From 26951c89a67e5b9f5f69e22340368895d3dff36b Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Tue, 5 Apr 2016 08:39:47 +0200
Subject: [PATCH] Fix nginx handling of acme challenges.

---
 roles/nginx/tasks/main.yml       | 15 +++------------
 roles/nginx/templates/default.j2 |  4 ++--
 2 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 7d488e7..0d8a62c 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -2,42 +2,33 @@
 
 - name: Enable backports
   apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
-  tags: nginx
 
 - name: Install nginx
-  apt: name=nginx default_release=jessie-backports state=present
-  tags: nginx
+  apt: name=nginx default_release=jessie-backports state=latest
 
 - name: Create certificate directory
   file: path=/etc/nginx/ssl state=directory mode=0750
-  tags: nginx
 
 - name: Ensure certificates are available
   command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
   notify: Restart nginx
-  tags: nginx
 
 - name: Ensure correct certificate permissions
   file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
   notify: Restart nginx
-  tags: nginx
 
 - name: Create DH parameters
   command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
   with_items:
   - /etc/nginx/dhparam.pem
-  tags: nginx
 
-- name: Configure nginx default vhost
+- name: Configure default vhost
   copy: src=nginx.conf dest=/etc/nginx/nginx.conf
   notify: Restart nginx
-  tags: nginx
 
-- name: Configure nginx default vhost
+- name: Enable default vhost
   template: src=default.j2 dest=/etc/nginx/sites-available/default
   notify: Restart nginx
-  tags: nginx
 
 - name: Start nginx
   service: name=nginx state=started enabled=yes
-  tags: nginx
diff --git a/roles/nginx/templates/default.j2 b/roles/nginx/templates/default.j2
index 9de37ab..ea6a19a 100644
--- a/roles/nginx/templates/default.j2
+++ b/roles/nginx/templates/default.j2
@@ -5,9 +5,9 @@ server {
 	server_name _;
 	server_name_in_redirect on;
 
-	location '/.well-known/acme-challenge' {
+	location /.well-known/acme-challenge/ {
 		default_type "text/plain";
-		root /tmp/letsencrypt-auto;
+		root /var/www/acme-challenge/;
 	}
 
 	location / {