add http proxy config to allow ACME challenges
This commit is contained in:
parent
4ea5f2c6be
commit
888b4c0adb
2 changed files with 26 additions and 3 deletions
|
@ -63,10 +63,8 @@
|
||||||
dest: /etc/nginx/nginx.conf
|
dest: /etc/nginx/nginx.conf
|
||||||
notify: Reload nginx
|
notify: Reload nginx
|
||||||
|
|
||||||
# TODO: << Manage SSL stream reverse proxy >>
|
|
||||||
|
|
||||||
# Manage each http site
|
# Manage each http site
|
||||||
- name: Copy Http Servers
|
- name: Copy HTTP Servers
|
||||||
template:
|
template:
|
||||||
src: http_server.j2
|
src: http_server.j2
|
||||||
dest: "/etc/nginx/sites-available/{{ item.key }}"
|
dest: "/etc/nginx/sites-available/{{ item.key }}"
|
||||||
|
@ -97,3 +95,11 @@
|
||||||
force: yes
|
force: yes
|
||||||
loop: "{{ http_sites | dict2items}}"
|
loop: "{{ http_sites | dict2items}}"
|
||||||
notify: Reload nginx
|
notify: Reload nginx
|
||||||
|
|
||||||
|
# Add HTTP proxy to allow ACME challenges between LE and the SSL endpoints of proxy streams
|
||||||
|
- name: Copy HTTP Servers allowing ACME challenges with proxy stream
|
||||||
|
template:
|
||||||
|
src: http_proxy_acme.j2
|
||||||
|
dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
|
||||||
|
loop: "{{ ssl_reverse_proxy_upstream | dict2items}}"
|
||||||
|
notify: Reload nginx
|
||||||
|
|
17
templates/http_proxy_acme.j2
Normal file
17
templates/http_proxy_acme.j2
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
i{{ ansible_managed | comment }}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
server_name {{ item.value.sni_server_name }};
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge {
|
||||||
|
proxy_pass http://{{ item.value.to }}:80;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Redirect to https
|
||||||
|
location / {
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue