add dedicated logs to http sites

some updates
4 changed files with 28 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -41,7 +41,8 @@ The variable `http_sites` is a dictionnary of the http site managed by nginx.
 http_sites:
  `server_name`:
    root_snippets:
-      - ? TODO
+      - ? TODO (currently, raw strings added to the config (like `location.my_location.config`)
+    use_certbot: bool, optionnal, indicate that the certbot role should generate this certificat. 
    locations:
      `location`:
        templates: 
@ -61,6 +62,12 @@ Inside the templates, `server_name` is accessed with `{{ item.key }}`, en variab

 Inside templates of a location, in addition to the variables of the server block, the variables of the location block can be accessed with `{{ location.value.varname }}`, and the value of `location` with `{{ location.key }}`.

+## Recommander role 
+
+The `certbot` role is recommanded to use with this role. It generate LE certificates and has this role has a dependency. 
+
+https://gitea.auro.re/Pains-Perdus/certbot
+
 ## Copyright

 Copyright 2021 Jean-Marie Mineau <histausse@protonmail.com>
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -106,5 +106,14 @@
  template:
    src: http_proxy_acme.j2
    dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
-  loop: "{{ ssl_reverse_proxy_upstream | dict2items}}"
+  loop: "{{ ssl_reverse_proxy_upstream | default({}) | dict2items}}"
+  notify: Reload nginx
+
+- name: Activate sites
+  file:
+    src: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
+    dest: "/etc/nginx/sites-enabled/acme_http_proxy_{{ item.key }}"
+    state: link
+    force: yes
+  loop: "{{ ssl_reverse_proxy_upstream | default({}) | dict2items}}"
  notify: Reload nginx
--- a/templates/http_proxy_acme.j2
+++ b/templates/http_proxy_acme.j2
@ -1,4 +1,4 @@
-i{{ ansible_managed | comment }}
+{{ ansible_managed | comment }}
 server {
    listen 80;
    listen [::]:80;
--- a/templates/http_server.j2
+++ b/templates/http_server.j2
@ -4,16 +4,20 @@ server {
    listen [::]:80;

    server_name {{ item.key }};
-    # Redirect to https
-    location / {
-        return 302 https://$host$request_uri;
-    }
+
+    access_log /var/log/nginx/http_{{ item.key }}.log;
+    error_log /var/log/nginx/http_{{ item.key }}_error.log;

    # ACME directory, to limit interaction with certbot
    location /.well-known/acme-challenge/ {
        root /var/www/well-known/acme-challenge/;
    }

+    # Redirect to https
+    location / {
+        return 302 https://$host$request_uri;
+    }
+
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

@ -55,6 +59,7 @@ server {
    {{ config }}
    
    {%- endfor -%}
+    {%- endfilter %}

    # Logs
    access_log /var/log/nginx/{{ item.key }}.log;
Author	SHA1	Message	Date
histausse	86b8b1b12b	add dedicated logs to http sites	2 years ago
histausse	e5dbdf1e3a	some updates	2 years ago