integredete certbot and reverse proxy config

This commit is contained in:
vincent 2019-09-15 19:30:01 +02:00
parent 0150d7431f
commit d3a349157e
2 changed files with 56 additions and 3 deletions

View File

@ -61,16 +61,35 @@ Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}"
Gandi_Domain: "{{ domain.name }}" Gandi_Domain: "{{ domain.name }}"
Gandi_Record: www Gandi_Record: www
certbot_auto_renew_user: root
certbot_create_if_missing: true
certbot_cert_name: "{{domain.name}}"
certbot_certs:
- email: "{{user.mail}}"
domains:
- www.{{domain.name}}
- git.{{domain.name}}
- supysonic.{{domain.name}}
- syno.{{domain.name}}
nginx_vhosts: nginx_vhosts:
- listen: "80" - listen: "80"
server_name: "localhost" server_name: "_"
filename: "redirect80.conf"
state: "present"
template: "{{ nginx_vhost_template }}"
extra_parameters: |
return 301 https://$host;
- listen: "443 ssl"
server_name: "www.{{domain.name}}"
root: "/usr/share/nginx/html/" root: "/usr/share/nginx/html/"
error_page: "404 /404/404.html" error_page: "404 /404/404.html"
filename: "default.conf" filename: "default.conf"
state: "present" state: "present"
template: "{{ nginx_vhost_template }}" template: "{{ nginx_vhost_template }}"
extra_parameters: | extra_parameters: |
include /etc/nginx/conf.d/{{domain.name}}.ssl;
error_page 500 502 503 504 /50x.html; error_page 500 502 503 504 /50x.html;
location = /50x.html { location = /50x.html {
root /usr/share/nginx/html; root /usr/share/nginx/html;
@ -94,7 +113,40 @@ nginx_vhosts:
include fastcgi_params; include fastcgi_params;
} }
include /etc/nginx/conf.d/*.default; include /etc/nginx/conf.d/*.default;
- listen: "443 ssl"
server_name: "git.{{domain.name}}"
filename: "gitea.conf"
state: "present"
template: "{{ nginx_vhost_template }}"
extra_parameters: |
include /etc/nginx/conf.d/{{domain.name}}.ssl;
location / {
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_pass http://localhost:3000;
}
- listen: "443 ssl"
server_name: "syno.{{domain.name}}"
filename: "syno.conf"
state: "present"
template: "{{ nginx_vhost_template }}"
extra_parameters: |
include /etc/nginx/conf.d/{{domain.name}}.ssl;
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_pass http://192.168.1.10:5000;
}
- listen: "443 ssl"
server_name: "supysonic.{{domain.name}}"
filename: "supysonic.conf"
state: "present"
template: "{{ nginx_vhost_template }}"
extra_parameters: |
include /etc/nginx/conf.d/{{domain.name}}.ssl;
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
proxy_pass http://localhost:8001;
}
nginx_realIP_Proxy: 192.168.1.10/24 nginx_realIP_Proxy: 192.168.1.10/24

View File

@ -17,6 +17,7 @@
- fail2ban - fail2ban
- {role: dns , become: yes } - {role: dns , become: yes }
- {role: nginx, become: yes } - {role: nginx, become: yes }
- {role: ansible-role-certbot, become: yes} ##need to have a external connection on 80
- {role: mariadb, become: yes } - {role: mariadb, become: yes }
- php - php
- tt-rss - tt-rss