[nginx/certbot] Clone roles from Crans
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
parent
f49194b423
commit
ae151321db
35 changed files with 455 additions and 722 deletions
|
@ -1,173 +1,179 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
37356434643231623932626166316532633039323736303737363933373263623433653031356331
|
||||
3431376135666263353431396663363539333164643462340a383832373965653835633937373432
|
||||
31393936666535633137333739346135316463636166343063666363633966626639663265373935
|
||||
3865353439646331640a326137373039666263366330626537363566613135346263663761663732
|
||||
65363064356530373430633562623132373565326364656631313639376131313563316136623966
|
||||
35386236313238396436303765366365346335353166376164353936313536393665326439653861
|
||||
35623832623365386232353163656339333031323937383862656532636436386334643362653532
|
||||
66636365316161316536636131613438356464636163386233333333313531353935346264366231
|
||||
36346561303163663735386533333835313231333965633737376537396531323935383134643563
|
||||
32643566323564363762306438376431383237313633376437333339623936376664346137333561
|
||||
65656336303964623964616230306332636535343833336535303832666137663865336564623233
|
||||
33653361646533613462373163363736386634663038666232313432653037643330653639666663
|
||||
61643533363938366634616632626131663164393338623539636430363166323935396439373337
|
||||
34343930336631326634366331353836323465613934383231313364383061636631346633383634
|
||||
36646439336530353761613831343236373936666632333965323964643862616633303732333230
|
||||
36313132323965323831336265306565346461343235383864613762343536653434333163616663
|
||||
34303731666632666630313763323239633435386330363339363631646432633762383464303837
|
||||
39336630343833646666383237376238316264393262336136393662363261643961666332623138
|
||||
65633661343265643731396663376262613566613135663161393833373766396632303734336261
|
||||
30326436363237653431396563326264646335643536616530343863623130643666653733323331
|
||||
30616363306636396439376661633035326430313363656433636465623737636565333436653031
|
||||
33326662336239633930303665373965393037303238393630343338383362363439386634613838
|
||||
61356533383032656663613966383131623333613639633062343639393865376433316464653738
|
||||
64346465633263383662313934343732363536343662653532393837383062333565636662626634
|
||||
30393364336566343264373538386230623136316632666237646431333233376562356439626536
|
||||
61613835346636346139316665623463363339623863373961386661656361363232396533636233
|
||||
61326236643162623331633066333138326533323835366534336361396263353432373532326437
|
||||
30666234666235343739343834316234346630373661666634616461383639363664656534663636
|
||||
33376237313333393632313839373436616631336130393930373136623335666235386162376464
|
||||
31646437393336313433643534363138636461373837336634646464356437306265353731663362
|
||||
64316530326536333235386531613931303238363062383639626238346337356539323938663464
|
||||
62613432376563616238303938663933363564613532333633346132373361346231643130653833
|
||||
62313631313563343437373032626339366538313764333666353633363637333965633533373633
|
||||
33353134373730636638633432313932363264623531303135636566653038396131633230343839
|
||||
35303337613935666231303638663832663339626463353862616139346664356261656433313930
|
||||
65383336393934633036663261636434636461363161646239363135643536633836353965353462
|
||||
62636264373332643333356636616230376135363539393139383666363534626131663736393139
|
||||
36653862303066633365383435363637316262646338663437313435643334383835393238613763
|
||||
33656136646465373938653263376162633032336536613535356431393135396432636637356632
|
||||
31306132353632333833643434663930613936646233623935323761353461363139353238396633
|
||||
63363731613336643635333961336664343430353133373937396565343366363634653330663336
|
||||
62393866643665393232636232373964616335646363613466373666666661346139373938616463
|
||||
37613931613033323538323662356432306639626636666338666565343336323363633966316137
|
||||
32346538303935616265313461383731356462336435303936663931376133616365626466346435
|
||||
63313333643361363665653862663338376630613666356538616336643139666636663461323163
|
||||
35613365363032343831653639373866393635633363393961613339313234366232346662646132
|
||||
36636362356431366631373635613936653162323736303434353130343834323530393330613633
|
||||
66393130323637346561616435623562313037393161666236323834323836326161613963626236
|
||||
38343362343335343437656434303130626165646661393638336435343933326462343366323964
|
||||
39346433663533346262316461623732363963396161353139613663393264623335623832653436
|
||||
62306337653062666137373930303334643630623432303932303039343764633361613063643965
|
||||
34646133353132663662303665373836643238323932336663333730363137323532663164633862
|
||||
39383963336236646161653136626662313764373530623161663437373330666332316362623031
|
||||
66653832653035353662353638336239313336663765373966383030316137316135303134616439
|
||||
30386332366639653835663530643931326635373836663166313165633137623738636438663261
|
||||
34613135643363343232313061616337333562373764663733666666376233313534396132303536
|
||||
63643030623962626432653938336633313561303236363762353536613464353331373436666238
|
||||
65623961383736633934326165336637323630613032326163303436646530363063316334366665
|
||||
35303237613130326339306436343262313733663031333539343163323530653035356431386236
|
||||
63373564383233653165623034616262393966343262646461303562363763613261656235623533
|
||||
39643963646266623663343537663364633036373838313139313966663031376162666661363161
|
||||
36626332313535616638623837666565343734643037343761346238366665646461343532643434
|
||||
31356339613066646338306262323336373161326531326137353937343139386562383063666433
|
||||
61343861396465316663373963333237633736313735653138646366323334653963323831383864
|
||||
61636565333739663633623334336463643362343335663237393161383963373364303864393361
|
||||
61333935353634336637343961363237346565313633313366376336366139613563333336316565
|
||||
31653066323537646163666539356663633438386437386432313239356466356635303837326434
|
||||
66373934303932323732616563353566663766626335356662383732363266346636666231333864
|
||||
33663634313364353162666462383735653162383438393939306530393064626666366431633432
|
||||
63363139663632336333333562656339366133646630343533386535393234383638346532326132
|
||||
65326538373439373839656634613830656138643166616163663430323266366535646463303564
|
||||
38383537613964643761623330313563633939616432643134333266653038306136613962303162
|
||||
65393932353131323739333463363764346638633664383539616562353831653033633135656131
|
||||
35663136613835383538303134646631386331393032653539336632373439326238376233346238
|
||||
66623164643361646262373766353066633562343739393637653664623339333035323231663633
|
||||
66373134346231313239616534613065656563653662376434366161303163346533643866376266
|
||||
39383631396631633932653163343237313166633134346161653463393930613765373239303061
|
||||
33373466376563373739646130613566666132636666343266306135376636333730613034356430
|
||||
66373764376234363438613439643931323365636663376236666162643731646366623430373334
|
||||
32653962343839316534383034353535303839336361366666343961383930383237373164333065
|
||||
39643965386336393666633666376434303463633035373064383266646434343163396636343237
|
||||
66366561383237666566643035633635373966306464313765316665363532623638343030633733
|
||||
34663061663565303730613339623465653934363337396164383164363134373034356339643665
|
||||
38333662313862393631336533383631306130353963313337663031363061323762613966346333
|
||||
31356462336431336239353061653165376138326561346266353235636262613932633135303430
