mirror of
https://github.com/MatteZ02/infra.git
synced 2024-11-22 18:50:20 +00:00
Update
This commit is contained in:
parent
32cfff9039
commit
3b441c6fcb
@ -22,6 +22,11 @@ server {
|
|||||||
return 301 https://$host$request_uri/;
|
return 301 https://$host$request_uri/;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
if ($request_method !~ ^(GET|HEAD|POST)$ )
|
if ($request_method !~ ^(GET|HEAD|POST)$ )
|
||||||
{
|
{
|
||||||
return 405;
|
return 405;
|
||||||
@ -30,11 +35,13 @@ server {
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
|
|
||||||
listen 443 ssl http2 default_server;
|
listen 443 ssl default_server;
|
||||||
listen [::]:443 ssl http2 default_server;
|
listen [::]:443 ssl default_server;
|
||||||
|
|
||||||
server_name _;
|
server_name _;
|
||||||
|
|
||||||
|
http2 on;
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/certs/mpp/fullchain.pem;
|
ssl_certificate /etc/nginx/certs/mpp/fullchain.pem;
|
||||||
ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem;
|
ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem;
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
@ -107,18 +107,18 @@
|
|||||||
tags:
|
tags:
|
||||||
- certbot
|
- certbot
|
||||||
|
|
||||||
# - name: "Install - Certbot - Create Certificates"
|
- name: "Install - Certbot - Create Certificates"
|
||||||
# command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges dns-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --manual-auth-hook /etc/letsencrypt/renewal-hooks/pre/acme-dns-auth.py --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
|
command: "certbot certonly --cert-name {{ cert.name }} --manual --preferred-challenges http-01 --email {{ cert.email }} --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -n --debug-challenges --preferred-chain='ISRG Root X1' --key-type rsa -d {{ cert.domains | join(' -d ') }}"
|
||||||
# register: task
|
register: task
|
||||||
# changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
|
changed_when: task.stdout.find("Certificate not yet due for renewal; no action taken.") == -1
|
||||||
# vars:
|
vars:
|
||||||
# cert:
|
cert:
|
||||||
# name: mpp
|
name: mpp
|
||||||
# email: matias.martikainen@metropolia.fi
|
email: matias.martikainen@metropolia.fi
|
||||||
# domains:
|
domains:
|
||||||
# - "{{ ansible_facts.fqdn }}"
|
- "{{ ansible_facts.fqdn }}"
|
||||||
# tags:
|
tags:
|
||||||
# - certbot
|
- certbot
|
||||||
|
|
||||||
- name: "Install - MariaDB - Dependencies / Python Library : pymysql"
|
- name: "Install - MariaDB - Dependencies / Python Library : pymysql"
|
||||||
pip:
|
pip:
|
||||||
|
Loading…
Reference in New Issue
Block a user