web_svc: add uisp config to ansible
This commit is contained in:
parent
8aa7c9c0b3
commit
5e0e0ac3a0
@ -83,3 +83,6 @@ speedtest_domains: speed.ffrgb.net speed.regensburg.freifunk.net
|
||||
speedtest_secret: "{{ vault_speedtest_secret }}"
|
||||
|
||||
tileserver_domain: tiles.regensburg.freifunk.net
|
||||
|
||||
web_services:
|
||||
- { id: uisp, domain: uisp.regensburg.freifunk.net, domains: uisp.ffrgb.net uisp.regensburg.freifunk.net }
|
||||
|
@ -5,4 +5,5 @@
|
||||
with_items: "{{ web_services }}"
|
||||
vars:
|
||||
domain: "{{ item.domain }}"
|
||||
domains: "{{ item.domains }}"
|
||||
web_svc: "{{ item.id }}"
|
||||
|
15
roles/web_svc/templates/uisp_certs.j2
Normal file
15
roles/web_svc/templates/uisp_certs.j2
Normal file
@ -0,0 +1,15 @@
|
||||
---
|
||||
|
||||
{{ domains }}:
|
||||
- path: /etc/nginx/ssl/{{ domain }}.crt
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: crt,ca
|
||||
action: '/usr/sbin/service nginx restart'
|
||||
- path: /etc/nginx/ssl/{{ domain }}.key
|
||||
user: root
|
||||
group: root
|
||||
perm: '400'
|
||||
format: key
|
||||
action: '/usr/sbin/service nginx restart'
|
38
roles/web_svc/templates/uisp_vhost.j2
Normal file
38
roles/web_svc/templates/uisp_vhost.j2
Normal file
@ -0,0 +1,38 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name {{ domains }};
|
||||
|
||||
location /.well-known/acme-challenge {
|
||||
default_type "text/plain";
|
||||
alias /var/www/acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ domains }};
|
||||
|
||||
ssl_certificate_key /etc/nginx/ssl/{{ domain }}.key;
|
||||
ssl_certificate /etc/nginx/ssl/{{ domain }}.crt;
|
||||
|
||||
allow 2001:678:ddc::/48;
|
||||
deny all;
|
||||
|
||||
location /nms {
|
||||
proxy_pass https://10.90.224.101:443/nms;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header Connection $http_connection;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Scheme $scheme;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user