From f0d8d2f170bd7eb0af2b0638935d7084ae730d5a Mon Sep 17 00:00:00 2001
From: Julian Labus <julian@labus-online.de>
Date: Fri, 15 Jun 2018 09:08:25 +0200
Subject: [PATCH] Role service-nginx-firmware: forward ACME HTTP requests and
 enable HTTPS for vhosts

---
 .../templates/firmware_vhost.conf.j2          | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2 b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
index 0da433c..dfde0b4 100644
--- a/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
+++ b/roles/service-nginx-firmware/templates/firmware_vhost.conf.j2
@@ -6,6 +6,28 @@ server {
     charset utf-8;
     server_tokens off;
 
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
+    root /var/www/html/firmware;
+    location / {
+        autoindex on;
+        autoindex_exact_size off;
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name firmware.{{ http_domain_internal }} firmware.{{ http_domain_external }};
+
+    charset utf-8;
+    server_tokens off;
+
+    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
+
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
     root /var/www/html/firmware;
     location / {
         autoindex on;
@@ -22,6 +44,28 @@ server {
     charset utf-8;
     server_tokens off;
 
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
+    root /var/www/html/firmware/{{ mesh.site_name.lower() }};
+    location / {
+        autoindex on;
+        autoindex_exact_size off;
+    }
+}
+
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    server_name firmware.{{ mesh.http_domain_internal }} firmware.{{ mesh.http_domain_external }};
+
+    charset utf-8;
+    server_tokens off;
+
+    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
+
+    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
+
     root /var/www/html/firmware/{{ mesh.site_name.lower() }};
     location / {
         autoindex on;