tom/ansible
1
0
Fork 0
forked from infra/ansible
Code Issues Pull Requests Projects Releases Wiki Activity

Fix nginx handling of acme challenges.

Browse Source
This commit is contained in:
Markus 2016-04-05 08:39:47 +02:00
parent f5146bf438
commit 26951c89a6
2 changed files with 5 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
roles/nginx/tasks/main.yml
View File

@ -2,42 +2,33 @@
- name: Enable backports - name: Enable backports
apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
tags: nginx
- name: Install nginx - name: Install nginx
apt: name=nginx default_release=jessie-backports state=present apt: name=nginx default_release=jessie-backports state=latest
tags: nginx
- name: Create certificate directory - name: Create certificate directory
file: path=/etc/nginx/ssl state=directory mode=0750 file: path=/etc/nginx/ssl state=directory mode=0750
tags: nginx
- name: Ensure certificates are available - name: Ensure certificates are available
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
notify: Restart nginx notify: Restart nginx
tags: nginx
- name: Ensure correct certificate permissions - name: Ensure correct certificate permissions
file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400 file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
notify: Restart nginx notify: Restart nginx
tags: nginx
- name: Create DH parameters - name: Create DH parameters
command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }} command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
with_items: with_items:
- /etc/nginx/dhparam.pem - /etc/nginx/dhparam.pem
tags: nginx
- name: Configure nginx default vhost - name: Configure default vhost
copy: src=nginx.conf dest=/etc/nginx/nginx.conf copy: src=nginx.conf dest=/etc/nginx/nginx.conf
notify: Restart nginx notify: Restart nginx
tags: nginx
- name: Configure nginx default vhost - name: Enable default vhost
template: src=default.j2 dest=/etc/nginx/sites-available/default template: src=default.j2 dest=/etc/nginx/sites-available/default
notify: Restart nginx notify: Restart nginx
tags: nginx
- name: Start nginx - name: Start nginx
service: name=nginx state=started enabled=yes service: name=nginx state=started enabled=yes
tags: nginx

4
roles/nginx/templates/default.j2
View File

@ -5,9 +5,9 @@ server {
server_name _; server_name _;
server_name_in_redirect on; server_name_in_redirect on;
location '/.well-known/acme-challenge' { location /.well-known/acme-challenge/ {
default_type "text/plain"; default_type "text/plain";
root /tmp/letsencrypt-auto; root /var/www/acme-challenge/;
} }
location / { location / {