crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

Minor fixes on reverse proxy

certbot_on_virtu
Alexandre Iooss 2020-05-02 13:03:29 +02:00
parent 3d80f71646
commit 0a50480ad7
No known key found for this signature in database
GPG Key ID: 6C79278F3FCDCC02
6 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
network.yml
View File

@ -50,7 +50,7 @@
- bind-authoritative
# Deploy reverse proxy
- hosts: bakdaur.adm.crans.org
- hosts: bakdaur.adm.crans.org,sputnik.adm.crans.org
vars:
certbot:
dns_rfc2136_name: certbot_challenge.
@ -93,7 +93,6 @@
- {from: www.crans.org, to: 10.231.136.46}
- {from: doc.crans.org, to: 10.231.136.46}
- {from: limesurvey.crans.org, to: 10.231.136.253}
- {from: lutim.crans.org, to: 10.231.136.69}
- {from: perso.crans.org, to: 10.231.136.1}
- {from: webnews.crans.org, to: 10.231.136.63}
- {from: re2o.crans.org, to: 10.231.136.9}

5
roles/certbot/tasks/main.yml
View File

@ -22,6 +22,11 @@
mode: 0600
owner: root
- name: Create /etc/letsencrypt/conf.d
file:
path: /etc/letsencrypt/conf.d
state: directory
- name: Add Certbot configuration
template:
src: "letsencrypt/conf.d/certname.ini.j2"

10
roles/nginx-reverseproxy/tasks/main.yml
View File

@ -2,11 +2,19 @@
- name: Install NGINX
apt:
update_cache: true
name: nginx
name:
- nginx
- python3-certbot-nginx # for options-ssl-nginx.conf
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Copy certbot SSL snippet
copy:
remote_src: true
src: /usr/lib/python3/dist-packages/certbot_nginx/options-ssl-nginx.conf
dest: /etc/letsencrypt/options-ssl-nginx.conf
- name: Copy reverse proxy sites
template:
src: "nginx/{{ item }}.j2"

2
roles/nginx-reverseproxy/templates/nginx/redirect.j2
View File

@ -43,6 +43,7 @@ server {
{% for dname in nginx.redirect_dnames %}
{% for site in nginx.redirect_sites %}
{% set from = site.from | regex_replace('crans.org', dname) %}
{% if from != site.from %}
# Redirect http://{{ from }} to http://{{ site.to }}
server {
listen 80;
@ -79,5 +80,6 @@ server {
}
}
{% endif %}
{% endfor %}
{% endfor %}

2
roles/nginx-reverseproxy/templates/nginx/reverseproxy.j2
View File

@ -4,7 +4,7 @@
# Redirect http://{{ site.from }} to https://{{ site.from }}
server {
listen 80;
listen [::]:80
listen [::]:80;
server_name {{ site.from }};

2
roles/nginx-reverseproxy/templates/nginx/reverseproxy_redirect_dname.j2
View File

@ -4,6 +4,7 @@
{% for site in nginx.reverseproxy_sites %}
{% set from = site.from | regex_replace('crans.org', dname) %}
{% set to = site.from %}
{% if from != site.from %}
# Redirect http://{{ from }} to http://{{ to }}
server {
listen 80;
@ -40,5 +41,6 @@ server {
}
}
{% endif %}
{% endfor %}
{% endfor %}