Update updates role for srv01

This commit is contained in:
Alexander Dietrich 2017-10-03 17:30:06 +02:00
parent bba9cb6c17
commit 888ebb634f
13 changed files with 55 additions and 13 deletions

2
host_vars/srv01 Normal file
View file

@ -0,0 +1,2 @@
nginx_resolver: 192.76.134.90 212.12.50.158
updates_letsencrypt_local: true

View file

@ -1,4 +1,6 @@
letsencrypt_srv02: true
nginx_resolver: 80.252.105.162 80.252.105.194 nginx_resolver: 80.252.105.162 80.252.105.194
updates_letsencrypt_srv02: true
updates_owner: www-data
updates_root: /var/www/updates
updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key

View file

@ -1,3 +1,3 @@
letsencrypt_webroot: /var/www/mail
letsrenew_email: alexander@hamburg.freifunk.net letsrenew_email: alexander@hamburg.freifunk.net
letsrenew_webroot: /var/www/mail
nginx_resolver: 80.252.105.162 80.252.105.194 nginx_resolver: 80.252.105.162 80.252.105.194

View file

@ -1,3 +1,3 @@
--- ---
letsencrypt_webroot: /var/www/letsencrypt
letsrenew_email: "" letsrenew_email: ""
letsrenew_webroot: /var/www/letsencrypt

View file

@ -13,7 +13,7 @@
- name: create webroot path - name: create webroot path
file: file:
path: "{{ letsrenew_webroot }}" path: "{{ letsencrypt_webroot }}"
state: directory state: directory
- name: create /etc/letsencrypt - name: create /etc/letsencrypt

View file

@ -24,4 +24,4 @@ email = backend@hamburg.freifunk.net
# Uncomment to use the webroot authenticator. Replace webroot-path with the # Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server. # path to the public_html / webroot folder being served by your web server.
authenticator = webroot authenticator = webroot
webroot-path = {{ letsrenew_webroot }} webroot-path = {{ letsencrypt_webroot }}

View file

@ -1 +1,2 @@
letsencrypt_webroot: /var/www/letsencrypt
nginx_resolver: 127.0.0.1 [::1] nginx_resolver: 127.0.0.1 [::1]

View file

@ -0,0 +1,5 @@
location ^~ /.well-known/acme-challenge {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://srv01.hamburg.freifunk.net$request_uri;
}

View file

@ -22,6 +22,11 @@
notify: restart nginx notify: restart nginx
tags: nginx tags: nginx
- name: template letsencrypt.conf
template:
src: letsencrypt.conf.j2
dest: /etc/nginx/include/letsencrypt.conf
- name: template nginx.conf - name: template nginx.conf
template: template:
src: templates/nginx.conf.j2 src: templates/nginx.conf.j2

View file

@ -0,0 +1,4 @@
location ^~ /.well-known/acme-challenge {
root {{ letsencrypt_webroot }};
try_files $uri $uri/ =404;
}

View file

@ -1,5 +1,7 @@
--- ---
letsencrypt_srv02: false
site: updates site: updates
updates_ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem updates_letsencrypt_local: false
updates_ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem updates_letsencrypt_srv01: false
updates_letsencrypt_srv02: false
updates_owner: ffupdates
updates_root: /home/ffupdates/updates

View file

@ -1,4 +1,15 @@
--- ---
- name: create ffupdates user
user:
name: ffupdates
- name: create updates root
file:
path: "{{ updates_root }}"
owner: "{{ updates_owner }}"
group: "{{ updates_owner }}"
state: directory
- name: template site - name: template site
template: template:
src: templates/site.j2 src: templates/site.j2

View file

@ -1,5 +1,6 @@
include /etc/nginx/include/node_hierarchy.conf; include /etc/nginx/include/node_hierarchy.conf;
{% if updates_ssl_certificate is defined %}
server { server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;
@ -9,7 +10,7 @@ server {
ssl_certificate {{ updates_ssl_certificate }}; ssl_certificate {{ updates_ssl_certificate }};
ssl_certificate_key {{ updates_ssl_certificate_key }}; ssl_certificate_key {{ updates_ssl_certificate_key }};
root /var/www/updates; root {{ updates_root }};
if ($ffhh-sued) { if ($ffhh-sued) {
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2; rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
@ -27,6 +28,7 @@ server {
} }
} }
{% endif %}
# Kein HTTPS Redirect wg. Paketinstallation auf Routern # Kein HTTPS Redirect wg. Paketinstallation auf Routern
server { server {
listen 80; listen 80;
@ -34,7 +36,7 @@ server {
server_name updates.hamburg.freifunk.net; server_name updates.hamburg.freifunk.net;
root /var/www/updates; root {{ updates_root }};
if ($ffhh-sued) { if ($ffhh-sued) {
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2; rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
@ -43,7 +45,15 @@ server {
location / { location / {
include /etc/nginx/include/listing.conf; include /etc/nginx/include/listing.conf;
} }
{% if letsencrypt_srv02 %} {% if updates_letsencrypt_local %}
include /etc/nginx/include/letsencrypt.conf;
{% endif %}
{% if updates_letsencrypt_srv01 %}
include /etc/nginx/include/letsencrypt_srv01.conf;
{% endif %}
{% if updates_letsencrypt_srv02 %}
include /etc/nginx/include/letsencrypt_srv02.conf; include /etc/nginx/include/letsencrypt_srv02.conf;
{% endif %} {% endif %}
@ -53,9 +63,9 @@ server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name 1.updates.services.ffhh; server_name *.updates.services.ffhh;
root /var/www/updates; root {{ updates_root }};
if ($ffhh-sued) { if ($ffhh-sued) {
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2; rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;