diff --git a/group_vars/server/web b/group_vars/server/web index 81ed81f..cef7b56 100644 --- a/group_vars/server/web +++ b/group_vars/server/web @@ -1,5 +1,5 @@ nginx_ssl_cert_name: "{{ domain.name }}" -ansible_copySSLCertificate_DomainName: "{{ domain.name }}" +ansible_rsync_certs_DomainName: "{{ domain.name }}" certbot_auto_renew_user: root certbot_create_if_missing: true certbot_cert_name: "{{domain.name}}" @@ -59,7 +59,7 @@ nginx_vhosts: location / { rewrite ^/.well-known/carddav /radicale/$remote_user/carddav/ redirect; rewrite ^/.well-known/caldav /radicale/$remote_user/caldav/ redirect; - + index index.php index.html index.htm ; default_type text/html; @@ -67,8 +67,8 @@ nginx_vhosts: location =/ { rewrite ^ /welcome; } - location /radicale/ - { + location /radicale/ + { # The trailing / is important! proxy_pass http://localhost:5232/; # The / is important! proxy_set_header X-Script-Name /radicale; @@ -105,7 +105,7 @@ nginx_vhosts: add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; proxy_pass http://localhost:3000; } - + - listen: "443 ssl" server_name: "syno.{{domain.name}}" filename: "syno.conf" @@ -123,7 +123,7 @@ nginx_vhosts: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; proxy_pass http://192.168.1.10:5000; - } + } - listen: "443 ssl" server_name: "supysonic.{{domain.name}}" filename: "supysonic.conf" @@ -133,7 +133,7 @@ nginx_vhosts: error_log: /var/log/nginx/supysonic.error.log extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; - location / { + location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; @@ -165,24 +165,24 @@ nginx_vhosts: log_not_found off; access_log off; } - + # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; - + location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } - + # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; - + # Enable gzip but do not remove ETag headers gzip on; gzip_vary on; @@ -190,22 +190,22 @@ nginx_vhosts: gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; - + # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; - + location / { rewrite ^ /index.php$request_uri; } - + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } - + location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; include fastcgi_params; @@ -219,12 +219,12 @@ nginx_vhosts: fastcgi_intercept_errors on; fastcgi_request_buffering off; } - + location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } - + # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~ \.(?:css|js|woff|svg|gif)$ { @@ -249,7 +249,7 @@ nginx_vhosts: # Optional: Don't log access to assets access_log off; } - + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$request_uri; # Optional: Don't log access to other assets @@ -264,7 +264,7 @@ nginx_vhosts: error_log: /var/log/nginx/hass.error.log extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; - location / { + location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; @@ -289,7 +289,7 @@ nginx_vhosts: error_log: /var/log/nginx/chisel.error.log extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; - location / { + location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; @@ -310,7 +310,7 @@ nginx_vhosts: error_log: /var/log/nginx/vault.error.log extra_parameters: | client_max_body_size 128M; - + location / { proxy_pass http://localhost:8081; proxy_set_header Host $host; @@ -318,13 +318,13 @@ nginx_vhosts: proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } - + location /notifications/hub { proxy_pass http://localhost:3012; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } - + location /notifications/hub/negotiate { proxy_pass http://localhost:8081; } @@ -338,7 +338,7 @@ nginx_vhosts: error_log: /var/log/nginx/drone.error.log extra_parameters: | include /etc/nginx/conf.d/{{domain.name}}.ssl; - location / { + location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host:$server_port; diff --git a/roles/requirements.yml b/roles/requirements.yml index f3ea9fa..c91c106 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -87,5 +87,5 @@ scm: git - src: gitea@git.ducamps.win:ansible-roles/workstation.git scm: git -- src: gitea@git.ducamps.win:ansible-roles/ansible-copySSLCertificate.git +- src: gitea@git.ducamps.win:ansible-roles/ansible-rsync-certs.git scm: git