fix an nginx bug and finish the config for certbot

This commit is contained in:
Jean-Marie Mineau 2020-10-13 09:39:01 +02:00
parent 090db33fcf
commit bbc6f107c2
3 changed files with 29 additions and 10 deletions

View file

@ -30,6 +30,7 @@
dest: "/etc/nginx/snippets/{{ item }}" dest: "/etc/nginx/snippets/{{ item }}"
loop: loop:
- options-proxypass.conf - options-proxypass.conf
- connection_upgrade.conf # fix some nginx bug
- name: Copy reverse proxy sites - name: Copy reverse proxy sites
template: template:
@ -45,16 +46,25 @@
force: yes force: yes
loop: "{{ reverse_proxy_sites }}" loop: "{{ reverse_proxy_sites }}"
- name: Stop nginx to let the certbot do its job
systemd:
name: nginx
state: stoped
- name: Generate Certificate for Domains - name: Generate Certificate for Domains
shell: certbot certonly --standalone -d {{ item.from }} -m {{ vault_email }} --noninteractive --redirect shell: certbot certonly --standalone -d {{ item.from }} -m {{ vault_email }} --noninteractive --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
args:
creates: "/etc/letsencrypt/live/{{ item.from }}/cert.pem"
loop: "{{ reverse_proxy_sites }}" loop: "{{ reverse_proxy_sites }}"
- name: Start nginx - name: Copy certificates
systemd: file:
name: nginx src: "/etc/letsencrypt/live/{{ item.from }}/cert.pem"
state: started dest: "/etc/nginx/certs/{{ item.from }}.crt"
state: link
force: yes
loop: "{{ reverse_proxy_sites }}"
- name: Copy certificate keys
file:
src: "/etc/letsencrypt/live/{{ item.from }}/privkey.pem"
dest: "/etc/nginx/certs/{{ item.from }}.key"
state: link
force: yes
loop: "{{ reverse_proxy_sites }}"
notify: Reload nginx

View file

@ -1,5 +1,7 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
include "/etc/nginx/snippets/connection_upgrade.conf";
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;

View file

@ -0,0 +1,7 @@
{{ ansible_managed | comment }}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}