: Copy certbot SSL snippet + copy: + remote_src: true + src: /usr/lib/python3/dist-packages/certbot_nginx/options-ssl-nginx.conf + dest: /etc/letsencrypt/options-ssl-nginx.conf + - name: Copy reverse proxy sites template: src: "nginx/{{ item }}.j2" diff --git a/roles/nginx-reverseproxy/templates/nginx/redirect.j2 b/roles/nginx-reverseproxy/templates/nginx/redirect.j2 index fb177b9a..4d60807e 100644 --- a/roles/nginx-reverseproxy/templates/nginx/redirect.j2 +++ b/roles/nginx-reverseproxy/templates/nginx/redirect.j2 @@ -43,6 +43,7 @@ server { {% for dname in nginx.redirect_dnames %} {% for site in nginx.redirect_sites %} {% set from = site.from | regex_replace('crans.org', dname) %} +{% if from != site.from %} # Redirect http://{{ from }} to http://{{ site.to }} server { listen 80; @@ -79,5 +80,6 @@ server { } } +{% endif %} {% endfor %} {% endfor %} diff --git a/roles/nginx-reverseproxy/templates/nginx/reverseproxy.j2 b/roles/nginx-reverseproxy/templates/nginx/reverseproxy.j2 index eab44a49..31c34462 100644 --- a/roles/nginx-reverseproxy/templates/nginx/reverseproxy.j2 +++ b/roles/nginx-reverseproxy/templates/nginx/reverseproxy.j2 @@ -4,7 +4,7 @@ # Redirect http://{{ site.from }} to https://{{ site.from }} server { listen 80; - listen [::]:80 + listen [::]:80; server_name {{ site.from }}; diff --git a/roles/nginx-reverseproxy/templates/nginx/reverseproxy_redirect_dname.j2 b/roles/nginx-reverseproxy/templates/nginx/reverseproxy_redirect_dname.j2 index 1affe511..8fc57808 100644 --- a/roles/nginx-reverseproxy/templates/nginx/reverseproxy_redirect_dname.j2 +++ b/roles/nginx-reverseproxy/templates/nginx/reverseproxy_redirect_dname.j2 @@ -4,6 +4,7 @@ {% for site in nginx.reverseproxy_sites %} {% set from = site.from | regex_replace('crans.org', dname) %} {% set to = site.from %} +{% if from != site.from %} # Redirect http://{{ from }} to http://{{ to }} server { listen 80; @@ -40,5 +41,6 @@ server { } } +{% endif %} {% endfor %} {% endfor %}