From 51bbdd42a2504f0b3045349b0b08e3bb75b55fce Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Tue, 13 Jan 2026 16:55:22 +0100
Subject: [PATCH] dooris(host): make certbot work

---
 inventories/z9/host_vars/dooris.yaml        |  4 +++-
 resources/z9/dooris/nginx/http_handler.conf | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 resources/z9/dooris/nginx/http_handler.conf

diff --git a/inventories/z9/host_vars/dooris.yaml b/inventories/z9/host_vars/dooris.yaml
index 5813e3a..8ae5287 100644
--- a/inventories/z9/host_vars/dooris.yaml
+++ b/inventories/z9/host_vars/dooris.yaml
@@ -7,9 +7,11 @@ certbot__certificate_domains:
   - "dooris.ccchh.net"
 certbot__new_cert_commands:
   - "systemctl reload nginx.service"
-certbot__http_01_port: 80
 
 nginx__version_spec: ""
+nginx__deploy_redirect_conf: false
 nginx__configurations:
   - name: dooris.ccchh.net
     content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/dooris.ccchh.net.conf') }}"
+  - name: http_handler
+    content: "{{ lookup('ansible.builtin.file', 'resources/z9/dooris/nginx/http_handler.conf') }}"
diff --git a/resources/z9/dooris/nginx/http_handler.conf b/resources/z9/dooris/nginx/http_handler.conf
new file mode 100644
index 0000000..8572664
--- /dev/null
+++ b/resources/z9/dooris/nginx/http_handler.conf
@@ -0,0 +1,12 @@
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+
+    location /.well-known/acme-challenge/ {
+        proxy_pass http://127.0.0.1:31820/.well-known/acme-challenge/;
+    }
+}