Update website/updates role
This commit is contained in:
parent
9e576edab6
commit
4b39d2a02c
|
@ -5,6 +5,11 @@
|
||||||
- ffhh-basics
|
- ffhh-basics
|
||||||
tags: basics
|
tags: basics
|
||||||
|
|
||||||
|
- hosts: certbot
|
||||||
|
roles:
|
||||||
|
- certbot
|
||||||
|
tags: certbot
|
||||||
|
|
||||||
- hosts: certsync
|
- hosts: certsync
|
||||||
roles:
|
roles:
|
||||||
- certsync
|
- certsync
|
||||||
|
|
|
@ -5,6 +5,5 @@ basics_ssh_match_blocks:
|
||||||
- ChrootDirectory /home/certsync/root
|
- ChrootDirectory /home/certsync/root
|
||||||
- ForceCommand internal-sftp
|
- ForceCommand internal-sftp
|
||||||
nginx_resolver: 192.76.134.90 212.12.50.158
|
nginx_resolver: 192.76.134.90 212.12.50.158
|
||||||
updates_letsencrypt_local: true
|
updates_tls_crt: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
|
||||||
updates_ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
|
updates_tls_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
|
||||||
updates_ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
|
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
certsync_host: srv01.hamburg.freifunk.net
|
certsync_host: srv01.hamburg.freifunk.net
|
||||||
nginx_resolver: 80.252.105.162 80.252.105.194
|
nginx_resolver: 80.252.105.162 80.252.105.194
|
||||||
updates_letsencrypt_srv01: true
|
|
||||||
updates_owner: ffupdates
|
|
||||||
updates_group: www-data
|
updates_group: www-data
|
||||||
|
updates_letsencrypt: srv01
|
||||||
|
updates_owner: ffupdates
|
||||||
updates_root: /var/www/updates
|
updates_root: /var/www/updates
|
||||||
updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
|
updates_tls_crt: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
|
||||||
updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key
|
updates_tls_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key
|
||||||
|
|
|
@ -4,6 +4,9 @@ srv02 ansible_host=srv02.hamburg.freifunk.net
|
||||||
srv03 ansible_host=srv03.hamburg.freifunk.net
|
srv03 ansible_host=srv03.hamburg.freifunk.net
|
||||||
srv04 ansible_host=srv04.hamburg.freifunk.net
|
srv04 ansible_host=srv04.hamburg.freifunk.net
|
||||||
|
|
||||||
|
[certbot]
|
||||||
|
srv01
|
||||||
|
|
||||||
[certsync]
|
[certsync]
|
||||||
srv03
|
srv03
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
---
|
---
|
||||||
site: updates
|
site: updates
|
||||||
updates_letsencrypt_local: false
|
|
||||||
updates_letsencrypt_srv01: false
|
|
||||||
updates_letsencrypt_srv02: false
|
|
||||||
updates_owner: ffupdates
|
|
||||||
updates_group: ffupdates
|
updates_group: ffupdates
|
||||||
|
updates_letsencrypt: local
|
||||||
|
updates_owner: ffupdates
|
||||||
updates_root: /home/ffupdates/updates
|
updates_root: /home/ffupdates/updates
|
||||||
|
|
|
@ -18,7 +18,7 @@
|
||||||
|
|
||||||
- name: enable site
|
- name: enable site
|
||||||
file:
|
file:
|
||||||
src: /etc/nginx/sites-available/{{ site }}
|
src: ../sites-available/{{ site }}
|
||||||
dest: /etc/nginx/sites-enabled/{{ site }}
|
dest: /etc/nginx/sites-enabled/{{ site }}
|
||||||
state: link
|
state: link
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
|
|
|
@ -1,51 +1,38 @@
|
||||||
{% if updates_ssl_certificate is defined %}
|
{% if updates_tls_crt is defined %}
|
||||||
server {
|
server {
|
||||||
|
server_name updates.hamburg.freifunk.net;
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
|
ssl_certificate {{ updates_tls_crt }};
|
||||||
server_name updates.hamburg.freifunk.net;
|
ssl_certificate_key {{ updates_tls_key }};
|
||||||
|
|
||||||
ssl_certificate {{ updates_ssl_certificate }};
|
|
||||||
ssl_certificate_key {{ updates_ssl_certificate_key }};
|
|
||||||
|
|
||||||
root {{ updates_root }};
|
root {{ updates_root }};
|
||||||
include /etc/nginx/include/listing.conf;
|
include snippets/autoindex.conf;
|
||||||
|
include snippets/header-hsts.conf;
|
||||||
location / {
|
|
||||||
include /etc/nginx/include/headers_hsts.conf;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
# Kein HTTPS Redirect wg. Paketinstallation auf Routern
|
# Kein HTTPS Redirect wg. Paketinstallation auf Routern
|
||||||
server {
|
server {
|
||||||
|
server_name updates.hamburg.freifunk.net;
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
|
||||||
server_name updates.hamburg.freifunk.net;
|
|
||||||
|
|
||||||
root {{ updates_root }};
|
root {{ updates_root }};
|
||||||
include /etc/nginx/include/listing.conf;
|
include snippets/autoindex.conf;
|
||||||
{% if updates_letsencrypt_local %}
|
|
||||||
|
|
||||||
include /etc/nginx/include/letsencrypt.conf;
|
{% if updates_letsencrypt == 'local' %}
|
||||||
{% endif %}
|
include snippets/location-acme.conf;
|
||||||
{% if updates_letsencrypt_srv01 %}
|
{% elif updates_letsencrypt == 'srv01' %}
|
||||||
|
include snippets/location-acme-srv01.conf;
|
||||||
include /etc/nginx/include/letsencrypt_srv01.conf;
|
|
||||||
{% endif %}
|
|
||||||
{% if updates_letsencrypt_srv02 %}
|
|
||||||
|
|
||||||
include /etc/nginx/include/letsencrypt_srv02.conf;
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
|
server_name *.updates.services.ffhh;
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
|
||||||
server_name *.updates.services.ffhh;
|
|
||||||
|
|
||||||
root {{ updates_root }};
|
root {{ updates_root }};
|
||||||
include /etc/nginx/include/listing.conf;
|
include snippets/autoindex.conf;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue