[nginx] Fix nginx template, this is now usable
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>certbot_on_virtu
parent
a9897ec3c0
commit
2b8e0dbbff
|
|
@ -25,7 +25,10 @@ loc_nginx:
|
||||||
- filter: "~ ^/$"
|
- filter: "~ ^/$"
|
||||||
params:
|
params:
|
||||||
- "return 302 https://lists.crans.org/listinfo"
|
- "return 302 https://lists.crans.org/listinfo"
|
||||||
- filter: "~ ^/admin"
|
- filter: "/"
|
||||||
|
params:
|
||||||
|
- "include \"/etc/nginx/snippets/fastcgi.conf\""
|
||||||
|
- filter: "~ ^/listinfo"
|
||||||
params:
|
params:
|
||||||
- "satisfy any"
|
- "satisfy any"
|
||||||
- "include \"/etc/nginx/snippets/fastcgi.conf\""
|
- "include \"/etc/nginx/snippets/fastcgi.conf\""
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,19 @@
|
||||||
---
|
---
|
||||||
glob_nginx:
|
glob_nginx:
|
||||||
|
contact: contact@crans.org
|
||||||
|
who: "L'équipe technique du Cr@ns"
|
||||||
ssl:
|
ssl:
|
||||||
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
|
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
|
||||||
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
|
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
|
||||||
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
|
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
|
||||||
|
default_server:
|
||||||
|
default_ssl_server:
|
||||||
servers:
|
servers:
|
||||||
|
ssl: false
|
||||||
server_name:
|
server_name:
|
||||||
- "default"
|
- "default"
|
||||||
- "_"
|
- "_"
|
||||||
root: "/var/www/html"
|
root: "/var/www/html"
|
||||||
locations:
|
locations:
|
||||||
- filter: "/"
|
- filter: "/"
|
||||||
|
upstreams: []
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,6 @@ certbot:
|
||||||
domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
|
domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
|
||||||
|
|
||||||
nginx:
|
nginx:
|
||||||
contact: contact@crans.org
|
|
||||||
who: "l'équipe technique du Cr@ns"
|
|
||||||
ssl:
|
ssl:
|
||||||
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
|
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
|
||||||
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
|
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@
|
||||||
template:
|
template:
|
||||||
src: "nginx/sites-available/{{ item }}.j2"
|
src: "nginx/sites-available/{{ item }}.j2"
|
||||||
dest: "/etc/nginx/sites-available/{{ item }}"
|
dest: "/etc/nginx/sites-available/{{ item }}"
|
||||||
|
mode: 0644
|
||||||
loop:
|
loop:
|
||||||
- reverseproxy
|
- reverseproxy
|
||||||
- reverseproxy_redirect_dname
|
- reverseproxy_redirect_dname
|
||||||
|
|
@ -49,6 +50,7 @@
|
||||||
template:
|
template:
|
||||||
src: "nginx/sites-available/service.j2"
|
src: "nginx/sites-available/service.j2"
|
||||||
dest: "/etc/nginx/sites-available/service"
|
dest: "/etc/nginx/sites-available/service"
|
||||||
|
mode: 0644
|
||||||
notify: Reload nginx
|
notify: Reload nginx
|
||||||
|
|
||||||
- name: Activate local nginx service site
|
- name: Activate local nginx service site
|
||||||
|
|
@ -64,12 +66,18 @@
|
||||||
template:
|
template:
|
||||||
src: www/html/50x.html.j2
|
src: www/html/50x.html.j2
|
||||||
dest: /var/www/html/50x.html
|
dest: /var/www/html/50x.html
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Copy robots.txt file
|
- name: Copy robots.txt file
|
||||||
when: nginx.deploy_robots_file
|
when: nginx.deploy_robots_file
|
||||||
template:
|
template:
|
||||||
src: www/html/robots.txt.j2
|
src: www/html/robots.txt.j2
|
||||||
dest: /var/www/html/robots.txt
|
dest: /var/www/html/robots.txt
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
- name: Indicate role in motd
|
- name: Indicate role in motd
|
||||||
template:
|
template:
|
||||||
|
|
@ -89,3 +97,6 @@
|
||||||
template:
|
template:
|
||||||
src: www/html/401.html.j2
|
src: www/html/401.html.j2
|
||||||
