Update updates role for srv01
This commit is contained in:
parent
bba9cb6c17
commit
888ebb634f
2
host_vars/srv01
Normal file
2
host_vars/srv01
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
nginx_resolver: 192.76.134.90 212.12.50.158
|
||||||
|
updates_letsencrypt_local: true
|
|
@ -1,4 +1,6 @@
|
||||||
letsencrypt_srv02: true
|
|
||||||
nginx_resolver: 80.252.105.162 80.252.105.194
|
nginx_resolver: 80.252.105.162 80.252.105.194
|
||||||
|
updates_letsencrypt_srv02: true
|
||||||
|
updates_owner: www-data
|
||||||
|
updates_root: /var/www/updates
|
||||||
updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
|
updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
|
||||||
updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key
|
updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
|
letsencrypt_webroot: /var/www/mail
|
||||||
letsrenew_email: alexander@hamburg.freifunk.net
|
letsrenew_email: alexander@hamburg.freifunk.net
|
||||||
letsrenew_webroot: /var/www/mail
|
|
||||||
nginx_resolver: 80.252.105.162 80.252.105.194
|
nginx_resolver: 80.252.105.162 80.252.105.194
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
---
|
---
|
||||||
|
letsencrypt_webroot: /var/www/letsencrypt
|
||||||
letsrenew_email: ""
|
letsrenew_email: ""
|
||||||
letsrenew_webroot: /var/www/letsencrypt
|
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
|
|
||||||
- name: create webroot path
|
- name: create webroot path
|
||||||
file:
|
file:
|
||||||
path: "{{ letsrenew_webroot }}"
|
path: "{{ letsencrypt_webroot }}"
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
- name: create /etc/letsencrypt
|
- name: create /etc/letsencrypt
|
||||||
|
|
|
@ -24,4 +24,4 @@ email = backend@hamburg.freifunk.net
|
||||||
# Uncomment to use the webroot authenticator. Replace webroot-path with the
|
# Uncomment to use the webroot authenticator. Replace webroot-path with the
|
||||||
# path to the public_html / webroot folder being served by your web server.
|
# path to the public_html / webroot folder being served by your web server.
|
||||||
authenticator = webroot
|
authenticator = webroot
|
||||||
webroot-path = {{ letsrenew_webroot }}
|
webroot-path = {{ letsencrypt_webroot }}
|
||||||
|
|
|
@ -1 +1,2 @@
|
||||||
|
letsencrypt_webroot: /var/www/letsencrypt
|
||||||
nginx_resolver: 127.0.0.1 [::1]
|
nginx_resolver: 127.0.0.1 [::1]
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
location ^~ /.well-known/acme-challenge {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_pass http://srv01.hamburg.freifunk.net$request_uri;
|
||||||
|
}
|
|
@ -22,6 +22,11 @@
|
||||||
notify: restart nginx
|
notify: restart nginx
|
||||||
tags: nginx
|
tags: nginx
|
||||||
|
|
||||||
|
- name: template letsencrypt.conf
|
||||||
|
template:
|
||||||
|
src: letsencrypt.conf.j2
|
||||||
|
dest: /etc/nginx/include/letsencrypt.conf
|
||||||
|
|
||||||
- name: template nginx.conf
|
- name: template nginx.conf
|
||||||
template:
|
template:
|
||||||
src: templates/nginx.conf.j2
|
src: templates/nginx.conf.j2
|
||||||
|
|
4
roles/nginx/templates/letsencrypt.conf.j2
Normal file
4
roles/nginx/templates/letsencrypt.conf.j2
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
location ^~ /.well-known/acme-challenge {
|
||||||
|
root {{ letsencrypt_webroot }};
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
|
@ -1,5 +1,7 @@
|
||||||
---
|
---
|
||||||
letsencrypt_srv02: false
|
|
||||||
site: updates
|
site: updates
|
||||||
updates_ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
|
updates_letsencrypt_local: false
|
||||||
updates_ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
|
updates_letsencrypt_srv01: false
|
||||||
|
updates_letsencrypt_srv02: false
|
||||||
|
updates_owner: ffupdates
|
||||||
|
updates_root: /home/ffupdates/updates
|
||||||
|
|
|
@ -1,4 +1,15 @@
|
||||||
---
|
---
|
||||||
|
- name: create ffupdates user
|
||||||
|
user:
|
||||||
|
name: ffupdates
|
||||||
|
|
||||||
|
- name: create updates root
|
||||||
|
file:
|
||||||
|
path: "{{ updates_root }}"
|
||||||
|
owner: "{{ updates_owner }}"
|
||||||
|
group: "{{ updates_owner }}"
|
||||||
|
state: directory
|
||||||
|
|
||||||
- name: template site
|
- name: template site
|
||||||
template:
|
template:
|
||||||
src: templates/site.j2
|
src: templates/site.j2
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
include /etc/nginx/include/node_hierarchy.conf;
|
include /etc/nginx/include/node_hierarchy.conf;
|
||||||
|
|
||||||
|
{% if updates_ssl_certificate is defined %}
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
|
@ -9,7 +10,7 @@ server {
|
||||||
ssl_certificate {{ updates_ssl_certificate }};
|
ssl_certificate {{ updates_ssl_certificate }};
|
||||||
ssl_certificate_key {{ updates_ssl_certificate_key }};
|
ssl_certificate_key {{ updates_ssl_certificate_key }};
|
||||||
|
|
||||||
root /var/www/updates;
|
root {{ updates_root }};
|
||||||
|
|
||||||
if ($ffhh-sued) {
|
if ($ffhh-sued) {
|
||||||
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
||||||
|
@ -27,6 +28,7 @@ server {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{% endif %}
|
||||||
# Kein HTTPS Redirect wg. Paketinstallation auf Routern
|
# Kein HTTPS Redirect wg. Paketinstallation auf Routern
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
@ -34,7 +36,7 @@ server {
|
||||||
|
|
||||||
server_name updates.hamburg.freifunk.net;
|
server_name updates.hamburg.freifunk.net;
|
||||||
|
|
||||||
root /var/www/updates;
|
root {{ updates_root }};
|
||||||
|
|
||||||
if ($ffhh-sued) {
|
if ($ffhh-sued) {
|
||||||
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
||||||
|
@ -43,7 +45,15 @@ server {
|
||||||
location / {
|
location / {
|
||||||
include /etc/nginx/include/listing.conf;
|
include /etc/nginx/include/listing.conf;
|
||||||
}
|
}
|
||||||
{% if letsencrypt_srv02 %}
|
{% if updates_letsencrypt_local %}
|
||||||
|
|
||||||
|
include /etc/nginx/include/letsencrypt.conf;
|
||||||
|
{% endif %}
|
||||||
|
{% if updates_letsencrypt_srv01 %}
|
||||||
|
|
||||||
|
include /etc/nginx/include/letsencrypt_srv01.conf;
|
||||||
|
{% endif %}
|
||||||
|
{% if updates_letsencrypt_srv02 %}
|
||||||
|
|
||||||
include /etc/nginx/include/letsencrypt_srv02.conf;
|
include /etc/nginx/include/letsencrypt_srv02.conf;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
@ -53,9 +63,9 @@ server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
|
||||||
server_name 1.updates.services.ffhh;
|
server_name *.updates.services.ffhh;
|
||||||
|
|
||||||
root /var/www/updates;
|
root {{ updates_root }};
|
||||||
|
|
||||||
if ($ffhh-sued) {
|
if ($ffhh-sued) {
|
||||||
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
||||||
|
|
Loading…
Reference in a new issue