refactor: Let's Encrypt location block
Removed the 'blockinfile' task and added the location block for Let's Encrypt in the Nginx config template. This bloc will be rendered if Let's encrypt support is enabled. Part of dananglin/pleroma-ansible-playbook#1
This commit is contained in:
parent
6f5dbdbbe4
commit
42904fbaa4
2 changed files with 9 additions and 19 deletions
|
@ -87,24 +87,6 @@
|
||||||
type: RSA
|
type: RSA
|
||||||
when: pleroma.ssl.letsEncrypt.enable
|
when: pleroma.ssl.letsEncrypt.enable
|
||||||
|
|
||||||
- name: Nginx -- Ensuring the location block for the ACME challenge is configured.
|
|
||||||
blockinfile:
|
|
||||||
path: "{{ pleroma_nginx_conf_file }}"
|
|
||||||
state: present
|
|
||||||
mode: '0600'
|
|
||||||
owner: root
|
|
||||||
group: root
|
|
||||||
insertafter: '^\s+#\s\[\[PLACEHOLDER\sFOR\sLETS\sENCRYPT\sFOLDER\]\].*$'
|
|
||||||
block: |2
|
|
||||||
location ~/\.well-known/acme-challenge {
|
|
||||||
root {{ pleroma_letsEncrypt_baseDir }}/;
|
|
||||||
try_files $uri @forward_https;
|
|
||||||
}
|
|
||||||
location @forward_https {
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
when: pleroma.ssl.letsEncrypt.enable
|
|
||||||
|
|
||||||
- name: Nginx -- Checking if the full chain certificate exists.
|
- name: Nginx -- Checking if the full chain certificate exists.
|
||||||
stat:
|
stat:
|
||||||
path: "{{ pleroma_ssl_fullChainCert }}"
|
path: "{{ pleroma_ssl_fullChainCert }}"
|
||||||
|
|
|
@ -7,7 +7,15 @@ server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
|
||||||
# [[PLACEHOLDER FOR LETS ENCRYPT FOLDER]]
|
{% if pleroma.ssl.letsEncrypt.enable == true -%}
|
||||||
|
location ~/\.well-known/acme-challenge {
|
||||||
|
root {{ pleroma_letsEncrypt_baseDir }}/;
|
||||||
|
try_files $uri @forward_https;
|
||||||
|
}
|
||||||
|
location @forward_https {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
return 301 https://$server_name$request_uri;
|
return 301 https://$server_name$request_uri;
|
||||||
|
|
Reference in a new issue