From e7e49f356f62173809495498da05ed5cf7f539ad Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Tue, 28 Feb 2017 14:14:33 +0100 Subject: [PATCH] Use Leti's Encrypt certificates for binary-kitchen.de. --- roles/web/files/certs | 2 +- roles/web/files/vhost | 14 ++++++++++++++ roles/web/handlers/main.yml | 3 +++ roles/web/tasks/main.yml | 1 + 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/roles/web/files/certs b/roles/web/files/certs index cd10dca..f4f2769 100644 --- a/roles/web/files/certs +++ b/roles/web/files/certs @@ -1,6 +1,6 @@ --- -www.binary-kitchen.de: +www.binary-kitchen.de binary-kitchen.de: - path: /etc/nginx/ssl/www.binary-kitchen.de.crt user: root group: root diff --git a/roles/web/files/vhost b/roles/web/files/vhost index 7c702e5..7dca9de 100644 --- a/roles/web/files/vhost +++ b/roles/web/files/vhost @@ -14,6 +14,20 @@ server { } } +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name binary-kitchen.de; + + ssl_certificate_key /etc/nginx/ssl/www.binary-kitchen.de.key; + ssl_certificate /etc/nginx/ssl/www.binary-kitchen.de.crt; + + location / { + return 301 https://www.binary-kitchen.de$request_uri; + } +} + server { listen 443 ssl http2; listen [::]:443 ssl http2; diff --git a/roles/web/handlers/main.yml b/roles/web/handlers/main.yml index b8367c9..e9b1ff5 100644 --- a/roles/web/handlers/main.yml +++ b/roles/web/handlers/main.yml @@ -5,3 +5,6 @@ - name: Restart php5-fpm service: name=php5-fpm state=restarted + +- name: Run certmgr + command: /opt/acertmgr/acertmgr.py diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml index 96b9fa8..b7be1b7 100644 --- a/roles/web/tasks/main.yml +++ b/roles/web/tasks/main.yml @@ -20,6 +20,7 @@ - name: Configure certificate manager copy: src=certs dest=/etc/acme/domains.d/www.binary-kitchen.de.conf + notify: Run certmgr - name: Configure vhosts copy: src=vhost dest=/etc/nginx/sites-available/www