|
||||
64326536643334313262383132616434633131356537393263613761316535356631336461393930
|
||||
64386564306533656436653161383230313238396336656162656464663637336230663466323530
|
||||
34353730623033623866393266346134666230623139636132653739313738633037303563396162
|
||||
35366564376561306530353361616337386361326436366532656662376336373662636135663532
|
||||
38616631343733646564616264636239623136313037386561646632663463383430343632643935
|
||||
38663135346664626133373732306461383935366637303235316337376432626464396135343433
|
||||
31623230653464656538333263353061343761656638386537313163386132326635666531373334
|
||||
61313364646262346637623165643263313336626561376166326333333636303631353231373365
|
||||
31656664646330663063383135626534306338303161313438313162313866343035363234333432
|
||||
65613937373763623163653464636366316131653337346339626565643639663239313631336164
|
||||
39626263303361653864636433653038613938663037373735343637383733386230353663653865
|
||||
33663235613338636434303735386432383534663263656634353839663632343738376161393736
|
||||
35393062656533376261336130663235333766373832306563366538393763646339333334373063
|
||||
63396332303536336435323665316138613830306531356366383666343334323338616165306338
|
||||
61626364613062643131656239336466386664316661636664336466303931643236613761323130
|
||||
63656638633736383734313439366135613038326133646665303035646137393133636163393261
|
||||
66633864636362393630323436646233303664326634613235633438343930346538633466623064
|
||||
64643136326363356631343136366333613266336439326335323163306566313537646336383963
|
||||
35373936356137396366656237343432656236343339376538363339366334646130333030383464
|
||||
66333961643236653235663865353366313862633138376265366136636438633065653535663931
|
||||
35393166326337633337313465306565396161393534393563353166343935646362303465333833
|
||||
32326661633838333563663565643134616139353831343663313134306639656163653138383530
|
||||
63336462363862353935646563393766316665653561643765326161396439393866643565313161
|
||||
66343466313465343563316361643732313830633439336534316136303463366633653662643565
|
||||
33653533626531393536343033333433393032363862343661313836346561376565316361653032
|
||||
36613738663233333766613236613239336663323931653230313761643765666632363362643034
|
||||
39646130623161613332636330393936336532653861393935366266396536616465356362396635
|
||||
62643438643665326163366239386364633434383838613735396231383762316565373665363531
|
||||
32666131653961656566376631303239323262623330383438386164363162303662306535313162
|
||||
34343539636463626430386630653934306665333266336234313362343366633366373131383861
|
||||
31616535346236666264316535646236633363623533656332353037646231653236613664356362
|
||||
65656333303461646131366365323266656661343864633536396238333962393066336537353234
|
||||
31353337646131373533346161643432656361366464613437643230366261613662356435303339
|
||||
33623665373231656539326533353035383038633731386531633064623339653831306430333265
|
||||
35386538323561663433323939393564336539636432633738663337353937633837323062616266
|
||||
36363766373661356261643966623937633334303539343665343266386630363663663037396263
|
||||
61346330313665373533326437623838366634303335383433626137383434333166623138383931
|
||||
31643333366662333930393039333232613363313065633734303339323265323861633831646663
|
||||
33663934353664306665346631653561613463643265336431643532333533323764323937653934
|
||||
32356630383633666538386461653334343363656539383838613239626336366634383266323462
|
||||
38393534656635313739653461343835336134333166653463316464393063613831653837346663
|
||||
39626133643239353530303263663635326561306665363034393565326463343061313563366431
|
||||
39303333396166346138376530646532376333646636613664326536663133623532663462316439
|
||||
61343239623166616466316465653532646137336135656164386532623266386633326164336566
|
||||
65623436343531623133353366623763333137303132396435653632623534623061393036656161
|
||||
36373564306564363432373633326535383038623933343834386634653839353933343965366137
|
||||
34343334626661656265393461393339346139633136373936653630383732393461386463313263
|
||||
63366263333637363339323534636234386237393663316435323130663438343930336333643838
|
||||
34353264373261306439393732343530393765346161653562383939623234356562626664373263
|
||||
33343234366639663666346564383866623231356164396435363035373063643566326665373864
|
||||
32616131383530663033633866613236366264636564343462326265373762396364323232393131
|
||||
39636432356334353439333938643331366263353237633234643233373364393133366537653738
|
||||
63383531643334656537316663393235646331613365393330633064663939353633383035643866
|
||||
61376632636430646135363761393131626664326235316639646332366564396561633037363866
|
||||
65353563643632323364313134613339356563333431353931653738323162316666346466663266
|
||||
62653433666136613734623361363066336230326562663730643230616463613936633738643135
|
||||
66373935653939613537306265623532616133353365303433303562353831663534343165316362
|
||||
39613937326561383264323361666439613865316138386266393261616135346433323466333234
|
||||
33356138623132383063356633613066356161616662623961313562636636386463346266366137
|
||||
63396535353236623765626634663132633261643036333762323836636138643737373031653266
|
||||
37333836383937386238326162626166656134313165336437323834326635623036616130313539
|
||||
34356337666536666230333231326463343938396366353238313639656531663363636164626438
|
||||
30656439626361386633343236373733656334353061316239303764363236353639626637376534
|
||||
36313630613336633533613437663563656436356130336333346432616638343463316636326236
|
||||
30323737623330393565616532363835373766626432356137376561336261353864333266313033
|
||||
31663665626439336362363836613032393934613438333663373565393662663066353337343233
|
||||
31356261396664653865326532326136356134626631333530306633666538376630396163643761
|
||||
65636630346134353431646137613766326365613463373130666665663166356639333532326238
|
||||
32303238346632303831316631303733346433366665643234646439363737363462336539343534
|
||||
62623363353135303732613939613430363338313539616336656433356664343365663835626366
|
||||
62663232386638323265643133343433303133616437666139616337363036316135356333366533
|
||||
35666466303365623835663266373765393031643637333663663030366465333764653466373366
|
||||
38303863373864656431666434353064343166613132656266393939393163326631363931616637
|
||||
66396161633133646164646339396634623766643065306666373464323562363963333431636638
|
||||
66616166643762656433646661643931663639353237623461616561363164333634613338636336
|
||||
30626234333237366563663163366633666165343933316636646630653031393139393534376334
|
||||
64346166623061303930313432316665646266613834633139306662343537653736393134623032
|
||||
62643537393239643265663433653737386464353130303130323538626164306637323665623736
|
||||
39626238333038366263336630373139343064303833646634313331653033396364646462356639
|
||||
62333331336561373839636631363934653363386365363132646464653363313866616435633138
|
||||
34623638666534663131616631306566303365623339386137623666633833393134393735623264
|
||||
35323330366134613635656438323566346263306231343536306539633366653062316638396532
|
||||
62306133386530386436633661356331323261353738623865333531363036633535643537393362
|
||||
62396565636566343932373361373163356639313236306161366237356264336330366130333530
|
||||
63613363313930386438343330376463626438343439313866653039363036316566613932313230
|
||||
63323330373866613032343235623334336635343062623461366263623033353335623137356439
|
||||
39393834343230363362
|
||||
32313562646230353138303964366135656361616532343933353732313961323339653964353130
|
||||
3938346666633565356134343835633964626261363365370a663664663938383731343733386136
|
||||
33356531323762313463326339333963336636353933326537333665313334616563626632336663
|
||||
6537363033663935660a613366613962626563643035663330343061353836646561623031323236
|
||||
65313633383063373064613930623530656365396335663363643330636239643937373163623932
|
||||
61373136303737333739316565323934376433316362353935363637373264616238373831666438
|
||||
35343135383233653963333237393232353631636566373766366664656666313436323535393736
|
||||
62323731343261373331393062633030356235313834373861323138663930613332643432386436
|
||||
38383038616536316465343561643639353434396631643033633537393265646532613161343732
|
||||
32363265643963386538326639353233363438643833306637336431303533396562613863633537
|
||||
30303334643137313136633039393463346562306236353566333563633238313865313534326137
|
||||
33623036376439653532313833633135326631643361333463633162303065623633636331666661
|
||||
62303636653233666164383463356530633464306564383236373832616263653165373937303030
|
||||
31323865656436366265303537306438303434613135396166313635656566373539303463393830
|
||||
65383636363064333730623161316162373734626433346564333835393030616437636665316566
|
||||
37353937626465383439633534316336313931663561336335653761396230393031393839336264
|
||||
37623037663032646631656637386366333131356562376665333964393264643133626532653564
|
||||
32353235633434656334663233303664613865343039613330663833396162646430623735653434
|
||||
66633466306338373061326636366330643639383632353564353865623637303832306332653131
|
||||
37343566393965326635613135613134316264616336303233616162313839626235386137343435
|
||||
33633336636434343531633362633834376135303337363637303039323038313937646236366265
|
||||
34303434373566313730623664653263653466366133363562333736393836393363326665353434
|
||||
30333263323366326436623238353335323936346637646130623265366535653737343665373165
|
||||
63336166633831623464343862353065653162613934646539396364353162633063303332313266
|
||||
65656163396463363737663931353765376337643065646131303264363961366336343432653537
|
||||
65306437623535393132343962333666366665316362366536663431646435633166333731303232
|
||||
63313337353334623330623862386661306333366638306433373437623835636631376231373636
|
||||
66666539363561313166396438343730656230663532633031353336636565343964366136663466
|
||||
38316364663936303231633633613832313163646262313238346666336661613236343966353130
|
||||
62656237663865306632333130653933633332623061633062363964643130383430613864663935
|
||||
63663765356434626661346165653163626565336437613539653536306432376332616430393737
|
||||
34366139336363383761366338623236383135373634613239616665343061396633383231663230
|
||||
63653331336366666234626662356461663263626465663036326162343239373734346661626665
|
||||
61666231613565356633343030343935393135653261376239303037373634386138393463363239
|
||||
30356365663133646634333863616230646235656135336330393836353462323630376537366334
|
||||
31306330363232326661616666623131383837353139643838326430653561346565393762323936
|
||||
31623136656361383039653763613162356530653933376539336130376237396661663664393733
|
||||
36396433303339613965316230613237303331646331383239356638333366653961303138343663
|
||||
33393664303637333863313364356666383836633063643539333262633565623534323866316537
|
||||
38623630363139643837396330353463303932383231663831363763656537386531383531303165
|
||||
37366338343063346230656461393832383736636662656666636434363731623437303862636366
|
||||
33613333393139613637623963373262323637653531336265333033333135613330313166633738
|
||||
36353935383931363535656539333130653164613431616438613432313532373063353738656162
|
||||
36616563383133623336396633343762376537663432356238653766666636323232623065313537
|
||||
39636632326166323130646633626431323831373963313837613465356436326430616433303662
|
||||
65343834663937306539663330366538643265626665613631323036616463313266303237613938
|
||||
30613565306636306561643238326138623366343365303934306561623234313332636462383363
|
||||
30623432326336396364636164366463326533613665333830656564626663383331323661663934
|
||||
35353135323930656138373830623932396138626335343265623738383532333861306561323430
|
||||
66333532333961636463656535636132323535313730333762633139306235373031363831363266
|
||||
33646635316137616663653461393566303432386330623936633330373461333762356532663062
|
||||
39666437363931313861356331653932303132353364623664656364316430653933653935616230
|
||||
38376631316463646663626562366233626334323235633235653364623936643131356130343261
|
||||
36396535393335366532313930623363663032386635396262363430303466373737633739626435
|
||||
30636136396562336561393936353763383732653166353266376165663233626266353638363131
|
||||
65323462633039323334613566373434343363633532656534663635363763396265663137636331
|
||||
38613736353635613437663133616431396666316230393066343431336535626335373437393039
|
||||
63666135353937313765316134326338376161353862373161653039333631306264343464353035
|
||||
65353639313134346239646362663836643734373465353866373238613162303336306438376237
|
||||
35363934333536376136666561333636653136316435316530366461306636333063313739626630
|
||||
37633333333766613663636466373364663132613266343136376138663461383832356631303132
|
||||
30363434336161393962363636313364663839383734373533356663343733333731613535646433
|
||||
64396361643736653931336365313338313633383038306131333863306437386362633263646364
|
||||
36656566326333333136636566613066623362363263373435356162396431396334386237383231
|
||||
30326465646334613235666435613462633230353434653666336364646466613066346366376262
|
||||
66633863333461626631383961663930383663666538613162643730323565653732386330613538
|
||||
38666164353130386530376332643637333931313661633634303636643639613561643338373331
|
||||
63333932306634313933366533623837613934366334396637396361623439383964333665383435
|
||||
62316265356537616137643537366666336634393935613034393737313930333364323031653234
|
||||
37366561356332666439623462396266623961653039626562393065393336643962373064343563
|
||||
36346665666338623931343739386531343833386135356164303532643463346565316163656633
|
||||
32616365623065626139383362613466633332666133313263393062373338653834363830333039
|
||||
62626230343362393533633061663432363836616539643065643839623065633363393134643534
|
||||
63343935376537393739333063333333386239663763383435633234376434366362616433363162
|
||||
34363539633661633333306133363433313761303138363864373266333461303139613362663937
|
||||
39626332356139396330393361613364643363366164376234316266316164393035386334366362
|
||||
36373065626530333237636139336163623766623561656234333239646263626164323134633434
|
||||
63326635393665333533383562633438303036616262366435373739386430353964333265393732
|
||||
66643838303566626131323834646564613830333937616264383864316666343333396636303836
|
||||
38633335656536653334626530303835623531666665326533303535313164323836373365636265
|
||||
65393061363933373931396134623264643065633534313566346336343862346537343437363765
|
||||
62663264376266326538616330376633353832353234653661613964373231666562326466663934
|
||||
38393931643736626332623461613737383463663935656263656233306437653331343838343865
|
||||
64343239636166343134336261656162393938396633376663366466653634373566336165323237
|
||||
34386137313961653739393231616532346664366138356631353030623236343535363435636462
|
||||
32323564306339396437633763613535393230386631616166656539373861386633363464653439
|
||||
34323134626334356631623764356232366337646236313031336138333636633834353463363961
|
||||
32316664383038633330383765356563353062303133333133336365346561643234386161383461
|
||||
39323964303061313461386333613961396533646161663230666466616231386239386666306233