dest: /var/www/html/401.html
|
dest: /var/www/html/401.html
|
||||||
|
owner: www-data
|
||||||
|
group: www-data
|
||||||
|
mode: 0644
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{{ ansible_header | comment }}
|
{{ ansible_header | comment }}
|
||||||
{% for user, hash in nginx.auth_passwd -%}
|
{% for user, hash in nginx.auth_passwd.items() -%}
|
||||||
{{ user }}: {{ hash }}
|
{{ user }}: {{ hash }}
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
|
|
|
||||||
|
|
@ -7,14 +7,14 @@ upstream {{ upstream.name }} {
|
||||||
}
|
}
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
|
|
||||||
{% if nginx.default_ssl_host -%}
|
{% if nginx.default_ssl_server -%}
|
||||||
# Redirect all services to the main site
|
# Redirect all services to the main site
|
||||||
server {
|
server {
|
||||||
listen 443 default_server ssl;
|
listen 443 default_server ssl;
|
||||||
listen [::]:443 default_server ssl;
|
listen [::]:443 default_server ssl;
|
||||||
include "/etc/nginx/snippets/options-ssl.conf";
|
include "/etc/nginx/snippets/options-ssl.conf";
|
||||||
|
|
||||||
server_name {{ ngix.default_ssl_server }};
|
server_name {{ nginx.default_ssl_server }};
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
|
||||||
# Hide Nginx version
|
# Hide Nginx version
|
||||||
|
|
@ -51,20 +51,20 @@ server {
|
||||||
listen 80 default;
|
listen 80 default;
|
||||||
listen [::]:80 default;
|
listen [::]:80 default;
|
||||||
|
|
||||||
server_name {{ server.server_name|join:" " }};
|
server_name {{ server.server_name|join(" ") }};
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
|
||||||
# Hide Nginx version
|
# Hide Nginx version
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 302 https://{{ server.server_name }}$request_uri;
|
return 302 https://$host$request_uri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
{% if server.ssl -%}
|
{% if server.ssl is defined and server.ssl -%}
|
||||||
listen 443 default_server ssl;
|
listen 443 default_server ssl;
|
||||||
listen [::]:443 default_server ssl;
|
listen [::]:443 default_server ssl;
|
||||||
include "/etc/nginx/snippets/options-ssl.conf";
|
include "/etc/nginx/snippets/options-ssl.conf";
|
||||||
|
|
@ -73,32 +73,35 @@ server {
|
||||||
listen [::]:80 default;
|
listen [::]:80 default;
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
server_name {{ server.server_name }};
|
server_name {{ server.server_name|join(" ") }};
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
|
|
||||||
# Hide Nginx version
|
# Hide Nginx version
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
||||||
{% if server.root -%}
|
{% if server.root is defined -%}
|
||||||
root {{ server.root }};
|
root {{ server.root }};
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
{% if server.index -%}
|
{% if server.index is defined -%}
|
||||||
index {{ server.index|join:" " }};
|
index {{ server.index|join(" ") }};
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
{% if server.access_log -%}
|
{% if server.access_log is defined -%}
|
||||||
access_log {{ server.access_log }};
|
access_log {{ server.access_log }};
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
{% if server.error_log -%}
|
{% if server.error_log is defined -%}
|
||||||
error_log {{ server.error_log }};
|
error_log {{ server.error_log }};
|
||||||
{% endif -%}
|
{% endif -%}
|
||||||
|
|
||||||
|
{% if server.locations is defined -%}
|
||||||
|
|
||||||
{% for location in server.locations -%}
|
{% for location in server.locations -%}
|
||||||
location {{ location.filter }} {
|
location {{ location.filter }} {
|
||||||
{% for param in params -%}
|
{% for param in location.params -%}
|
||||||
{{ param }};
|
{{ param }};
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
}
|
}
|
||||||
{% endfor -%}
|
{% endfor -%}
|
||||||
|
{% endif -%}
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue