diff --git a/roles/website/updates/defaults/main.yml b/roles/website/updates/defaults/main.yml index 126704f..13a9947 100644 --- a/roles/website/updates/defaults/main.yml +++ b/roles/website/updates/defaults/main.yml @@ -1,5 +1,4 @@ --- -site: updates updates_group: ffupdates updates_letsencrypt: local updates_owner: ffupdates diff --git a/roles/website/updates/tasks/main.yml b/roles/website/updates/tasks/main.yml index f63afea..5b2c79b 100644 --- a/roles/website/updates/tasks/main.yml +++ b/roles/website/updates/tasks/main.yml @@ -12,13 +12,13 @@ - name: template site template: - src: templates/site.j2 - dest: /etc/nginx/sites-available/{{ site }} + src: updates + dest: /etc/nginx/sites-available/ notify: reload nginx - name: enable site file: - src: ../sites-available/{{ site }} - dest: /etc/nginx/sites-enabled/{{ site }} + src: /etc/nginx/sites-available/updates + dest: /etc/nginx/sites-enabled/updates state: link notify: reload nginx diff --git a/roles/website/updates/templates/site.j2 b/roles/website/updates/templates/updates similarity index 73% rename from roles/website/updates/templates/site.j2 rename to roles/website/updates/templates/updates index fde2105..57c7d03 100644 --- a/roles/website/updates/templates/site.j2 +++ b/roles/website/updates/templates/updates @@ -11,6 +11,7 @@ server { include snippets/no-unsafe-files.conf; root {{ updates_root }}; + location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. @@ -23,7 +24,7 @@ server { {% endif %} # Kein HTTPS Redirect wg. Paketinstallation auf Routern server { - server_name updates.hamburg.freifunk.net; + server_name updates.hamburg.freifunk.net updates-a.hamburg.freifunk.net updates-b.hamburg.freifunk.net; listen 80; listen [::]:80; @@ -34,20 +35,11 @@ server { root {{ updates_root }}; {% if updates_letsencrypt == 'local' %} - include snippets/location-acme.conf; + location ^~ /.well-known/acme-challenge { + root /var/www/_acme-challenge; + access_log off; + } {% elif updates_letsencrypt == 'srv01' %} include snippets/location-acme-srv01.conf; {% endif %} } - -server { - server_name updates-a.hamburg.freifunk.net updates-b.hamburg.freifunk.net; - listen 80; - listen [::]:80; - - include snippets/autoindex.conf; - include snippets/header-security.conf; - include snippets/no-unsafe-files.conf; - - root {{ updates_root }}; -}