|
||||
39343239323739323738373263313662336237346663663432343861343034633463386163303366
|
||||
38333537626232663438383230623032623765336164653438653434396362633063333437366338
|
||||
34373431323539306531323536363238333037643337626131336631356537626237656630393964
|
||||
38393736633433306632323334613232303162313962616334376130353931336337303462363266
|
||||
39643137643034396564303531346361336134353461653535336165323032323238663631653935
|
||||
38366339366436376166333335663230306663633634336434323532316664666134313365323834
|
||||
31363964346561373262393632366637396633323332393162666166326631383164643265353135
|
||||
34303664353434373131653530346634386333663732373966613761616261323032336266646163
|
||||
32663966656464633565356337653534623962663939333033613933633965666339653764663134
|
||||
38363965393730633638653561393432303835303164396462366435353030643966316665333061
|
||||
39643634646137626338323537393031356532616637666634333139396630663930636235333735
|
||||
66336465666439356636623037653564393161393432346534656132346631396462356463336566
|
||||
30303833386638333866396462633330306439613139636331636331333663386438623461343133
|
||||
30643164366434353765633738356536643861303232393362343131353730376364623463326361
|
||||
37363061623333653466636438666465616133396233616430393265626362663736613031383764
|
||||
63353065306166646461623763643062383738376266353765643134376538393233383663346237
|
||||
37643639663063383266373536323533343936633134386263616163343637613636303134343037
|
||||
34626232303335393532643134646132323463396333386664333731646331343937363661323539
|
||||
65663936366464643162633432666537393439313664643638343237653566613235353165663336
|
||||
32373037346239356337633036306138343366666463363538373836616530313565613562383433
|
||||
64616263626165343938363230613039356137643665653734366533393033316363663036363738
|
||||
66323663663366666162623734363465663939383830396533383665393139633530616263663136
|
||||
64333132633031623835373831636366643831626235303831313761653734666365386462393534
|
||||
66303332656561653162636636313439663633396638353638363465663138353866376636326634
|
||||
63613865613466326230323564323439393061653664393261373531306235333663373434636262
|
||||
62353132653333313635653633346461323165373862343839316539653038633664353830643234
|
||||
36633763653738323732386263643461333761306532303534663763323735636563366266653464
|
||||
66636236393033613736656562663661346162316164616663306465623431613133633130383136
|
||||
35313434346164653163396137383064656538353766653237646237663639663039663665666236
|
||||
62346139633234343735303762653030326333333764356562656435623330663066353333326239
|
||||
39646465393362323537343766366432323765363139643361643037373739643636623437386636
|
||||
32353233303337623136343062623633306361383737303431613663633163643832343434656335
|
||||
39633434393466646366376534333865633361333861653366316238626637363537303335363662
|
||||
61353830303733623665643864333134623062356334616331363565333235666261653732633264
|
||||
62663238663461343738303764303636366638393830623264613730303635623635626364646464
|
||||
35623239356235316136343532616638663930313565383264663936633733386663326161623830
|
||||
62626634313963323866653432343561303233343035353433613731353538356438613033346638
|
||||
33613466656633626261326465336437613630376335663933303061393731313065636131393762
|
||||
65613037653363636235613838613535316635613066393436356537633662313539323163613361
|
||||
36356632323634363335366665376663346565393439313031636331633235333664663830636135
|
||||
64653266616262336437623731383161383437613461323837653066656233643230663064616432
|
||||
65383337323333633465316533623465303735396430326334643634626436303263396534356335
|
||||
34373134653232303866386433643864363536643138353965323130616338353731633434326361
|
||||
66303133353264343664323435653133383431626263373237613631616235666465616333343937
|
||||
37323333653565363665376236396232393132336137346461613831623063326631636335333365
|
||||
65376538396265313732323932383061633464393630393563386163393230623238633938396535
|
||||
34333330386131353336646361313634353862663762653234373235366565343232306432653731
|
||||
61383863306632626463653831383735636233623966353130626634366638626236383864316531
|
||||
37353062336539626531356133313132663330663135393930356565323364353761393439373533
|
||||
61366465313462313033306631333432646163653832363564313838643362316263353562373262
|
||||
33343664666230303065373836306663643135303439356362336634346637353438633364306365
|
||||
30623332363436353865633738663464636132306134386465306164363333386338323433643163
|
||||
37626235303062393933393363656339636139323464373439363765316266646536316336666163
|
||||
34306262326238343937623432643262646263666266623933623565363535326235623637396237
|
||||
64623961663037653033383933333062393932613933303962326538333739303731363137623365
|
||||
30363030353433646133666166383938356232396331656165343531343232613934663834633464
|
||||
36353331373233393861636131393238363031383135613633373665613364373466356663376431
|
||||
66303331383837663261313838363266656164633836623661326331356566653938306266376632
|
||||
63613238356135373938663030343634393566653963306237303138626461613931356565663835
|
||||
64386433613937643730396130663333646334386336613864333533626661626166346232333964
|
||||
66316664346231376639393132613936323261383131633737386331343966363961633237666334
|
||||
38353363383761333439373437623937393534626435386262383732363833346166656233666332
|
||||
62636130323536663432633434646666303664393130626437636132316264613535306463623964
|
||||
30633030613665343631373366363737313130666337326230633631646461356362363963306361
|
||||
64393639353339303436346438313833333432356666666339613666623132636235383866343838
|
||||
36666263343538633537303665616366656363373736306235333264336466313939356131303561
|
||||
33363030653966316232313933323665663330303338366333656536623861623537313266383565
|
||||
65633866663665393635646531353539623362646663356664333866623432333465333335333333
|
||||
31616262356537646261373166343665633238633235373335343134393366663462393465643135
|
||||
35326336613835663132343233386564373462353561333066323631313664373865323233653336
|
||||
65333731336565633664636562326365343263373263373162653239633964396138616335616230
|
||||
63376562383064663330363562306338346465666563306365306639353632396633323830353337
|
||||
65666233376239333436633566623535383065646235353832363030303565623531333539613864
|
||||
63393339656238323466343564333134636164383062613138656138373936636531636166393062
|
||||
32613431636233316533353937326234663336343231313630393037313663383034383238346562
|
||||
36383264626366383835623261643562323037303661383832323939363939623038626664393530
|
||||
65353061313266633764353331313532383766613735333131373365366336306139343265306634
|
||||
66313435313965633362356563313763653634643362616138633832633136333362343731346166
|
||||
34613431653134363732353833643962636431623036393935666237663833373934373438666434
|
||||
36633538306632383439323465636665303863646532653165666638316137633738363736386633
|
||||
33303234306531356136316463353232303737323661333430333137636633306131316434376665
|
||||
64323633383735313536373534626331356631316464643530363866633730353239346633396364
|
||||
36323437306165363465613365383666353037313333653230316234626439623964343336343762
|
||||
66343831343133343330336536613134303836626434663731343636613835623364633236653962
|
||||
63356635363239663533336265306261393337313136313937356662616231636461373230376232
|
||||
64313738333966633265626166653266313932666134356235373238376530303437646464333364
|
||||
31613631386335356561363938323831313061373566323638663864393266656361366463353736
|
||||
63386361373737383837336435633562626566656666373737313464323466313364626466633537
|
||||
6661656232313066363235616364646663623039386561636332
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
---
|
||||
glob_certbot:
|
||||
dns_rfc2136_server: '10.128.0.30'
|
||||
- dns_rfc2136_server: '10.128.0.30'
|
||||
dns_rfc2136_name: certbot_challenge.
|
||||
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||
mail: tech.aurore@lists.crans.org
|
||||
certname: auro.re
|
||||
domains: "auro.re"
|
||||
domains: "*.auro.re"
|
||||
|
|
|
@ -4,11 +4,14 @@ glob_nginx:
|
|||
who: "L'équipe technique d'Aurore"
|
||||
service_name: service
|
||||
ssl:
|
||||
# Add adm.auro.re if necessary
|
||||
- name: auro.re
|
||||
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
||||
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
||||
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
||||
servers:
|
||||
- ssl: false
|
||||
- ssl: false # Replace by auro.re or adm.auro.re
|
||||
default: true
|
||||
server_name:
|
||||
- "default"
|
||||
- "_"
|
||||
|
@ -16,9 +19,14 @@ glob_nginx:
|
|||
locations:
|
||||
- filter: "/"
|
||||
params: []
|
||||
additional_params: []
|
||||
upstreams: []
|
||||
|
||||
auth_passwd: []
|
||||
default_server:
|
||||
default_ssl_server:
|
||||
default_ssl_domain: auro.re
|
||||
real_ip_from:
|
||||
- "10.128.0.0/16"
|
||||
- "2a09:6840:128::/64"
|
||||
deploy_robots_file: false
|
||||
|
|
11
group_vars/reverseproxy.yml
Normal file
11
group_vars/reverseproxy.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
loc_nginx:
|
||||
servers: []
|
||||
|
||||
glob_reverseproxy:
|
||||
redirect_dnames:
|
||||
- aurores.net
|
||||
- fede-aurore.net
|
||||
|
||||
reverseproxy_sites: []
|
||||
|
||||
redirect_sites: []
|
|
@ -1,29 +1,18 @@
|
|||
---
|
||||
loc_certbot:
|
||||
domains:
|
||||
- portail-fleming.auro.re
|
||||
- portail-pacaterie.auro.re
|
||||
- portail-rives.auro.re
|
||||
- portail-edc.auro.re
|
||||
- portail-gs.auro.re
|
||||
mail: tech.aurore@lists.crans.org
|
||||
certname: auro.re
|
||||
|
||||
loc_nginx:
|
||||
service_name: captive_portal
|
||||
default_server: '$server_addr'
|
||||
default_ssl_server: '$server_addr'
|
||||
|
||||
servers:
|
||||
- ssl: false
|
||||
server_name:
|
||||
- server_name:
|
||||
- "10.13.0.247"
|
||||
locations:
|
||||
- filter: "/"
|
||||
params:
|
||||
- "return 302 https://portail-fleming.auro.re/portail/"
|
||||
|
||||
- ssl: true
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- portail-fleming.auro.re
|
||||
locations:
|
||||
|
@ -35,7 +24,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-fleming.auro.re/portail/"
|
||||
|
||||
- ssl: false
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- 10.23.0.247
|
||||
locations:
|
||||
|
@ -43,7 +32,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-pacaterie.auro.re/portail/"
|
||||
|
||||
- ssl: true
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- portail-pacaterie.auro.re
|
||||
locations:
|
||||
|
@ -55,7 +44,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-pacaterie.auro.re/portail/"
|
||||
|
||||
- ssl: false
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- "10.33.0.247"
|
||||
locations:
|
||||
|
@ -63,7 +52,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-rives.auro.re/portail/"
|
||||
|
||||
- ssl: true
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- portail-rives.auro.re
|
||||
locations:
|
||||
|
@ -75,7 +64,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-rives.auro.re/portail/"
|
||||
|
||||
- ssl: false
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- "10.43.0.247"
|
||||
locations:
|
||||
|
@ -83,7 +72,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-edc.auro.re/portail/"
|
||||
|
||||
- ssl: true
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- portail-edc.auro.re
|
||||
locations:
|
||||
|
@ -95,7 +84,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-edc.auro.re/portail/"
|
||||
|
||||
- ssl: false
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- "10.53.0.247"
|
||||
locations:
|
||||
|
@ -103,7 +92,7 @@ loc_nginx:
|
|||
params:
|
||||
- "return 302 https://portail-gs.auro.re/portail/"
|
||||
|
||||
- ssl: true
|
||||
- ssl: auro.re
|
||||
server_name:
|
||||
- portail-gs.auro.re
|
||||
locations:
|
||||
|
|
|
@ -1,39 +1,5 @@
|
|||
---
|
||||
certbot:
|
||||
domains:
|
||||
- auro.re
|
||||
- chat.auro.re # cname to riot.auro.re
|
||||
- codimd.auro.re
|
||||
- element.auro.re # cname to riot.auro.re
|
||||
- ehterpad.auro.re # cname to pad.auro.re
|
||||
- grafana.auro.re
|
||||
- hedgedoc.auro.re # cname to codimd.auro.re
|
||||
- pad.auro.re
|
||||
- passbolt.auro.re
|
||||
- paste.auro.re # cname to privatebin.auro.re
|
||||
- phabricator.auro.re
|
||||
- privatebin.auro.re
|
||||
- riot.auro.re
|
||||
- sharelatex.auro.re
|
||||
- status.auro.re
|
||||
- wiki.auro.re
|
||||
- www.auro.re
|
||||
- zero.auro.re # cname to privatebin.auro.re
|
||||
mail: tech.aurore@lists.crans.org
|
||||
certname: auro.re
|
||||
|
||||
nginx:
|
||||
ssl:
|
||||
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
||||
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
||||
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
||||
|
||||
redirect_dnames:
|
||||
- aurores.net
|
||||
- fede-aurore.net
|
||||
|
||||
redirect_tcp: {}
|
||||
|
||||
loc_reverseproxy:
|
||||
redirect_sites:
|
||||
- from: www.auro.re
|
||||
to: auro.re
|
||||
|
|
|
@ -1,31 +1,31 @@
|
|||
---
|
||||
certbot:
|
||||
domains:
|
||||
- bbb.auro.re
|
||||
- drone.auro.re
|
||||
- gitea.auro.re
|
||||
- intranet.auro.re
|
||||
- litl.auro.re
|
||||
- nextcloud.auro.re
|
||||
- re2o.auro.re
|
||||
- vote.auro.re
|
||||
- re2o-server.auro.re
|
||||
- re2o-test.auro.re
|
||||
- wikijs.auro.re
|
||||
|
||||
loc_certbot:
|
||||
- dns_rfc2136_server: '10.128.0.30'
|
||||
dns_rfc2136_name: certbot_adm_challenge.
|
||||
dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
|
||||
mail: tech.aurore@lists.crans.org
|
||||
certname: adm.auro.re
|
||||
domains: "*.adm.auro.re"
|
||||
- dns_rfc2136_server: '10.128.0.30'
|
||||
dns_rfc2136_name: certbot_challenge.
|
||||
dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
|
||||
mail: tech.aurore@lists.crans.org
|
||||
certname: auro.re
|
||||
domains: "*.auro.re"
|
||||
|
||||
nginx:
|
||||
loc_nginx:
|
||||
servers: []
|
||||
ssl:
|
||||
- name: adm.auro.re
|
||||
cert: /etc/letsencrypt/live/adm.auro.re/fullchain.pem
|
||||
cert_key: /etc/letsencrypt/live/adm.auro.re/privkey.pem
|
||||
trusted_cert: /etc/letsencrypt/live/adm.auro.re/chain.pem
|
||||
- name: auro.re
|
||||
cert: /etc/letsencrypt/live/auro.re/fullchain.pem
|
||||
cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
|
||||
trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
|
||||
|
||||
redirect_dnames:
|
||||
- aurores.net
|
||||
- fede-aurore.net
|
||||
|
||||
loc_reverseproxy:
|
||||
redirect_tcp:
|
||||
- name: Gitea
|
||||
port: 2222
|
||||
|
@ -49,6 +49,9 @@ nginx:
|
|||
|
||||
- from: gitea.auro.re
|
||||
to: "10.128.0.60:3000"
|
||||
- from: git.adm.auro.re
|
||||
to: "10.128.0.60:3000"
|
||||
ssl: adm.auro.re
|
||||
|
||||
- from: drone.auro.re
|
||||
to: "10.128.0.64:8000"
|
||||
|
|
10
hosts
10
hosts
|
@ -496,5 +496,15 @@ ldap-replica-rives.adm.auro.re
|
|||
[certbot]
|
||||
portail.adm.auro.re
|
||||
|
||||
[certbot:children]
|
||||
reverseproxy
|
||||
|
||||
[nginx]
|
||||
portail.adm.auro.re
|
||||
|
||||
[nginx:children]
|
||||
reverseproxy
|
||||
|
||||
[reverseproxy]
|
||||
proxy-ovh.adm.auro.re
|
||||
proxy.adm.auro.re
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
- name: Reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: Generate certificates
|
||||
command: "certbot certonly --non-interactive --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
|
@ -5,34 +5,47 @@
|
|||
name:
|
||||
- certbot
|
||||
- python3-certbot-dns-rfc2136
|
||||
register: pkg_result
|
||||
state: present
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: pkg_result is succeeded
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Add DNS credentials
|
||||
template:
|
||||
src: letsencrypt/rfc2136.ini.j2
|
||||
dest: "/etc/letsencrypt/rfc2136.{{ item.certname }}.ini"
|
||||
mode: 0600
|
||||
owner: root
|
||||
loop: "{{ certbot }}"
|
||||
|
||||
- name: Add dhparam
|
||||
template:
|
||||
src: "letsencrypt/dhparam.j2"
|
||||
dest: "/etc/letsencrypt/dhparam"
|
||||
mode: 0600
|
||||
|
||||
- name: Create /etc/letsencrypt/conf.d
|
||||
file:
|
||||
path: /etc/letsencrypt/conf.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
||||
- name: Lookup DNS masters IPv4
|
||||
set_fact:
|
||||
dns_masters_ipv4:
|
||||
- "10.128.0.30"
|
||||
cacheable: true
|
||||
|
||||
- name: Add DNS credentials
|
||||
template:
|
||||
src: letsencrypt/rfc2136.ini.j2
|
||||
dest: /etc/letsencrypt/rfc2136.ini
|
||||
mode: 0600
|
||||
owner: root
|
||||
mode: 0644
|
||||
|
||||
- name: Add Certbot configuration
|
||||
template:
|
||||
src: "letsencrypt/conf.d/certname.ini.j2"
|
||||
dest: "/etc/letsencrypt/conf.d/{{ certbot.certname }}.ini"
|
||||
dest: "/etc/letsencrypt/conf.d/{{ item.certname }}.ini"
|
||||
mode: 0644
|
||||
notify:
|
||||
- Generate certificates
|
||||
- Reload nginx
|
||||
loop: "{{ certbot }}"
|
||||
|
||||
- name: Run certbot
|
||||
command: certbot --non-interactive --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
|
||||
loop: "{{ certbot }}"
|
||||
|
||||
- name: Clean old files
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- "/etc/letsencrypt/options-ssl-nginx.conf"
|
||||
- "/etc/letsencrypt/ssl-dhparams.pem"
|
||||
- "/etc/letsencrypt/rfc2136.ini"
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment(decoration='# ') }}
|
||||
|
||||
# Pour appliquer cette conf et générer la conf de renewal :
|
||||
# certbot --config /etc/letsencrypt/conf.d/{{ certbot.certname }}.ini certonly
|
||||
# To generate the certificate, please use the following command
|
||||
# certbot --config /etc/letsencrypt/conf.d/{{ item.certname }}.ini certonly
|
||||
|
||||
# Use a 4096 bit RSA key instead of 2048
|
||||
rsa-key-size = 4096
|
||||
|
@ -10,7 +10,7 @@ rsa-key-size = 4096
|
|||
# server = https://acme-staging.api.letsencrypt.org/directory
|
||||
|
||||
# Uncomment and update to register with the specified e-mail address
|
||||
email = {{ certbot.mail }}
|
||||
email = {{ item.mail }}
|
||||
|
||||
# Uncomment to use a text interface instead of ncurses
|
||||
text = True
|
||||
|
@ -20,9 +20,9 @@ agree-tos = True
|
|||
|
||||
# Use DNS-01 challenge
|
||||
authenticator = dns-rfc2136
|
||||
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.ini
|
||||
dns-rfc2136-credentials = /etc/letsencrypt/rfc2136.{{ item.certname }}.ini
|
||||
dns-rfc2136-propagation-seconds = 30
|
||||
|
||||
# Wildcard the domain
|
||||
cert-name = {{ certbot.certname }}
|
||||
domains = {{ ", ".join(certbot.domains) }}
|
||||
cert-name = {{ item.certname }}
|
||||
domains = {{ item.domains }}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{{ ansible_managed | comment(decoration='# ') }}
|
||||
|
||||
dns_rfc2136_server = {{ certbot.dns_rfc2136_server }}
|
||||
dns_rfc2136_server = {{ item.dns_rfc2136_server }}
|
||||
dns_rfc2136_port = 53
|
||||
dns_rfc2136_name = {{ certbot.dns_rfc2136_name }}
|
||||
dns_rfc2136_secret = {{ certbot.dns_rfc2136_secret }}
|
||||
dns_rfc2136_name = {{ item.dns_rfc2136_name }}
|
||||
dns_rfc2136_secret = {{ item.dns_rfc2136_secret }}
|
||||
dns_rfc2136_algorithm = HMAC-SHA512
|
||||
|
|
|
@ -7,24 +7,22 @@
|
|||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Copy snippets
|
||||
- name: Copy proxypass snippets
|
||||
template:
|
||||
src: "nginx/snippets/{{ item }}.j2"
|
||||
dest: "/etc/nginx/snippets/{{ item }}"
|
||||
src: "nginx/snippets/options-proxypass.conf.j2"
|
||||
dest: "/etc/nginx/snippets/options-proxypass.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
loop:
|
||||
- options-ssl.conf
|
||||
- options-proxypass.conf
|
||||
|
||||
- name: Copy dhparam
|
||||
- name: Copy SSL snippets
|
||||
template:
|
||||
src: letsencrypt/dhparam.j2
|
||||
dest: /etc/letsencrypt/dhparam
|
||||
src: "nginx/snippets/options-ssl.conf.j2"
|
||||
dest: "/etc/nginx/snippets/options-ssl.{{ item.name }}.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
loop: "{{ nginx.ssl }}"
|
||||
|
||||
- name: Disable default site
|
||||
file:
|
||||
|
@ -32,7 +30,7 @@
|
|||
state: absent
|
||||
|
||||
- name: Copy reverse proxy sites
|
||||
when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined
|
||||
when: reverseproxy is defined
|
||||
template:
|
||||
src: "nginx/sites-available/{{ item }}.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ item }}"
|
||||
|
@ -46,7 +44,7 @@
|
|||
notify: Reload nginx
|
||||
|
||||
- name: Activate reverse proxy sites
|
||||
when: nginx.reverseproxy_sites is defined or nginx.redirect_sites is defined
|
||||
when: reverseproxy is defined
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ item }}"
|
||||
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
||||
|
@ -60,6 +58,24 @@
|
|||
notify: Reload nginx
|
||||
ignore_errors: "{{ ansible_check_mode }}"
|
||||
|
||||
- name: Copy forward modules
|
||||
when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0
|
||||
template:
|
||||
src: "nginx/modules-available/60-forward.conf.j2"
|
||||
dest: "/etc/nginx/modules-available/60-forward.conf"
|
||||
mode: 0644
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Activate modules
|
||||
when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0
|
||||
file:
|
||||
src: "/etc/nginx/modules-available/60-forward.conf"
|
||||
dest: "/etc/nginx/modules-enabled/60-forward.conf"
|
||||
state: link
|
||||
mode: 0644
|
||||
notify: Reload nginx
|
||||
ignore_errors: "{{ ansible_check_mode }}"
|
||||
|
||||
- name: Copy service nginx configuration
|
||||
when: nginx.servers is defined and nginx.servers|length > 0
|
||||
template:
|
||||
|
@ -98,12 +114,6 @@
|
|||
group: www-data
|
||||
mode: 0644
|
||||
|
||||
- name: Indicate role in motd
|
||||
template:
|
||||
src: update-motd.d/05-service.j2
|
||||
dest: /etc/update-motd.d/05-nginx
|
||||
mode: 0755
|
||||
|
||||
- name: Install passwords
|
||||
when: nginx.auth_passwd|length > 0
|
||||
template:
|
||||
|
@ -119,3 +129,18 @@
|
|||
owner: www-data
|
||||
group: www-data
|
||||
mode: 0644
|
||||
|
||||
- name: Indicate role in motd
|
||||
template:
|
||||
src: update-motd.d/05-service.j2
|
||||
dest: /etc/update-motd.d/05-nginx
|
||||
mode: 0755
|
||||
|
||||
- name: Clean old files
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- "/etc/nginx/snippets/options-ssl.conf"
|
||||
- "/var/www/custom_401.html"
|
||||
- "/var/www/robots.txt"
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for site in nginx.redirect_tcp %}
|
||||
{% for site in reverseproxy.redirect_tcp %}
|
||||
# Forward port {{ site.port }} to {{ site.name }}
|
||||
stream {
|
||||
server {
|
||||
|
@ -12,3 +12,4 @@ stream {
|
|||
}
|
||||
|
||||
{% endfor %}
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
{% for user, hash in nginx.auth_passwd.items() -%}
|
||||
{{ user }}:{{ hash }}
|
||||
{% endfor -%}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for site in nginx.redirect_sites %}
|
||||
{% for site in reverseproxy.redirect_sites %}
|
||||
# Redirect http://{{ site.from }} to http://{{ site.to }}
|
||||
server {
|
||||
listen 80;
|
||||
|
@ -8,6 +8,11 @@ server {
