Forward Let's Encrypt challenges for updates from srv03 to srv02

host_vars/srv03

@@ -1,3 +1,4 @@
+letsencrypt_srv02: true
+nginx_resolver: 80.252.105.162 80.252.105.194
 updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
 updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key
-nginx_resolver: 80.252.105.162 80.252.105.194

requirements.yml

@@ -1,4 +1,4 @@
 ---
 - src: https://github.com/7adietri/ansible-basics.git
-  version: v1.1.0
+  version: v1.1.1
   name: basics

roles/nginx/files/etc/nginx/include/letsencrypt_srv02.conf

@@ -0,0 +1,5 @@
+location ^~ /.well-known/acme-challenge {
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_pass http://srv02.hamburg.freifunk.net$request_uri;
+}

roles/website/updates/defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+letsencrypt_srv02: false
 site: updates
-ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
+updates_ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
-ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
+updates_ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem

roles/website/updates/templates/site.j2

@@ -27,6 +27,10 @@ server {
     location / {
         include /etc/nginx/include/listing.conf;
     }
+{% if letsencrypt_srv02 %}
+
+    include /etc/nginx/include/letsencrypt_srv02.conf;
+{% endif %}
 }
 
 server {