b91112516d
* Introduce Kumpir, our new www server, add wordpress role * move kumpir to services group, use safer distinction for ssl_cert location, reduce www playbook * set server type to services * fix typo * rename service-wordpress to service-nginx-wordpress * Add service-nginx-etherpad role * Add ed25519 keypair for system_users when supported. * Revert "Add ed25519 keypair for system_users when supported." This reverts commit ffef991ca41185d19953b96439e80b1b9a6ba534. * Change generated keys format to ed25519 * fix indention of nginx templates, reduce amount of needed tasks by adding extra_opts to unarchive, remove not needed mysql db tasks, make new acme_server default * Change new default preference for acme servers, marking acme_server zuckerwatte deprecated soon.
42 lines
1.1 KiB
Django/Jinja
42 lines
1.1 KiB
Django/Jinja
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name _;
|
|
|
|
charset utf-8;
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
|
|
|
root /var/www/html;
|
|
location / {
|
|
index index.html;
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl default_server;
|
|
listen [::]:443 ssl default_server;
|
|
server_name _;
|
|
|
|
charset utf-8;
|
|
server_tokens off;
|
|
{% if acme_server == 'zuckerwatte' %}
|
|
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
|
|
{% else %}
|
|
ssl_certificate /etc/nginx/ssl/{{ http_domain_external }}/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/ssl/{{ http_domain_external }}/privkey.pem;
|
|
{% endif %}
|
|
|
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
|
|
|
root /var/www/html;
|
|
location / {
|
|
index index.html;
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
}
|
|
}
|