2022-05-31 04:36:55 +00:00
|
|
|
---
|
2024-02-21 21:56:43 +00:00
|
|
|
- name: "Stop Nginx"
|
|
|
|
|
systemd:
|
|
|
|
|
name: nginx
|
|
|
|
|
state: stopped
|
2022-05-30 15:46:36 +00:00
|
|
|
|
2024-02-21 21:56:43 +00:00
|
|
|
- name: "Setup Certbot"
|
|
|
|
|
include_role:
|
|
|
|
|
name: geerlingguy.certbot
|
|
|
|
|
vars:
|
|
|
|
|
certbot_admin_email: "{{ contact_email }}"
|
|
|
|
|
certbot_create_if_missing: true
|
|
|
|
|
certbot_create_standalone_stop_services: []
|
|
|
|
|
certbot_certs:
|
|
|
|
|
- domains:
|
|
|
|
|
- "{{ domain }}"
|
|
|
|
|
- "git.{{ domain }}"
|
2023-01-22 00:25:02 +00:00
|
|
|
|
2024-02-21 21:56:43 +00:00
|
|
|
- name: "Install Nginx"
|
|
|
|
|
include_role:
|
|
|
|
|
name: geerlingguy.nginx
|
|
|
|
|
vars:
|
2024-02-24 21:50:32 +00:00
|
|
|
nginx_listen_ipv6: false
|
2024-02-21 21:56:43 +00:00
|
|
|
nginx_vhosts:
|
|
|
|
|
- listen: "443 ssl http2"
|
|
|
|
|
server_name: "{{ domain }}"
|
|
|
|
|
root: "/var/www/{{ domain }}/public"
|
|
|
|
|
index: "index.html index.htm"
|
|
|
|
|
extra_parameters: |
|
2024-02-24 21:50:32 +00:00
|
|
|
listen [::]:443 ssl http2;
|
2024-02-21 21:56:43 +00:00
|
|
|
location / {
|
|
|
|
|
add_header Permissions-Policy interest-cohort=();
|
|
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
|
}
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
|
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
|
|
|
|
|
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
|
|
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
2024-03-10 18:52:04 +00:00
|
|
|
- listen: "80" # redirect http requests to https
|
|
|
|
|
server_name: "{{ domain }}"
|
|
|
|
|
return: "301 https://{{ domain }}$request_uri"
|
|
|
|
|
filename: "{{ domain }}.80.conf"
|
2024-02-21 21:56:43 +00:00
|
|
|
- listen: "443 ssl http2"
|
|
|
|
|
server_name: "git.{{ domain }}"
|
2024-02-28 00:11:03 +00:00
|
|
|
client_max_body_size: "512M"
|
2024-02-21 21:56:43 +00:00
|
|
|
extra_parameters: |
|
2024-02-24 21:50:32 +00:00
|
|
|
listen [::]:443 ssl http2;
|
2024-03-10 18:52:04 +00:00
|
|
|
listen 80;
|
|
|
|
|
listen [::]:80;
|
2024-02-21 21:56:43 +00:00
|
|
|
location / {
|
|
|
|
|
add_header Permissions-Policy interest-cohort=();
|
|
|
|
|
proxy_pass http://localhost:{{ giteaPort }};
|
2024-02-28 00:11:03 +00:00
|
|
|
proxy_set_header Connection $http_connection;
|
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
2024-02-21 21:56:43 +00:00
|
|
|
}
|
|
|
|
|
ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
|
|
|
|
|
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
|
|
|
|
|
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
|
|
|
|
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
2024-03-10 18:52:04 +00:00
|
|
|
- listen: "80" # redirect http requests to https
|
|
|
|
|
server_name: "git.{{ domain }}"
|
|
|
|
|
return: "301 https://git.{{ domain }}$request_uri"
|
|
|
|
|
filename: "git.{{ domain }}.80.conf"
|
2024-02-24 21:50:32 +00:00
|
|
|
- listen: "127.0.0.1:2171"
|
2024-02-21 21:56:43 +00:00
|
|
|
server_name: "{{ onionDomain }}"
|
|
|
|
|
root: "/var/www/{{ domain }}/tor"
|
|
|
|
|
index: "index.html index.htm"
|
|
|
|
|
extra_parameters: |
|
|
|
|
|
location / {
|
|
|
|
|
add_header Permissions-Policy interest-cohort=();
|
|
|
|
|
try_files $uri $uri/ =404;
|
|
|
|
|
}
|
2022-05-30 15:46:36 +00:00
|
|
|
|
2024-02-21 21:56:43 +00:00
|
|
|
- name: "Start Nginx"
|
2022-05-30 15:46:36 +00:00
|
|
|
systemd:
|
|
|
|
|
name: nginx
|
2024-02-21 21:56:43 +00:00
|
|
|
state: started
|
