CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 6 Pull requests 4 Wiki Activity Actions

Setup https for Light VM for light.ccchh.net

Browse source
This commit is contained in:
julian 2023-01-12 23:36:57 +01:00
commit 239b9b9689
5 changed files with 45 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

8
playbooks/files/configs/light/nginx/foobazdmx.conf
View file

@ -1,8 +0,0 @@
server {
listen 80;
server_name light.z9;
location / {
proxy_pass http://localhost:8080;
}
}

14
playbooks/files/configs/light/nginx/http_handler.conf Normal file
View file

@ -0,0 +1,14 @@
server {
listen 80 default_server;
#listen [::]:80 default_server;
server_name _;
location /.well-known/acme-challenge/ {
autoindex on;
root /webroot-for-acme-challenge;
}
location / {
return 301 https://$host$request_uri;
}
}

25
playbooks/files/configs/light/nginx/light.ccchh.net.conf Normal file
View file

@ -0,0 +1,25 @@
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name light.ccchh.net;
ssl_certificate /etc/letsencrypt/live/light.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/light.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/light.ccchh.net/chain.pem;
# replace with the IP address of your resolver
resolver 10.31.208.1;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
}
}

1
playbooks/files/configs/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -1,6 +1,7 @@
map $host $upstream_acme_challenge_host {
club-assistant.ccchh.net 10.31.208.10;
netbox.ccchh.net 10.31.208.29;
light.ccchh.net 10.31.208.23;
thinkcccore0.ccchh.net 10.31.242.3;
thinkcccore1.ccchh.net 10.31.242.4;
thinkcccore2.ccchh.net 10.31.242.5;