fix an nginx bug and finish the config for certbot
This commit is contained in:
parent
090db33fcf
commit
bbc6f107c2
3 changed files with 29 additions and 10 deletions
|
@ -30,6 +30,7 @@
|
||||||
dest: "/etc/nginx/snippets/{{ item }}"
|
dest: "/etc/nginx/snippets/{{ item }}"
|
||||||
loop:
|
loop:
|
||||||
- options-proxypass.conf
|
- options-proxypass.conf
|
||||||
|
- connection_upgrade.conf # fix some nginx bug
|
||||||
|
|
||||||
- name: Copy reverse proxy sites
|
- name: Copy reverse proxy sites
|
||||||
template:
|
template:
|
||||||
|
@ -45,16 +46,25 @@
|
||||||
force: yes
|
force: yes
|
||||||
loop: "{{ reverse_proxy_sites }}"
|
loop: "{{ reverse_proxy_sites }}"
|
||||||
|
|
||||||
- name: Stop nginx to let the certbot do its job
|
|
||||||
systemd:
|
|
||||||
name: nginx
|
|
||||||
state: stoped
|
|
||||||
|
|
||||||
- name: Generate Certificate for Domains
|
- name: Generate Certificate for Domains
|
||||||
shell: certbot certonly --standalone -d {{ item.from }} -m {{ vault_email }} --noninteractive --redirect
|
shell: certbot certonly --standalone -d {{ item.from }} -m {{ vault_email }} --noninteractive --redirect --pre-hook "sudo systemctl stop nginx" --post-hook "sudo systemctl start nginx"
|
||||||
|
args:
|
||||||
|
creates: "/etc/letsencrypt/live/{{ item.from }}/cert.pem"
|
||||||
loop: "{{ reverse_proxy_sites }}"
|
loop: "{{ reverse_proxy_sites }}"
|
||||||
|
|
||||||
- name: Start nginx
|
- name: Copy certificates
|
||||||
systemd:
|
file:
|
||||||
name: nginx
|
src: "/etc/letsencrypt/live/{{ item.from }}/cert.pem"
|
||||||
state: started
|
dest: "/etc/nginx/certs/{{ item.from }}.crt"
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
loop: "{{ reverse_proxy_sites }}"
|
||||||
|
|
||||||
|
- name: Copy certificate keys
|
||||||
|
file:
|
||||||
|
src: "/etc/letsencrypt/live/{{ item.from }}/privkey.pem"
|
||||||
|
dest: "/etc/nginx/certs/{{ item.from }}.key"
|
||||||
|
state: link
|
||||||
|
force: yes
|
||||||
|
loop: "{{ reverse_proxy_sites }}"
|
||||||
|
notify: Reload nginx
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
{{ ansible_managed | comment }}
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
include "/etc/nginx/snippets/connection_upgrade.conf";
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
{{ ansible_managed | comment }}
|
||||||
|
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue