integredete certbot and reverse proxy config
This commit is contained in:
vincent
parent
0150d7431f
commit
d3a349157e
@ -61,16 +61,35 @@ Gandi_API_KEYS: "{{ vault_gandi_API_Keys }}"
|
|||||||
Gandi_Domain: "{{ domain.name }}"
|
Gandi_Domain: "{{ domain.name }}"
|
||||||
Gandi_Record: www
|
Gandi_Record: www
|
||||||
|
|
||||||
|
certbot_auto_renew_user: root
|
||||||
|
certbot_create_if_missing: true
|
||||||
|
certbot_cert_name: "{{domain.name}}"
|
||||||
|
certbot_certs:
|
||||||
|
- email: "{{user.mail}}"
|
||||||
|
domains:
|
||||||
|
- www.{{domain.name}}
|
||||||
|
- git.{{domain.name}}
|
||||||
|
- supysonic.{{domain.name}}
|
||||||
|
- syno.{{domain.name}}
|
||||||
|
|
||||||
|
|
||||||
nginx_vhosts:
|
nginx_vhosts:
|
||||||
- listen: "80"
|
- listen: "80"
|
||||||
server_name: "localhost"
|
server_name: "_"
|
||||||
|
filename: "redirect80.conf"
|
||||||
|
state: "present"
|
||||||
|
template: "{{ nginx_vhost_template }}"
|
||||||
|
extra_parameters: |
|
||||||
|
return 301 https://$host;
|
||||||
|
- listen: "443 ssl"
|
||||||
|
server_name: "www.{{domain.name}}"
|
||||||
root: "/usr/share/nginx/html/"
|
root: "/usr/share/nginx/html/"
|
||||||
error_page: "404 /404/404.html"
|
error_page: "404 /404/404.html"
|
||||||
filename: "default.conf"
|
filename: "default.conf"
|
||||||
state: "present"
|
state: "present"
|
||||||
template: "{{ nginx_vhost_template }}"
|
template: "{{ nginx_vhost_template }}"
|
||||||
extra_parameters: |
|
extra_parameters: |
|
||||||
|
include /etc/nginx/conf.d/{{domain.name}}.ssl;
|
||||||
error_page 500 502 503 504 /50x.html;
|
error_page 500 502 503 504 /50x.html;
|
||||||
location = /50x.html {
|
location = /50x.html {
|
||||||
root /usr/share/nginx/html;
|
root /usr/share/nginx/html;
|
||||||
@ -94,7 +113,40 @@ nginx_vhosts:
|
|||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
}
|
}
|
||||||
include /etc/nginx/conf.d/*.default;
|
include /etc/nginx/conf.d/*.default;
|
||||||
|
- listen: "443 ssl"
|
||||||
|
server_name: "git.{{domain.name}}"
|
||||||
|
filename: "gitea.conf"
|
||||||
|
state: "present"
|
||||||
|
template: "{{ nginx_vhost_template }}"
|
||||||
|
extra_parameters: |
|
||||||
|
include /etc/nginx/conf.d/{{domain.name}}.ssl;
|
||||||
|
location / {
|
||||||
|
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
proxy_pass http://localhost:3000;
|
||||||
|
}
|
||||||
|
|
||||||
|
- listen: "443 ssl"
|
||||||
|
server_name: "syno.{{domain.name}}"
|
||||||
|
filename: "syno.conf"
|
||||||
|
state: "present"
|
||||||
|
template: "{{ nginx_vhost_template }}"
|
||||||
|
extra_parameters: |
|
||||||
|
include /etc/nginx/conf.d/{{domain.name}}.ssl;
|
||||||
|
location / {
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
proxy_pass http://192.168.1.10:5000;
|
||||||
|
}
|
||||||
|
- listen: "443 ssl"
|
||||||
|
server_name: "supysonic.{{domain.name}}"
|
||||||
|
filename: "supysonic.conf"
|
||||||
|
state: "present"
|
||||||
|
template: "{{ nginx_vhost_template }}"
|
||||||
|
extra_parameters: |
|
||||||
|
include /etc/nginx/conf.d/{{domain.name}}.ssl;
|
||||||
|
location / {
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
proxy_pass http://localhost:8001;
|
||||||
|
}
|
||||||
|
|
||||||
nginx_realIP_Proxy: 192.168.1.10/24
|
nginx_realIP_Proxy: 192.168.1.10/24
|
||||||
|
|
||||||
|
|||||||
@ -16,7 +16,8 @@
|
|||||||
- gandi-dyn-dns
|
- gandi-dyn-dns
|
||||||
- fail2ban
|
- fail2ban
|
||||||
- {role: dns , become: yes }
|
- {role: dns , become: yes }
|
||||||
- {role: nginx, become: yes }
|
- {role: nginx, become: yes }
|
||||||
|
- {role: ansible-role-certbot, become: yes} ##need to have a external connection on 80
|
||||||
- {role: mariadb, become: yes }
|
- {role: mariadb, become: yes }
|
||||||
- php
|
- php
|
||||||
- tt-rss
|
- tt-rss
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user