Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template

2019-03-22 20:33:32 +01:00 · 2019-03-22 20:33:32 +01:00 · d194d6e936
parent 91e8a2ff3d
commit d194d6e936
2 changed files with 6 additions and 2 deletions
--- a/inventory/host_vars/kichererbse.freifunk-mwu.de
+++ b/inventory/host_vars/kichererbse.freifunk-mwu.de
@ -4,3 +4,5 @@ server_type: "mesh-service"
 magic: 67

 nodejs_major_version: "10"
+
+http_dns_prefix: "dns-int"
--- a/roles/pdns-admin/templates/pdns_admin.conf.j2
+++ b/roles/pdns-admin/templates/pdns_admin.conf.j2
@ -1,20 +1,22 @@
 server {
    listen 80;
    listen [::]:80;
-    server_name dns-int.{{ http_domain_external }} dns-int.{{ http_domain_internal }};
+    server_name {{ http_dns_prefix }}.{{ http_domain_external }} {{ http_dns_prefix }}.{{ http_domain_internal }};
    return 301 https://$http_host$request_uri;
 }

 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
-    server_name dns-int.{{ http_domain_external }} dns-int.{{ http_domain_internal }};
+    server_name {{ http_dns_prefix }}.{{ http_domain_external }} {{ http_dns_prefix }}.{{ http_domain_internal }};
    index index.html index.htm;

    ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
    ssl_prefer_server_ciphers       on;

+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
    client_max_body_size            10m;
    client_body_buffer_size         128k;
    proxy_redirect                  off;