Commit 3ad83ad6 authored by godog's avatar godog

Merge branch 'nginx_certbot' into 'master'

Nginx certbot

See merge request !30
parents af33e0be 8b7d62b6
Pipeline #3294 failed with stage
in 9 minutes and 4 seconds
......@@ -23,8 +23,8 @@ server {
server_name _;
ssl on;
ssl_certificate /etc/credentials/selfsigned/default/cert.pem;
ssl_certificate_key /etc/credentials/selfsigned/default/private_key.pem;
ssl_certificate /etc/credentials/selfsigned/default/fullchain.pem;
ssl_certificate_key /etc/credentials/selfsigned/default/privkey.pem;
root /var/www/html;
index index.html;
......
......@@ -25,16 +25,16 @@
server {
listen [::]:443 http2;
{% if endpoint.domains %}
server_name {{ endpoint.domains | join(' ') }};
server_name {{ endpoint.domains | join(' ') }};
{% else %}
server_name {% for d in domain_public %}{% if shard %}{{ shard }}.{% endif %}{{ endpoint.name }}.{{ d }} {% endfor %}{% if shard %}{{ shard }}.{% endif %}{{ endpoint.name }}.{{ domain }};
{% endif %}
ssl on;
ssl_certificate /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/cert.pem;
ssl_certificate_key /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/private_key.pem;
ssl_certificate /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/fullchain.pem;
ssl_certificate_key /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/privkey.pem;
include /etc/nginx/snippets/site-limits.conf;
include /etc/nginx/snippets/site-limits.conf;
{#
When multiple locations are defined, we must make sure
......
......@@ -11,13 +11,13 @@
state: directory
- name: "Create a self-signed certificate for {{ cn }}"
shell: "openssl req -x509 -newkey rsa:2048 -keyout private_key.pem -nodes -out cert.pem -days 3650 -subj '/CN={{ cn }}'"
shell: "openssl req -x509 -newkey rsa:2048 -keyout privkey.pem -nodes -out fullchain.pem -days 3650 -subj '/CN={{ cn }}'"
args:
chdir: "/etc/credentials/selfsigned/{{ cn }}"
creates: "/etc/credentials/selfsigned/{{ cn }}/cert.pem"
creates: "/etc/credentials/selfsigned/{{ cn }}/fullchain.pem"
- file:
path: "/etc/credentials/selfsigned/{{ cn }}/private_key.pem"
path: "/etc/credentials/selfsigned/{{ cn }}/privkey.pem"
owner: root
group: public-credentials
mode: 0440
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment