OpenPunk/openpunk-ansible
1
0
Fork 0
mirror of https://github.com/CPunch/openpunk-ansible.git synced 2024-11-14 11:50:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
5171a308be
openpunk-ansible/roles/nginx/tasks/main.yml

82 lines
2.8 KiB
YAML
Raw Blame History

---
- name: "Stop Nginx"
systemd:
name: nginx
state: stopped
- name: "Setup Certbot"
include_role:
name: geerlingguy.certbot
vars:
certbot_admin_email: "{{ contact_email }}"
certbot_create_if_missing: true
certbot_create_standalone_stop_services: []
certbot_certs:
- domains:
- "{{ domain }}"
- "git.{{ domain }}"
- name: "Install Nginx"
include_role:
name: geerlingguy.nginx
vars:
nginx_listen_ipv6: false
nginx_vhosts:
- listen: "443 ssl http2"
server_name: "{{ domain }}"
root: "/var/www/{{ domain }}/public"
index: "index.html index.htm"
extra_parameters: |
listen [::]:443 ssl http2;
location / {
add_header Permissions-Policy interest-cohort=();
try_files $uri $uri/ =404;
}
ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "80" # redirect http requests to https
server_name: "{{ domain }}"
return: "301 https://{{ domain }}$request_uri"
filename: "{{ domain }}.80.conf"
- listen: "443 ssl http2"
server_name: "git.{{ domain }}"
client_max_body_size: "512M"
extra_parameters: |
listen [::]:443 ssl http2;
listen 80;
listen [::]:80;
location / {
add_header Permissions-Policy interest-cohort=();
proxy_pass http://localhost:{{ giteaPort }};
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
- listen: "80" # redirect http requests to https
server_name: "git.{{ domain }}"
return: "301 https://git.{{ domain }}$request_uri"
filename: "git.{{ domain }}.80.conf"
- listen: "127.0.0.1:2171"
server_name: "{{ onionDomain }}"
root: "/var/www/{{ domain }}/tor"
index: "index.html index.htm"
extra_parameters: |
location / {
add_header Permissions-Policy interest-cohort=();
try_files $uri $uri/ =404;
}
- name: "Start Nginx"
systemd:
name: nginx
state: started
Reference in New Issue View Git Blame Copy Permalink