diff --git a/roles/web/files/certs b/roles/web/files/certs index 44750f0..83054f6 100644 --- a/roles/web/files/certs +++ b/roles/web/files/certs @@ -28,6 +28,20 @@ autoconfig.binary-kitchen.de: format: key action: '/usr/sbin/service nginx restart' +door.binary-kitchen.de: +- path: /etc/nginx/ssl/door.binary-kitchen.de.crt + user: root + group: root + perm: '400' + format: crt,ca + action: '/usr/sbin/service nginx restart' +- path: /etc/nginx/ssl/door.binary-kitchen.de.key + user: root + group: root + perm: '400' + format: key + action: '/usr/sbin/service nginx restart' + www.ccc-r.de: - path: /etc/nginx/ssl/www.ccc-r.de.crt user: root diff --git a/roles/web/files/vhost b/roles/web/files/vhost index 0557c50..fd8af24 100644 --- a/roles/web/files/vhost +++ b/roles/web/files/vhost @@ -244,3 +244,51 @@ server { default_type text/html; } + +server { + listen 80; + listen [::]:80; + + server_name door.binary-kitchen.de; + + location /.well-known/acme-challenge { + default_type "text/plain"; + alias /var/www/acme-challenge; + } + + location / { + return 301 https://door.binary-kitchen.de$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name door.binary-kitchen.de; + + ssl_certificate_key /etc/nginx/ssl/door.binary-kitchen.de.key; + ssl_certificate /etc/nginx/ssl/door.binary-kitchen.de.crt; + + root /var/www/kitchen-doorbot; + + client_max_body_size 32M; + + index index.php; + + location / { + try_files $uri $uri/ @rewrite; + } + location @rewrite { + rewrite ^/(.*)$ /index.php?path=$1 last; + } + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_pass unix:/var/run/php/php8.2-fpm-www.sock; + fastcgi_intercept_errors on; + } +} \ No newline at end of file diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml index 9bb6312..7d98bf5 100644 --- a/roles/web/tasks/main.yml +++ b/roles/web/tasks/main.yml @@ -18,6 +18,7 @@ - eh21-fahrplan - makerspace-regensburg - kitchen + - kitchen-doorbot - name: Ensure (BK) certificates are available command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.binary-kitchen.de.key -out /etc/nginx/ssl/www.binary-kitchen.de.crt -days 730 -subj "/CN=www.binary-kitchen.de" creates=/etc/nginx/ssl/www.binary-kitchen.de.crt @@ -27,6 +28,10 @@ command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/autoconfig.binary-kitchen.de.key -out /etc/nginx/ssl/autoconfig.binary-kitchen.de.crt -days 730 -subj "/CN=autoconfig.binary-kitchen.de" creates=/etc/nginx/ssl/autoconfig.binary-kitchen.de.crt notify: Restart nginx +- name: Ensure (BK doorbot) certificates are available + command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/door.binary-kitchen.de.key -out /etc/nginx/ssl/door.binary-kitchen.de.crt -days 730 -subj "/CN=door.binary-kitchen.de" creates=/etc/nginx/ssl/door.binary-kitchen.de.crt + notify: Restart nginx + - name: Ensure (CCC-R) certificates are available command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/www.ccc-r.de.key -out /etc/nginx/ssl/www.ccc-r.de.crt -days 730 -subj "/CN=www.ccc-r.de" creates=/etc/nginx/ssl/www.ccc-r.de.crt notify: Restart nginx @@ -78,6 +83,7 @@ with_items: - "www.binary-kitchen.de" - "autoconfig.binary-kitchen.de" + - "door.binary-kitchen.de" - "www.ccc-r.de" - "www.makerspace-regensburg.de" - "fahrplan.eh21.easterhegg.eu"