From bf31dd3819e68c23d8de4c128724423862084ee4 Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Fri, 18 Jan 2019 22:36:50 +0100
Subject: [PATCH] webserver: add default acme location, set defaults
---
webserver/defaults/main.yml | 3 +++
webserver/templates/nginx-proxy.conf | 12 +++++++++++-
webserver/templates/nginx.conf | 2 +-
3 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/webserver/defaults/main.yml b/webserver/defaults/main.yml
index ef12636..2ec7460 100644
--- a/webserver/defaults/main.yml
+++ b/webserver/defaults/main.yml
@@ -2,3 +2,6 @@
cipher_strength: modern
nginx_pam_groups: []
+webserver_enable_acme_default: true
+webserver_enable_ipv6: true
+webserver_resolver: "{{ nameservers }}"
diff --git a/webserver/templates/nginx-proxy.conf b/webserver/templates/nginx-proxy.conf
index 1acae8f..ed8aa03 100644
--- a/webserver/templates/nginx-proxy.conf
+++ b/webserver/templates/nginx-proxy.conf
@@ -38,7 +38,7 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
- resolver {{nameservers|join(" ")}} ipv6={{ webserver_enable_ipv6 }};
+ resolver {{ webserver_resolver|join(" ") }} ipv6={{ webserver_enable_ipv6 }};
##
# SSL Settings
@@ -90,4 +90,14 @@ http {
include /etc/nginx/sites-available/tls-proxy;
{% endif %}
+ {% if webserver_enable_acme_default %}
+ server {
+ listen 80;
+ server_name _;
+ include /etc/nginx/snippets/acmetool.conf;
+ location / {
+ deny all;
+ }
+ }
+ {% endif %}
}
diff --git a/webserver/templates/nginx.conf b/webserver/templates/nginx.conf
index 4d68f49..a0f4339 100644
--- a/webserver/templates/nginx.conf
+++ b/webserver/templates/nginx.conf
@@ -31,7 +31,7 @@ http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
- resolver {{nameservers|join(" ")}} ipv6={{ webserver_enable_ipv6 }};
+ resolver {{ webserver_resolver|join(" ") }} ipv6={{ webserver_enable_ipv6 }};
##
# SSL Settings
--
GitLab