ka
/
ansible-role-nginx
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

acme challenge

master
Markus Katharina Brechtel 7 years ago
parent
feb6225207
commit
1d78c3843d
2 changed files with 25 additions and 18 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +12
    -12
      templates/default-vhost.conf.j2
  2. +13
    -6
      templates/vhost.conf.j2

+ 12
- 12
templates/default-vhost.conf.j2 View File

@@ -1,21 +1,21 @@
server { server {


listen 80 default_server;
listen [::]:80 default_server;
listen 80 default_server;
listen [::]:80 default_server;


listen 443 ssl default_server;
listen [::]:443 ssl default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;


ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;


server_name _;
server_name _;


return 404;
location /.well-known/acme-challenge {
default_type "text/plain";
root /var/www/default;
}


location /.well-known/acme-challenge {
default_type "text/plain";
root /var/www/letsencrypt-auto;
}
root /var/www/default;


} }

+ 13
- 6
templates/vhost.conf.j2 View File

@@ -5,14 +5,12 @@ server {
listen 443 ssl; listen 443 ssl;
listen [::]:443 ssl; listen [::]:443 ssl;


ssl_certificate /etc/ssl/certs/{{ vhost.name }}.fullchain.pem;
ssl_certificate_key /etc/ssl/private/{{ vhost.name }}.key.pem;
ssl_certificate /etc/ssl/certs/{{ certificate_name | default(vhost.certificate_name) | default(vhost.name) }}.fullchain.pem;
ssl_certificate_key /etc/ssl/private/{{ certificate_name | default(vhost.certificate_name) | default(vhost.name) }}.key.pem;


charset utf-8;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; ";


{% if vhost.root is defined %}
root {{ vhost.root }};
{% endif %}
charset utf-8;


{% if vhost.try_files is defined %} {% if vhost.try_files is defined %}
try_files {{ vhost.try_files }}; try_files {{ vhost.try_files }};
@@ -39,6 +37,10 @@ server {
{% endfor %} {% endfor %}
{% endif %} {% endif %}


{% if vhost.root is defined %}
root {{ vhost.root }};
{% endif %}

} }


server { server {
@@ -48,6 +50,11 @@ server {


server_name {{ vhost.server_names | join(' ') }}; server_name {{ vhost.server_names | join(' ') }};


location /.well-known/acme-challenge {
default_type "text/plain";
root /var/www/default;
}

return 301 https://$host$request_uri; return 301 https://$host$request_uri;


} }

Write Preview
Loading…
Cancel
Save