|
|||
|
||||
server_name {{ site.from }};
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 http://{{ site.to }}$request_uri;
|
||||
}
|
||||
|
@ -21,7 +26,12 @@ server {
|
|||
server_name {{ site.from }};
|
||||
|
||||
# SSL common conf
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 https://{{ site.to }}$request_uri;
|
||||
|
@ -31,8 +41,8 @@ server {
|
|||
{% endfor %}
|
||||
|
||||
{# Also redirect for DNAMEs #}
|
||||
{% for dname in nginx.redirect_dnames %}
|
||||
{% for site in nginx.redirect_sites %}
|
||||
{% for dname in reverseproxy.redirect_dnames %}
|
||||
{% for site in reverseproxy.redirect_sites %}
|
||||
{% set from = site.from | regex_replace('crans.org', dname) %}
|
||||
{% if from != site.from %}
|
||||
# Redirect http://{{ from }} to http://{{ site.to }}
|
||||
|
@ -42,6 +52,11 @@ server {
|
|||
|
||||
server_name {{ from }};
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 http://{{ site.to }}$request_uri;
|
||||
}
|
||||
|
@ -55,7 +70,12 @@ server {
|
|||
server_name {{ from }};
|
||||
|
||||
# SSL common conf
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 https://{{ site.to }}$request_uri;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
# Automatic Connection header for WebSocket support
|
||||
# See http://nginx.org/en/docs/http/websocket.html
|
||||
|
@ -7,7 +7,7 @@ map $http_upgrade $connection_upgrade {
|
|||
'' close;
|
||||
}
|
||||
|
||||
{% for site in nginx.reverseproxy_sites %}
|
||||
{% for site in reverseproxy.reverseproxy_sites %}
|
||||
# Redirect http://{{ site.from }} to https://{{ site.from }}
|
||||
server {
|
||||
listen 80;
|
||||
|
@ -15,6 +15,11 @@ server {
|
|||
|
||||
server_name {{ site.from }};
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
|
@ -28,7 +33,7 @@ server {
|
|||
server_name {{ site.from }};
|
||||
|
||||
# SSL common conf
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
|
||||
|
||||
# Log into separate log files
|
||||
access_log /var/log/nginx/{{ site.from }}.log;
|
||||
|
@ -43,8 +48,9 @@ server {
|
|||
root /var/www/html;
|
||||
}
|
||||
|
||||
set_real_ip_from 10.231.136.0/24;
|
||||
set_real_ip_from 2a0c:700:0:2::/64;
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
{% for dname in nginx.redirect_dnames %}
|
||||
{% for site in nginx.reverseproxy_sites %}
|
||||
{% set from = site.from | regex_replace('crans.org', dname) %}
|
||||
{% for dname in reverseproxy.redirect_dnames %}
|
||||
{% for site in reverseproxy.reverseproxy_sites %}
|
||||
{% set from = site.from | regex_replace('auro.re', dname) %}
|
||||
{% set to = site.from %}
|
||||
{% if from != site.from %}
|
||||
# Redirect http://{{ from }} to http://{{ to }}
|
||||
|
@ -12,6 +12,11 @@ server {
|
|||
|
||||
server_name {{ from }};
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 http://{{ to }}$request_uri;
|
||||
}
|
||||
|
@ -25,7 +30,12 @@ server {
|
|||
server_name {{ from }};
|
||||
|
||||
# SSL common conf
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
include "/etc/nginx/snippets/options-ssl.{{ site.ssl|default(nginx.default_ssl_domain) }}.conf";
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 https://{{ to }}$request_uri;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
# Automatic Connection header for WebSocket support
|
||||
# See http://nginx.org/en/docs/http/websocket.html
|
||||
|
@ -19,7 +19,7 @@ upstream {{ upstream.name }} {
|
|||
server {
|
||||
listen 443 default_server ssl;
|
||||
listen [::]:443 default_server ssl;
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf";
|
||||
|
||||
server_name _;
|
||||
charset utf-8;
|
||||
|
@ -27,6 +27,11 @@ server {
|
|||
# Hide Nginx version
|
||||
server_tokens off;
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 https://{{ nginx.default_ssl_server }}$request_uri;
|
||||
}
|
||||
|
@ -45,6 +50,11 @@ server {
|
|||
# Hide Nginx version
|
||||
server_tokens off;
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 http://{{ nginx.default_server }}$request_uri;
|
||||
}
|
||||
|
@ -55,8 +65,8 @@ server {
|
|||
{% if server.ssl is defined and server.ssl -%}
|
||||
# Redirect HTTP to HTTPS
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen 80{% if server.default is defined and server.default %} default_server{% endif %};
|
||||
listen [::]:80{% if server.default is defined and server.default %} default_server{% endif %};
|
||||
|
||||
server_name {{ server.server_name|join(" ") }};
|
||||
charset utf-8;
|
||||
|
@ -64,6 +74,11 @@ server {
|
|||
# Hide Nginx version
|
||||
server_tokens off;
|
||||
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
location / {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
|
@ -72,9 +87,9 @@ server {
|
|||
|
||||
server {
|
||||
{% if server.ssl is defined and server.ssl -%}
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
listen 443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
|
||||
listen [::]:443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
|
||||
include "/etc/nginx/snippets/options-ssl.{{ server.ssl }}.conf";
|
||||
{% else -%}
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -86,29 +101,32 @@ server {
|
|||
# Hide Nginx version
|
||||
server_tokens off;
|
||||
|
||||
{% if server.root is defined -%}
|
||||
root {{ server.root }};
|
||||
{% endif -%}
|
||||
{% if server.index is defined -%}
|
||||
index {{ server.index|join(" ") }};
|
||||
{% endif -%}
|
||||
{% for realip in nginx.real_ip_from %}
|
||||
set_real_ip_from {{ realip }};
|
||||
{% endfor %}
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
{% if server.access_log is defined -%}
|
||||
access_log {{ server.access_log }};
|
||||
{% endif -%}
|
||||
{% if server.error_log is defined -%}
|
||||
error_log {{ server.error_log }};
|
||||
{% endif -%}
|
||||
{% if server.root is defined %}root {{ server.root }};{% endif %}
|
||||
{% if server.index is defined %}index {{ server.index|join(" ") }};{% endif %}
|
||||
|
||||
{% if server.locations is defined -%}
|
||||
{% if server.access_log is defined %}access_log {{ server.access_log }};{% endif %}
|
||||
{% if server.error_log is defined %}error_log {{ server.error_log }};{% endif %}
|
||||
|
||||
{% for location in server.locations -%}
|
||||
location {{ location.filter }} {
|
||||
{% for param in location.params -%}
|
||||
{% if server.additional_params is defined %}
|
||||
{% for param in server.additional_params %}
|
||||
{{ param }};
|
||||
{% endfor -%}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
{% if server.locations is defined %}
|
||||
{% for location in server.locations %}
|
||||
location {{ location.filter }} {
|
||||
{% for param in location.params %}
|
||||
{{ param }};
|
||||
{% endfor %}
|
||||
}
|
||||
{% endfor -%}
|
||||
{% endif -%}
|
||||
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
}
|
||||
{% endfor %}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
|
||||
fastcgi_split_path_info (^/[^/]*)(.*)$;
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
|
||||
ssl_certificate {{ nginx.ssl.cert }};
|
||||
ssl_certificate_key {{ nginx.ssl.cert_key }};
|
||||
ssl_certificate {{ item.cert }};
|
||||
ssl_certificate_key {{ item.cert_key }};
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
|
@ -13,5 +13,5 @@ ssl_prefer_server_ciphers off;
|
|||
# Enable OCSP Stapling, point to certificate chain
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate {{ nginx.ssl.trusted_cert }};
|
||||
ssl_trusted_certificate {{ item.trusted_cert }};
|
||||
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
#!/usr/bin/tail +14
|
||||
# {{ ansible_managed }}
|
||||
{{ ansible_managed | comment }}
|
||||
[0m> [38;5;82mNGINX[0m a été déployé sur cette machine. Voir [38;5;6m/etc/nginx/[0m.
