Compare commits
2 commits
fix_filter
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
86b8b1b12b
|
|||
|
e5dbdf1e3a
|
4 changed files with 28 additions and 7 deletions
|
|
@ -41,7 +41,8 @@ The variable `http_sites` is a dictionnary of the http site managed by nginx.
|
|||
http_sites:
|
||||
`server_name`:
|
||||
root_snippets:
|
||||
- ? TODO
|
||||
- ? TODO (currently, raw strings added to the config (like `location.my_location.config`)
|
||||
use_certbot: bool, optionnal, indicate that the certbot role should generate this certificat.
|
||||
locations:
|
||||
`location`:
|
||||
templates:
|
||||
|
|
@ -61,6 +62,12 @@ Inside the templates, `server_name` is accessed with `{{ item.key }}`, en variab
|
|||
|
||||
Inside templates of a location, in addition to the variables of the server block, the variables of the location block can be accessed with `{{ location.value.varname }}`, and the value of `location` with `{{ location.key }}`.
|
||||
|
||||
## Recommander role
|
||||
|
||||
The `certbot` role is recommanded to use with this role. It generate LE certificates and has this role has a dependency.
|
||||
|
||||
https://gitea.auro.re/Pains-Perdus/certbot
|
||||
|
||||
## Copyright
|
||||
|
||||
Copyright 2021 Jean-Marie Mineau <histausse@protonmail.com>
|
||||
|
|
|
|||
|
|
@ -106,5 +106,14 @@
|
|||
template:
|
||||
src: http_proxy_acme.j2
|
||||
dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
|
||||
loop: "{{ ssl_reverse_proxy_upstream | dict2items}}"
|
||||
loop: "{{ ssl_reverse_proxy_upstream | default({}) | dict2items}}"
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Activate sites
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
|
||||
dest: "/etc/nginx/sites-enabled/acme_http_proxy_{{ item.key }}"
|
||||
state: link
|
||||
force: yes
|
||||
loop: "{{ ssl_reverse_proxy_upstream | default({}) | dict2items}}"
|
||||
notify: Reload nginx
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
i{{ ansible_managed | comment }}
|
||||
{{ ansible_managed | comment }}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
|
|
|||
|
|
@ -4,16 +4,20 @@ server {
|
|||
listen [::]:80;
|
||||
|
||||
server_name {{ item.key }};
|
||||
# Redirect to https
|
||||
location / {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/http_{{ item.key }}.log;
|
||||
error_log /var/log/nginx/http_{{ item.key }}_error.log;
|
||||
|
||||
# ACME directory, to limit interaction with certbot
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/well-known/acme-challenge/;
|
||||
}
|
||||
|
||||
# Redirect to https
|
||||
location / {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
|
|
@ -55,6 +59,7 @@ server {
|
|||
{{ config }}
|
||||
|
||||
{%- endfor -%}
|
||||
{%- endfilter %}
|
||||
|
||||
# Logs
|
||||
access_log /var/log/nginx/{{ item.key }}.log;
|
||||
|
|
|
|||
Loading…
Reference in a new issue