diff options
| author | Joshua Hull <josh@fireflop.com> | 2023-01-15 10:49:21 +0100 |
|---|---|---|
| committer | Emil Renner Berthing <esmil@labitat.dk> | 2023-01-27 01:25:24 +0100 |
| commit | 0562d72eaafaedf0f10414e0b42fa92d248c60f3 (patch) | |
| tree | b2097545f6e02cbfa5c1dd6db685033995f9e010 /roles/sky/templates | |
| parent | cd9597103b864dfba9ab8f707f2f5a54b42d6a4a (diff) | |
| download | labitat-ansible-0562d72eaafaedf0f10414e0b42fa92d248c60f3.tar.gz labitat-ansible-0562d72eaafaedf0f10414e0b42fa92d248c60f3.tar.xz labitat-ansible-0562d72eaafaedf0f10414e0b42fa92d248c60f3.zip | |
sky: certbot: configure certbot
esmil:
- don't install cron job, just use the packaged timer
- install deploy hook to reload nginx when certificates are updated
Diffstat (limited to 'roles/sky/templates')
| -rwxr-xr-x | roles/sky/templates/certbot-nginx.sh.j2 | 9 | ||||
| -rw-r--r-- | roles/sky/templates/letsencrypt.nginx.j2 | 14 |
2 files changed, 23 insertions, 0 deletions
diff --git a/roles/sky/templates/certbot-nginx.sh.j2 b/roles/sky/templates/certbot-nginx.sh.j2 new file mode 100755 index 0000000..96ffe6d --- /dev/null +++ b/roles/sky/templates/certbot-nginx.sh.j2 @@ -0,0 +1,9 @@ +#!/bin/sh + +case "$RENEWED_LINEAGE" in +*'/{{ domain_name }}') + exec systemctl reload nginx.service + ;; +esac + +# vim: set ts=2 sw=2 et: diff --git a/roles/sky/templates/letsencrypt.nginx.j2 b/roles/sky/templates/letsencrypt.nginx.j2 new file mode 100644 index 0000000..a04f58c --- /dev/null +++ b/roles/sky/templates/letsencrypt.nginx.j2 @@ -0,0 +1,14 @@ +server { + listen *:80; + listen [::]:80; + server_name {{ domain_name }} www.labitat.dk; + + location /.well-known/acme-challenge { + root /var/www/letsencrypt; + try_files $uri $uri/ =404; + } + + location / { + return 301 https://$host$request_uri; + } +} |