|
||||
|
|
|
@ -1,4 +1,2 @@
|
|||
{{ ansible_header | comment }}
|
||||
|
||||
User-agent: *
|
||||
Disallow: /
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
---
|
||||
- name: Reload nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
|
@ -1,73 +0,0 @@
|
|||
---
|
||||
- name: Install NGINX
|
||||
apt:
|
||||
update_cache: true
|
||||
name: nginx
|
||||
register: apt_result
|
||||
retries: 3
|
||||
until: apt_result is succeeded
|
||||
|
||||
- name: Copy snippets
|
||||
template:
|
||||
src: "nginx/snippets/{{ item }}.j2"
|
||||
dest: "/etc/nginx/snippets/{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- options-ssl.conf
|
||||
- options-proxypass.conf
|
||||
|
||||
- name: Copy dhparam
|
||||
template:
|
||||
src: letsencrypt/dhparam.j2
|
||||
dest: /etc/letsencrypt/dhparam
|
||||
mode: 0644
|
||||
|
||||
- name: Copy reverse proxy sites
|
||||
template:
|
||||
src: "nginx/sites-available/{{ item }}.j2"
|
||||
dest: "/etc/nginx/sites-available/{{ item }}"
|
||||
mode: 0644
|
||||
loop:
|
||||
- reverseproxy
|
||||
- reverseproxy_redirect_dname
|
||||
- redirect
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Activate sites
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ item }}"
|
||||
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
||||
state: link
|
||||
mode: 0644
|
||||
loop:
|
||||
- reverseproxy
|
||||
- reverseproxy_redirect_dname
|
||||
- redirect
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Copy forward modules
|
||||
template:
|
||||
src: "nginx/modules-available/60-forward.conf.j2"
|
||||
dest: "/etc/nginx/modules-available/60-forward.conf"
|
||||
mode: 0644
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Activate modules
|
||||
file:
|
||||
src: "/etc/nginx/modules-available/60-forward.conf"
|
||||
dest: "/etc/nginx/modules-enabled/60-forward.conf"
|
||||
state: link
|
||||
mode: 0644
|
||||
notify: Reload nginx
|
||||
|
||||
- name: Copy 50x error page
|
||||
template:
|
||||
src: www/html/50x.html.j2
|
||||
dest: /var/www/html/50x.html
|
||||
mode: 0644
|
||||
|
||||
- name: Indicate role in motd
|
||||
template:
|
||||
src: update-motd.d/05-service.j2
|
||||
dest: /etc/update-motd.d/05-nginx
|
||||
mode: 0755
|
|
@ -1,67 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
{% for site in nginx.redirect_sites %}
|
||||
# Redirect http://{{ site.from }} to http://{{ site.to }}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ site.from }};
|
||||
|
||||
location / {
|
||||
return 302 http://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %};
|
||||
}
|
||||
}
|
||||
|
||||
# Redirect https://{{ site.from }} to https://{{ site.to }}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ site.from }};
|
||||
|
||||
# SSL common conf
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
|
||||
location / {
|
||||
return 302 https://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %};
|
||||
}
|
||||
}
|
||||
|
||||
{% endfor %}
|
||||
|
||||
{# Also redirect for DNAMEs #}
|
||||
{% for dname in nginx.redirect_dnames %}
|
||||
{% for site in nginx.redirect_sites %}
|
||||
{% set from = site.from | regex_replace('crans.org', dname) %}
|
||||
{% if from != site.from %}
|
||||
# Redirect http://{{ from }} to http://{{ site.to }}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ from }};
|
||||
|
||||
location / {
|
||||
return 302 http://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %};
|
||||
}
|
||||
}
|
||||
|
||||
# Redirect https://{{ from }} to https://{{ site.to }}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ from }};
|
||||
|
||||
# SSL common conf
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
|
||||
location / {
|
||||
return 302 https://{{ site.to }}{% if site.norequesturi is not defined %}$request_uri{% endif %};
|
||||
}
|
||||
}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
|
@ -1,62 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
# Automatic Connection header for WebSocket support
|
||||
# See http://nginx.org/en/docs/http/websocket.html
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
{% for site in nginx.reverseproxy_sites %}
|
||||
# Redirect http://{{ site.from }} to https://{{ site.from }}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ site.from }};
|
||||
|
||||
location / {
|
||||
return 302 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# Reverse proxify https://{{ site.from }} to http://{{ site.to }}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ site.from }};
|
||||
|
||||
# SSL common conf
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
|
||||
# Log into separate log files
|
||||
access_log /var/log/nginx/{{ site.from }}.log;
|
||||
error_log /var/log/nginx/{{ site.from }}_error.log;
|
||||
|
||||
# Keep the TCP connection open a bit for faster browsing
|
||||
keepalive_timeout 70;
|
||||
|
||||
# Custom error page
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
set_real_ip_from 10.231.136.0/24;
|
||||
set_real_ip_from 2a0c:700:0:2::/64;
|
||||
real_ip_header P-Real-Ip;
|
||||
|
||||
{% if site.custom_args is defined -%}
|
||||
{% for arg in site.custom_args %}
|
||||
{{ arg }};
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
location / {
|
||||
proxy_pass http://{{ site.to }};
|
||||
include "/etc/nginx/snippets/options-proxypass.conf";
|
||||
}
|
||||
}
|
||||
|
||||
{% endfor %}
|
|
@ -1,37 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
{% for dname in nginx.redirect_dnames %}
|
||||
{% for site in nginx.reverseproxy_sites %}
|
||||
{% set from = site.from | regex_replace('auro.re', dname) %}
|
||||
{% set to = site.from %}
|
||||
{% if from != site.from %}
|
||||
# Redirect http://{{ from }} to http://{{ to }}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ from }};
|
||||
|
||||
location / {
|
||||
return 302 http://{{ to }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# Redirect https://{{ from }} to https://{{ to }}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ from }};
|
||||
|
||||
# SSL common conf
|
||||
include "/etc/nginx/snippets/options-ssl.conf";
|
||||
|
||||
location / {
|
||||
return 302 https://{{ to }}$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% endfor %}
|
|
@ -1,19 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
|
||||
# Pass the real client IP
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# Tell proxified server that we are HTTPS, fix Wordpress
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
||||
# WebSocket support
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
# For Owncloud WebDav
|
||||
client_max_body_size 10G;
|
|
@ -1,17 +0,0 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
ssl_certificate {{ nginx.ssl.cert }};
|
||||
ssl_certificate_key {{ nginx.ssl.cert_key }};
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m;
|
||||
ssl_session_tickets off;
|
||||
ssl_dhparam /etc/letsencrypt/dhparam;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
|
||||
ssl_prefer_server_ciphers off;
|
||||
|
||||
# Enable OCSP Stapling, point to certificate chain
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate {{ nginx.ssl.trusted_cert }};
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
#!/usr/bin/tail +14
|
||||
# {{ ansible_managed }}
|
||||
[0m> [38;5;82mNGINX[0m a été déployé sur cette machine. Voir [38;5;6m/etc/nginx/[0m.
|
|
@ -1,63 +0,0 @@
|
|||
<!doctype html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>502</title>
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<style>
|
||||
* {
|
||||
line-height: 1.2;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
html {
|
||||
color: #888;
|
||||
display: table;
|
||||
font-family: sans-serif;
|
||||
height: 100%;
|
||||
text-align: center;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
body {
|
||||
display: table-cell;
|
||||
vertical-align: middle;
|
||||
margin: 2em auto;
|
||||
}
|
||||
|
||||
a {
|
||||
color: #888;
|
||||
text-decoration: underline dotted;
|
||||
}
|
||||
|
||||
h1 {
|
||||
color: #555;
|
||||
font-size: 2em;
|
||||
font-weight: 400;
|
||||
}
|
||||
|
||||
p {
|
||||
margin: 1em auto;
|
||||
max-width: 480px;
|
||||
}
|
||||
|
||||
@media only screen and (max-width: 280px) {
|
||||
body, p {
|
||||
width: 95%;
|
||||
}
|
||||
|
||||
h1 {
|
||||
font-size: 1.5em;
|
||||
margin: 0 0 0.3em;
|
||||
}
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>502</h1>
|
||||
<p>Whoops, le service prend trop de temps à répondre…</p>
|
||||
<p>Essayez de rafraîchir la page. Si le problème persiste, pensez
|
||||
à contacter <a href="mailto:tech.aurore@lists.crans.org">l'équipe technique d'Aurore</a>.</p>
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -10,15 +10,18 @@
|
|||
roles:
|
||||
- passbolt
|
||||
|
||||
# Deploy reverse proxy
|
||||
- hosts: proxy*.adm.auro.re
|
||||
- hosts: reverseproxy
|
||||
vars:
|
||||
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||
reverseproxy: '{{ glob_reverseproxy | default({}) | combine(loc_reverseproxy | default({})) }}'
|
||||
roles:
|
||||
- certbot
|
||||
- nginx_reverseproxy
|
||||
- nginx
|
||||
|
||||
- hosts: portail.adm.auro.re
|
||||
- hosts: nginx,!reverseproxy
|
||||
vars:
|
||||
certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
|
||||
certbot: '{{ loc_certbot | default(glob_certbot | default([])) }}'
|
||||
nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
|
||||
roles:
|
||||
- certbot
|
||||
|
|
Loading…
Reference in a new issue