add http proxy config to allow ACME challenges
This commit is contained in:
parent
4ea5f2c6be
commit
888b4c0adb
2 changed files with 26 additions and 3 deletions
|
@ -63,10 +63,8 @@
|
|||
dest: /etc/nginx/nginx.conf
|
||||
notify: Reload nginx
|
||||
|
||||
# TODO: << Manage SSL stream reverse proxy >>
|
||||
|
||||
# Manage each http site
|
||||
- name: Copy Http Servers
|
||||
- name: Copy HTTP Servers
|
||||
template:
|
||||
src: http_server.j2
|
||||
dest: "/etc/nginx/sites-available/{{ item.key }}"
|
||||
|
@ -97,3 +95,11 @@
|
|||
force: yes
|
||||
loop: "{{ http_sites | dict2items}}"
|
||||
notify: Reload nginx
|
||||
|
||||
# Add HTTP proxy to allow ACME challenges between LE and the SSL endpoints of proxy streams
|
||||
- name: Copy HTTP Servers allowing ACME challenges with proxy stream
|
||||
template:
|
||||
src: http_proxy_acme.j2
|
||||
dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
|
||||
loop: "{{ ssl_reverse_proxy_upstream | dict2items}}"
|
||||
notify: Reload nginx
|
||||
|
|
17
templates/http_proxy_acme.j2
Normal file
17
templates/http_proxy_acme.j2
Normal file
|
@ -0,0 +1,17 @@
|
|||
i{{ ansible_managed | comment }}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ item.value.sni_server_name }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
proxy_pass http://{{ item.value.to }}:80;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
|
||||
# Redirect to https
|
||||
location / {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue