forked from FF-RGB/ansible
web_svc: add uisp config to ansible
This commit is contained in:
parent
8aa7c9c0b3
commit
5e0e0ac3a0
@ -83,3 +83,6 @@ speedtest_domains: speed.ffrgb.net speed.regensburg.freifunk.net
|
|||||||
speedtest_secret: "{{ vault_speedtest_secret }}"
|
speedtest_secret: "{{ vault_speedtest_secret }}"
|
||||||
|
|
||||||
tileserver_domain: tiles.regensburg.freifunk.net
|
tileserver_domain: tiles.regensburg.freifunk.net
|
||||||
|
|
||||||
|
web_services:
|
||||||
|
- { id: uisp, domain: uisp.regensburg.freifunk.net, domains: uisp.ffrgb.net uisp.regensburg.freifunk.net }
|
||||||
|
@ -5,4 +5,5 @@
|
|||||||
with_items: "{{ web_services }}"
|
with_items: "{{ web_services }}"
|
||||||
vars:
|
vars:
|
||||||
domain: "{{ item.domain }}"
|
domain: "{{ item.domain }}"
|
||||||
|
domains: "{{ item.domains }}"
|
||||||
web_svc: "{{ item.id }}"
|
web_svc: "{{ item.id }}"
|
||||||
|
15
roles/web_svc/templates/uisp_certs.j2
Normal file
15
roles/web_svc/templates/uisp_certs.j2
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
{{ domains }}:
|
||||||
|
- path: /etc/nginx/ssl/{{ domain }}.crt
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
perm: '400'
|
||||||
|
format: crt,ca
|
||||||
|
action: '/usr/sbin/service nginx restart'
|
||||||
|
- path: /etc/nginx/ssl/{{ domain }}.key
|
||||||
|
user: root
|
||||||
|
group: root
|
||||||
|
perm: '400'
|
||||||
|
format: key
|
||||||
|
action: '/usr/sbin/service nginx restart'
|
38
roles/web_svc/templates/uisp_vhost.j2
Normal file
38
roles/web_svc/templates/uisp_vhost.j2
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
server_name {{ domains }};
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge {
|
||||||
|
default_type "text/plain";
|
||||||
|
alias /var/www/acme-challenge;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
|
server_name {{ domains }};
|
||||||
|
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/{{ domain }}.key;
|
||||||
|
ssl_certificate /etc/nginx/ssl/{{ domain }}.crt;
|
||||||
|
|
||||||
|
allow 2001:678:ddc::/48;
|
||||||
|
deny all;
|
||||||
|
|
||||||
|
location /nms {
|
||||||
|
proxy_pass https://10.90.224.101:443/nms;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Scheme $scheme;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user