Update updates role for srv01
This commit is contained in:
Alexander Dietrich
parent
bba9cb6c17
commit
888ebb634f
2
host_vars/srv01
Normal file
2
host_vars/srv01
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
nginx_resolver: 192.76.134.90 212.12.50.158
|
||||
updates_letsencrypt_local: true
|
||||
|
|
@ -1,4 +1,6 @@
|
|||
letsencrypt_srv02: true
|
||||
nginx_resolver: 80.252.105.162 80.252.105.194
|
||||
updates_letsencrypt_srv02: true
|
||||
updates_owner: www-data
|
||||
updates_root: /var/www/updates
|
||||
updates_ssl_certificate: /etc/ssl/certsync/updates.hamburg.freifunk.net.crt
|
||||
updates_ssl_certificate_key: /etc/ssl/certsync/updates.hamburg.freifunk.net.key
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
letsencrypt_webroot: /var/www/mail
|
||||
letsrenew_email: alexander@hamburg.freifunk.net
|
||||
letsrenew_webroot: /var/www/mail
|
||||
nginx_resolver: 80.252.105.162 80.252.105.194
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
letsencrypt_webroot: /var/www/letsencrypt
|
||||
letsrenew_email: ""
|
||||
letsrenew_webroot: /var/www/letsencrypt
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@
|
|||
|
||||
- name: create webroot path
|
||||
file:
|
||||
path: "{{ letsrenew_webroot }}"
|
||||
path: "{{ letsencrypt_webroot }}"
|
||||
state: directory
|
||||
|
||||
- name: create /etc/letsencrypt
|
||||
|
|
|
|||
|
|
@ -24,4 +24,4 @@ email = backend@hamburg.freifunk.net
|
|||
# Uncomment to use the webroot authenticator. Replace webroot-path with the
|
||||
# path to the public_html / webroot folder being served by your web server.
|
||||
authenticator = webroot
|
||||
webroot-path = {{ letsrenew_webroot }}
|
||||
webroot-path = {{ letsencrypt_webroot }}
|
||||
|
|
|
|||
|
|
@ -1 +1,2 @@
|
|||
letsencrypt_webroot: /var/www/letsencrypt
|
||||
nginx_resolver: 127.0.0.1 [::1]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,5 @@
|
|||
location ^~ /.well-known/acme-challenge {
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_pass http://srv01.hamburg.freifunk.net$request_uri;
|
||||
}
|
||||
|
|
@ -22,6 +22,11 @@
|
|||
notify: restart nginx
|
||||
tags: nginx
|
||||
|
||||
- name: template letsencrypt.conf
|
||||
template:
|
||||
src: letsencrypt.conf.j2
|
||||
dest: /etc/nginx/include/letsencrypt.conf
|
||||
|
||||
- name: template nginx.conf
|
||||
template:
|
||||
src: templates/nginx.conf.j2
|
||||
|
|
|
|||
4
roles/nginx/templates/letsencrypt.conf.j2
Normal file
4
roles/nginx/templates/letsencrypt.conf.j2
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
location ^~ /.well-known/acme-challenge {
|
||||
root {{ letsencrypt_webroot }};
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
|
@ -1,5 +1,7 @@
|
|||
---
|
||||
letsencrypt_srv02: false
|
||||
site: updates
|
||||
updates_ssl_certificate: /etc/letsencrypt/live/updates.hamburg.freifunk.net/fullchain.pem
|
||||
updates_ssl_certificate_key: /etc/letsencrypt/live/updates.hamburg.freifunk.net/privkey.pem
|
||||
updates_letsencrypt_local: false
|
||||
updates_letsencrypt_srv01: false
|
||||
updates_letsencrypt_srv02: false
|
||||
updates_owner: ffupdates
|
||||
updates_root: /home/ffupdates/updates
|
||||
|
|
|
|||
|
|
@ -1,4 +1,15 @@
|
|||
---
|
||||
- name: create ffupdates user
|
||||
user:
|
||||
name: ffupdates
|
||||
|
||||
- name: create updates root
|
||||
file:
|
||||
path: "{{ updates_root }}"
|
||||
owner: "{{ updates_owner }}"
|
||||
group: "{{ updates_owner }}"
|
||||
state: directory
|
||||
|
||||
- name: template site
|
||||
template:
|
||||
src: templates/site.j2
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
include /etc/nginx/include/node_hierarchy.conf;
|
||||
|
||||
{% if updates_ssl_certificate is defined %}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
|
|
@ -9,7 +10,7 @@ server {
|
|||
ssl_certificate {{ updates_ssl_certificate }};
|
||||
ssl_certificate_key {{ updates_ssl_certificate_key }};
|
||||
|
||||
root /var/www/updates;
|
||||
root {{ updates_root }};
|
||||
|
||||
if ($ffhh-sued) {
|
||||
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
||||
|
|
@ -27,6 +28,7 @@ server {
|
|||
}
|
||||
}
|
||||
|
||||
{% endif %}
|
||||
# Kein HTTPS Redirect wg. Paketinstallation auf Routern
|
||||
server {
|
||||
listen 80;
|
||||
|
|
@ -34,7 +36,7 @@ server {
|
|||
|
||||
server_name updates.hamburg.freifunk.net;
|
||||
|
||||
root /var/www/updates;
|
||||
root {{ updates_root }};
|
||||
|
||||
if ($ffhh-sued) {
|
||||
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
||||
|
|
@ -43,7 +45,15 @@ server {
|
|||
location / {
|
||||
include /etc/nginx/include/listing.conf;
|
||||
}
|
||||
{% if letsencrypt_srv02 %}
|
||||
{% if updates_letsencrypt_local %}
|
||||
|
||||
include /etc/nginx/include/letsencrypt.conf;
|
||||
{% endif %}
|
||||
{% if updates_letsencrypt_srv01 %}
|
||||
|
||||
include /etc/nginx/include/letsencrypt_srv01.conf;
|
||||
{% endif %}
|
||||
{% if updates_letsencrypt_srv02 %}
|
||||
|
||||
include /etc/nginx/include/letsencrypt_srv02.conf;
|
||||
{% endif %}
|
||||
|
|
@ -53,9 +63,9 @@ server {
|
|||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name 1.updates.services.ffhh;
|
||||
server_name *.updates.services.ffhh;
|
||||
|
||||
root /var/www/updates;
|
||||
root {{ updates_root }};
|
||||
|
||||
if ($ffhh-sued) {
|
||||
rewrite ^/(beta|experimental|stable)/(.*)$ /ffhh-sued/$1/$2;
|
||||
|
|
|
|||
Loading…
Reference in a new issue