[nginx] Fix nginx template, this is now usable
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>certbot_on_virtu
parent
a9897ec3c0
commit
2b8e0dbbff
|
|
@ -25,7 +25,10 @@ loc_nginx:
|
|||
- filter: "~ ^/$"
|
||||
params:
|
||||
- "return 302 https://lists.crans.org/listinfo"
|
||||
- filter: "~ ^/admin"
|
||||
- filter: "/"
|
||||
params:
|
||||
- "include \"/etc/nginx/snippets/fastcgi.conf\""
|
||||
- filter: "~ ^/listinfo"
|
||||
params:
|
||||
- "satisfy any"
|
||||
- "include \"/etc/nginx/snippets/fastcgi.conf\""
|
||||
|
|
|
|||
|
|
@ -1,13 +1,19 @@
|
|||
---
|
||||
glob_nginx:
|
||||
contact: contact@crans.org
|
||||
who: "L'équipe technique du Cr@ns"
|
||||
ssl:
|
||||
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
|
||||
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
|
||||
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
|
||||
default_server:
|
||||
default_ssl_server:
|
||||
servers:
|
||||
ssl: false
|
||||
server_name:
|
||||
- "default"
|
||||
- "_"
|
||||
root: "/var/www/html"
|
||||
locations:
|
||||
- filter: "/"
|
||||
upstreams: []
|
||||
|
|
|
|||
|
|
@ -6,8 +6,6 @@ certbot:
|
|||
domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
|
||||
|
||||
nginx:
|
||||
contact: contact@crans.org
|
||||
who: "l'équipe technique du Cr@ns"
|
||||
ssl:
|
||||
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
|
||||
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@
|
|||
template:
|
||||
src: "nginx/sites-available/{{ item }}.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- reverseproxy
|
||||
- reverseproxy_redirect_dname
|
||||
|
|
@ -49,6 +50,7 @@
|
|||
template:
|
||||
src: "nginx/sites-available/service.j2"
|
||||
dest: "/etc/nginx/sites-available/service"
|
||||
mode: 0644
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Activate local nginx service site
|
||||
|
|
@ -64,12 +66,18 @@
|
|||
template:
|
||||
src: www/html/50x.html.j2
|
||||
dest: /var/www/html/50x.html
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: 0644
|
||||
|
||||
- name: Copy robots.txt file
|
||||
when: nginx.deploy_robots_file
|
||||
template:
|
||||
src: www/html/robots.txt.j2
|
||||
dest: /var/www/html/robots.txt
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: 0644
|
||||
|
||||
- name: Indicate role in motd
|
||||
template:
|
||||
|
|
@ -89,3 +97,6 @@
|
|||
template:
|
||||
src: www/html/401.html.j2
|
||||
dest: /var/www/html/401.html
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: 0644
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{{ ansible_header | comment }}
|
||||
{% for user, hash in nginx.auth_passwd -%}
|
||||
{% for user, hash in nginx.auth_passwd.items() -%}
|
||||
{{ user }}: {{ hash }}
|
||||
{% endfor -%}
|
||||
|
|
|
|||
|
|
@ -7,14 +7,14 @@ upstream {{ upstream.name }} {
|
|||
}
|
||||
{% endfor -%}
|
||||
|
||||
{% if nginx.default_ssl_host -%}
|
||||
{% if nginx.default_ssl_server -%}
|
||||
# Redirect all services to the main site
|
||||
server {
|
||||
listen 443 default_server ssl;
|
||||
listen [::]:443 default_server ssl;
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
|
||||
server_name {{ ngix.default_ssl_server }};
|
||||
server_name {{ nginx.default_ssl_server }};
|
||||
charset utf-8;
|
||||
|
||||
# Hide Nginx version
|
||||
|
|
@ -51,20 +51,20 @@ server {
|
|||
listen 80 default;
|
||||
listen [::]:80 default;
|
||||
|
||||
server_name {{ server.server_name|join:" " }};
|
||||
server_name {{ server.server_name|join(" ") }};
|
||||
charset utf-8;
|
||||
|
||||
# Hide Nginx version
|
||||
server_tokens off;
|
||||
|
||||
location / {
|
||||
return 302 https://{{ server.server_name }}$request_uri;
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
{% endif -%}
|
||||
|
||||
server {
|
||||
{% if server.ssl -%}
|
||||
{% if server.ssl is defined and server.ssl -%}
|
||||
listen 443 default_server ssl;
|
||||
listen [::]:443 default_server ssl;
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
|
|
@ -73,32 +73,35 @@ server {
|
|||
listen [::]:80 default;
|
||||
{% endif -%}
|
||||
|
||||
server_name {{ server.server_name }};
|
||||
server_name {{ server.server_name|join(" ") }};
|
||||
charset utf-8;
|
||||
|
||||
# Hide Nginx version
|
||||
server_tokens off;
|
||||
|
||||
{% if server.root -%}
|
||||
{% if server.root is defined -%}
|
||||
root {{ server.root }};
|
||||
{% endif -%}
|
||||
{% if server.index -%}
|
||||
index {{ server.index|join:" " }};
|
||||
{% if server.index is defined -%}
|
||||
index {{ server.index|join(" ") }};
|
||||
{% endif -%}
|
||||
|
||||
{% if server.access_log -%}
|
||||
{% if server.access_log is defined -%}
|
||||
access_log {{ server.access_log }};
|
||||
{% endif -%}
|
||||
{% if server.error_log -%}
|
||||
{% if server.error_log is defined -%}
|
||||
error_log {{ server.error_log }};
|
||||
{% endif -%}
|
||||
|
||||
{% if server.locations is defined -%}
|
||||
|
||||
{% for location in server.locations -%}
|
||||
location {{ location.filter }} {
|
||||
{% for param in params -%}
|
||||
{% for param in location.params -%}
|
||||
{{ param }};
|
||||
{% endfor -%}
|
||||
}
|
||||
{% endfor -%}
|
||||
{% endif -%}
|
||||
}
|
||||
{% endfor %}
|
||||
|
|
|
|||
Loading…
Reference in New Issue