From 81ccb6e583fff5cc71075164c0365b927980d8d7 Mon Sep 17 00:00:00 2001
From: Alexander Dietrich <alexander@dietrich.cx>
Date: Fri, 7 Apr 2017 20:54:58 +0200
Subject: [PATCH] Forward Let's Encrypt challenges for updates from srv03 to
 srv02

---
 host_vars/srv03                                            | 3 ++-
 requirements.yml                                           | 2 +-
 roles/nginx/files/etc/nginx/include/letsencrypt_srv02.conf | 5 +++++
 roles/website/updates/defaults/main.yml                    | 5 +++--
 roles/website/updates/templates/site.j2                    | 4 ++++
 5 files changed, 15 insertions(+), 4 deletions(-)
 create mode 100644 roles/nginx/files/etc/nginx/include/letsencrypt_srv02.conf

diff --git a/host_vars/srv03 b/host_vars/srv03
index 89ff6b4..44a1e5f 100644
--- a/host_vars/srv03
+++ b/host_vars/srv03
@@ -1,3 +1,4 @@
+letsencrypt_srv02: true
+nginx_resolver: 80.252.105.162 80.252.105.194
 updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
 updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key
-nginx_resolver: 80.252.105.162 80.252.105.194
diff --git a/requirements.yml b/requirements.yml
index 82937fe..8d02557 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,4 +1,4 @@
 ---
 - src: https://github.com/7adietri/ansible-basics.git
-  version: v1.1.0
+  version: v1.1.1
   name: basics
diff --git a/roles/nginx/files/etc/nginx/include/letsencrypt_srv02.conf b/roles/nginx/files/etc/nginx/include/letsencrypt_srv02.conf
new file mode 100644
index 0000000..abb27a7
--- /dev/null
+++ b/roles/nginx/files/etc/nginx/include/letsencrypt_srv02.conf
@@ -0,0 +1,5 @@
+location ^~ /.well-known/acme-challenge {
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_pass http://srv02.hamburg.freifunk.net$request_uri;
+}
diff --git a/roles/website/updates/defaults/main.yml b/roles/website/updates/defaults/main.yml
index bbafb82..718a0cf 100644
--- a/roles/website/updates/defaults/main.yml
+++ b/roles/website/updates/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+letsencrypt_srv02: false
 site: updates
-ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
-ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
+updates_ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
+updates_ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
diff --git a/roles/website/updates/templates/site.j2 b/roles/website/updates/templates/site.j2
index 2faf870..18c0c44 100644
--- a/roles/website/updates/templates/site.j2
+++ b/roles/website/updates/templates/site.j2
@@ -27,6 +27,10 @@ server {
     location / {
         include /etc/nginx/include/listing.conf;
     }
+{% if letsencrypt_srv02 %}
+
+    include /etc/nginx/include/letsencrypt_srv02.conf;
+{% endif %}
 }
 
 server {