mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-20 11:54:39 +02:00
Create SSL certificates automatically for nginx configs
Signed-off-by: Florian Pritz <bluewind@xinu.at>
This commit is contained in:
parent
315d1cfc5d
commit
8614708627
@ -18,10 +18,8 @@
|
||||
- name: set up sudoers.d for special users
|
||||
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
|
||||
|
||||
- stat: path="/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem"
|
||||
register: certfile
|
||||
tags:
|
||||
- nginx
|
||||
- name: create ssl cert
|
||||
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ repos_domain }}' create='/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem'
|
||||
|
||||
- name: set up nginx
|
||||
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=0644
|
||||
|
@ -51,11 +51,9 @@ server {
|
||||
server_name {{ repos_domain }} {{repos_rsync_domain}};
|
||||
root /srv/ftp;
|
||||
|
||||
{% if certfile.stat.exists %}
|
||||
ssl_certificate /etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ repos_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ repos_domain }}/chain.pem;
|
||||
{% endif %}
|
||||
|
||||
satisfy any;
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
|
||||
- stat: path="/etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem"
|
||||
register: certfile
|
||||
- name: create ssl cert
|
||||
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ matrix_domain }}' create='/etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem'
|
||||
when: 'matrix_domain != ""'
|
||||
|
||||
- name: install packages
|
||||
|
@ -25,11 +25,9 @@ server {
|
||||
access_log /var/log/nginx/{{ matrix_domain }}/access.log;
|
||||
error_log /var/log/nginx/{{ matrix_domain }}/error.log;
|
||||
|
||||
{% if certfile.stat.exists %}
|
||||
ssl_certificate /etc/letsencrypt/live/{{ matrix_domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ matrix_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ matrix_domain }}/chain.pem;
|
||||
{% endif %}
|
||||
|
||||
location /_matrix {
|
||||
proxy_pass http://matrix;
|
||||
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
|
||||
- stat: path="/etc/letsencrypt/live/{{ public_domain }}/fullchain.pem"
|
||||
register: certfile
|
||||
- name: create ssl cert
|
||||
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ public_domain }}' create='/etc/letsencrypt/live/{{ public_domain }}/fullchain.pem'
|
||||
|
||||
- name: copy webroot files
|
||||
copy: src=public_html dest=/srv owner=root group=root mode=0644 directory_mode=0755
|
||||
|
@ -25,11 +25,9 @@ server {
|
||||
access_log /var/log/nginx/{{ public_domain }}/access.log;
|
||||
error_log /var/log/nginx/{{ public_domain }}/error.log;
|
||||
|
||||
{% if certfile.stat.exists %}
|
||||
ssl_certificate /etc/letsencrypt/live/{{ public_domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ public_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ public_domain }}/chain.pem;
|
||||
{% endif %}
|
||||
|
||||
location ~ ^/~([A-Za-z0-9]+)(/.*)? {
|
||||
alias /home/$1/public_html$2;
|
||||
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
|
||||
- stat: path="/etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem"
|
||||
register: certfile
|
||||
- name: create ssl cert
|
||||
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{letsencrypt_validation_dir}} -d '{{ mirror_domain }}' create='/etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem'
|
||||
when: 'mirror_domain != ""'
|
||||
|
||||
- name: install rsync
|
||||
|
@ -21,11 +21,9 @@ server {
|
||||
access_log /var/log/nginx/{{ mirror_domain }}/access.log;
|
||||
error_log /var/log/nginx/{{ mirror_domain }}/error.log;
|
||||
|
||||
{% if certfile.stat.exists %}
|
||||
ssl_certificate /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;
|
||||
{% endif %}
|
||||
|
||||
autoindex on;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user