add http proxy config to allow ACME challenges

tasks/main.yml

@@ -63,10 +63,8 @@
     dest: /etc/nginx/nginx.conf
   notify: Reload nginx
 
-# TODO: << Manage SSL stream reverse proxy >>
-
 # Manage each http site
-- name: Copy Http Servers
+- name: Copy HTTP Servers
   template:
     src: http_server.j2
     dest: "/etc/nginx/sites-available/{{ item.key }}"
@@ -97,3 +95,11 @@
     force: yes
   loop: "{{ http_sites | dict2items}}"
   notify: Reload nginx
+
+# Add HTTP proxy to allow ACME challenges between LE and the SSL endpoints of proxy streams
+- name: Copy HTTP Servers allowing ACME challenges with proxy stream
+  template:
+    src: http_proxy_acme.j2
+    dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
+  loop: "{{ ssl_reverse_proxy_upstream | dict2items}}"
+  notify: Reload nginx

templates/http_proxy_acme.j2

@@ -0,0 +1,17 @@
+i{{ ansible_managed | comment }}
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{ item.value.sni_server_name }};
+
+    location /.well-known/acme-challenge {
+        proxy_pass http://{{ item.value.to }}:80;
+        proxy_set_header Host $host;
+    }
+
+    # Redirect to https
+    location / {
+        return 302 https://$host$request_uri;
+    }
+}