add 'well-known/acme-challenge' file

2 years ago · b1c93d6089
parent ceb8391c06
commit b1c93d6089
3 changed files with 11 additions and 1 deletions
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -17,6 +17,11 @@
  loop:
    - connection_upgrade.conf # fix some nginx bug

+- name: Ensure the cert directory exists
+  file:
+    path: /var/www/well-known/acme-challenge/.well-known/acme-challenge
+    state: directory
+
 - name: Ensure the cert directory exists
  file:
    path: /etc/nginx/certs
--- a/templates/http_server.j2
+++ b/templates/http_server.j2
@ -9,6 +9,11 @@ server {
        return 302 https://$host$request_uri;
    }

+    # ACME directory, to limit interaction with certbot
+    location /.well-known/acme-challenge/ {
+        root /var/www/well-known/acme-challenge/;
+    }
+
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

--- a/templates/nginx.conf
+++ b/templates/nginx.conf
@ -44,7 +44,7 @@ stream {
        r3.o.lencr.org                  r3;
        {% for rp in (ssl_reverse_proxy_upstream | default({}) | dict2items) -%}
        {{ rp.value.sni_server_name }}   {{ rp.key }};
-        {%- endfor %}
+        {% endfor %}
        default                         local;
    }