crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Minor fixes on reverse proxy

certbot_on_virtu
Alexandre Iooss 2020-05-02 13:03:29 +02:00
parent 3d80f71646
commit 0a50480ad7
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
6 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
network.yml
View File

@ -50,7 +50,7 @@
- bind-authoritative - bind-authoritative
# Deploy reverse proxy # Deploy reverse proxy
- hosts: bakdaur.adm.crans.org - hosts: bakdaur.adm.crans.org,sputnik.adm.crans.org
vars: vars:
certbot: certbot:
dns_rfc2136_name: certbot_challenge. dns_rfc2136_name: certbot_challenge.
@ -93,7 +93,6 @@
- {from: www.crans.org, to: 10.231.136.46} - {from: www.crans.org, to: 10.231.136.46}
- {from: doc.crans.org, to: 10.231.136.46} - {from: doc.crans.org, to: 10.231.136.46}
- {from: limesurvey.crans.org, to: 10.231.136.253} - {from: limesurvey.crans.org, to: 10.231.136.253}
- {from: lutim.crans.org, to: 10.231.136.69}
- {from: perso.crans.org, to: 10.231.136.1} - {from: perso.crans.org, to: 10.231.136.1}
- {from: webnews.crans.org, to: 10.231.136.63} - {from: webnews.crans.org, to: 10.231.136.63}
- {from: re2o.crans.org, to: 10.231.136.9} - {from: re2o.crans.org, to: 10.231.136.9}

5
roles/certbot/tasks/main.yml
View File

@ -22,6 +22,11 @@
mode: 0600 mode: 0600
owner: root owner: root
- name: Create /etc/letsencrypt/conf.d
file:
path: /etc/letsencrypt/conf.d
state: directory
- name: Add Certbot configuration - name: Add Certbot configuration
template: template:
src: "letsencrypt/conf.d/certname.ini.j2" src: "letsencrypt/conf.d/certname.ini.j2"

10
roles/nginx-reverseproxy/tasks/main.yml
View File

@ -2,11 +2,19 @@
- name: Install NGINX - name: Install NGINX
apt: apt:
update_cache: true update_cache: true
name: nginx name:
- nginx
- python3-certbot-nginx # for options-ssl-nginx.conf
register: apt_result register: apt_result
retries: 3 retries: 3
until: apt_result is succeeded until: apt_result is succeeded
- name: Copy certbot SSL snippet
copy:
remote_src: true
src: /usr/lib/python3/dist-packages/certbot_nginx/options-ssl-nginx.conf
dest: /etc/letsencrypt/options-ssl-nginx.conf
- name: Copy reverse proxy sites - name: Copy reverse proxy sites
template: template:
src: "nginx/{{ item }}.j2" src: "nginx/{{ item }}.j2"

2
roles/nginx-reverseproxy/templates/nginx/redirect.j2
View File

@ -43,6 +43,7 @@ server {
{% for dname in nginx.redirect_dnames %} {% for dname in nginx.redirect_dnames %}
{% for site in nginx.redirect_sites %} {% for site in nginx.redirect_sites %}
{% set from = site.from | regex_replace('crans.org', dname) %} {% set from = site.from | regex_replace('crans.org', dname) %}
{% if from != site.from %}
# Redirect http://{{ from }} to http://{{ site.to }} # Redirect http://{{ from }} to http://{{ site.to }}
server { server {
listen 80; listen 80;
@ -79,5 +80,6 @@ server {
} }
} }
{% endif %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}

2
roles/nginx-reverseproxy/templates/nginx/reverseproxy.j2
View File

@ -4,7 +4,7 @@
# Redirect http://{{ site.from }} to https://{{ site.from }} # Redirect http://{{ site.from }} to https://{{ site.from }}
server { server {
listen 80; listen 80;
listen [::]:80 listen [::]:80;
server_name {{ site.from }}; server_name {{ site.from }};

2
roles/nginx-reverseproxy/templates/nginx/reverseproxy_redirect_dname.j2
View File

@ -4,6 +4,7 @@
{% for site in nginx.reverseproxy_sites %} {% for site in nginx.reverseproxy_sites %}
{% set from = site.from | regex_replace('crans.org', dname) %} {% set from = site.from | regex_replace('crans.org', dname) %}
{% set to = site.from %} {% set to = site.from %}
{% if from != site.from %}
# Redirect http://{{ from }} to http://{{ to }} # Redirect http://{{ from }} to http://{{ to }}
server { server {
listen 80; listen 80;
@ -40,5 +41,6 @@ server {
} }
} }
{% endif %}
{% endfor %} {% endfor %}
{% endfor %} {% endfor %}