Update website/updates role

This commit is contained in:
Alexander Dietrich 2018-11-07 21:35:44 +01:00
parent 9e576edab6
commit 4b39d2a02c
7 changed files with 31 additions and 39 deletions

View file

@ -5,6 +5,11 @@
- ffhh-basics - ffhh-basics
tags: basics tags: basics
- hosts: certbot
roles:
- certbot
tags: certbot
- hosts: certsync - hosts: certsync
roles: roles:
- certsync - certsync

View file

@ -5,6 +5,5 @@ basics_ssh_match_blocks:
- ChrootDirectory /home/certsync/root - ChrootDirectory /home/certsync/root
- ForceCommand internal-sftp - ForceCommand internal-sftp
nginx_resolver: 192.76.134.90 212.12.50.158 nginx_resolver: 192.76.134.90 212.12.50.158
updates_letsencrypt_local: true updates_tls_crt: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
updates_ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem updates_tls_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
updates_ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem

View file

@ -1,8 +1,8 @@
certsync_host: srv01.hamburg.freifunk.net certsync_host: srv01.hamburg.freifunk.net
nginx_resolver: 80.252.105.162 80.252.105.194 nginx_resolver: 80.252.105.162 80.252.105.194
updates_letsencrypt_srv01: true
updates_owner: ffupdates
updates_group: www-data updates_group: www-data
updates_letsencrypt: srv01
updates_owner: ffupdates
updates_root: /var/www/updates updates_root: /var/www/updates
updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt updates_tls_crt: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key updates_tls_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key

View file

@ -4,6 +4,9 @@ srv02 ansible_host=srv02.hamburg.freifunk.net
srv03 ansible_host=srv03.hamburg.freifunk.net srv03 ansible_host=srv03.hamburg.freifunk.net
srv04 ansible_host=srv04.hamburg.freifunk.net srv04 ansible_host=srv04.hamburg.freifunk.net
[certbot]
srv01
[certsync] [certsync]
srv03 srv03

View file

@ -1,8 +1,6 @@
--- ---
site: updates site: updates
updates_letsencrypt_local: false
updates_letsencrypt_srv01: false
updates_letsencrypt_srv02: false
updates_owner: ffupdates
updates_group: ffupdates updates_group: ffupdates
updates_letsencrypt: local
updates_owner: ffupdates
updates_root: /home/ffupdates/updates updates_root: /home/ffupdates/updates

View file

@ -18,7 +18,7 @@
- name: enable site - name: enable site
file: file:
src: /etc/nginx/sites-available/{{ site }} src: ../sites-available/{{ site }}
dest: /etc/nginx/sites-enabled/{{ site }} dest: /etc/nginx/sites-enabled/{{ site }}
state: link state: link
notify: reload nginx notify: reload nginx

View file

@ -1,51 +1,38 @@
{% if updates_ssl_certificate is defined %} {% if updates_tls_crt is defined %}
server { server {
server_name updates.hamburg.freifunk.net;
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
ssl_certificate {{ updates_tls_crt }};
server_name updates.hamburg.freifunk.net; ssl_certificate_key {{ updates_tls_key }};
ssl_certificate {{ updates_ssl_certificate }};
ssl_certificate_key {{ updates_ssl_certificate_key }};
root {{ updates_root }}; root {{ updates_root }};
include /etc/nginx/include/listing.conf; include snippets/autoindex.conf;
include snippets/header-hsts.conf;
location / {
include /etc/nginx/include/headers_hsts.conf;
}
} }
{% endif %} {% endif %}
# Kein HTTPS Redirect wg. Paketinstallation auf Routern # Kein HTTPS Redirect wg. Paketinstallation auf Routern
server { server {
server_name updates.hamburg.freifunk.net;
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name updates.hamburg.freifunk.net;
root {{ updates_root }}; root {{ updates_root }};
include /etc/nginx/include/listing.conf; include snippets/autoindex.conf;
{% if updates_letsencrypt_local %}
include /etc/nginx/include/letsencrypt.conf; {% if updates_letsencrypt == 'local' %}
{% endif %} include snippets/location-acme.conf;
{% if updates_letsencrypt_srv01 %} {% elif updates_letsencrypt == 'srv01' %}
include snippets/location-acme-srv01.conf;
include /etc/nginx/include/letsencrypt_srv01.conf;
{% endif %}
{% if updates_letsencrypt_srv02 %}
include /etc/nginx/include/letsencrypt_srv02.conf;
{% endif %} {% endif %}
} }
server { server {
server_name *.updates.services.ffhh;
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name *.updates.services.ffhh;
root {{ updates_root }}; root {{ updates_root }};
include /etc/nginx/include/listing.conf; include snippets/autoindex.conf;
} }