Add half-baked and untested certificate management

author: Dmitry Ilvokhin <d@ilvokhin.com> 2024-01-06 18:02:13 +0000
committer: Dmitry Ilvokhin <d@ilvokhin.com> 2024-01-06 18:02:13 +0000
commit: f69780fa8d1992451150c5d67af088f5c329861a (patch)
tree: cf58989af972b5cf9432a76df6e7bf827d2ac132 /roles/web/files/sites/ip.ilvokhin.com
parent: f2e2d0ee6010b48b72c50b8747ae197bd91e491e (diff)
download: infra-f69780fa8d1992451150c5d67af088f5c329861a.tar.gz
infra-f69780fa8d1992451150c5d67af088f5c329861a.tar.bz2
infra-f69780fa8d1992451150c5d67af088f5c329861a.zip
1 files changed, 28 insertions, 0 deletions
diff --git a/roles/web/files/sites/ip.ilvokhin.com b/roles/web/files/sites/ip.ilvokhin.com
new file mode 100644
index 0000000..0555c67
--- /dev/null
+++ b/roles/web/files/sites/ip.ilvokhin.com
@@ -0,0 +1,28 @@
+server {
+    server_name ip.ilvokhin.com www.ip.ilvokhin.com;
+
+    location / {
+        default_type text/plain;
+        return 200 $remote_addr\n;
+    }
+
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/ip.ilvokhin.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ip.ilvokhin.com/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
+
+# Do not redirect to https to get a plain output for `curl ip.ilvokhin.com`
+# command.
+server {
+    server_name ip.ilvokhin.com www.ip.ilvokhin.com;
+
+    location / {
+        default_type text/plain;
+        return 200 $remote_addr\n;
+    }
+
+    listen 80;
+    listen [::]:80;
+}
author	Dmitry Ilvokhin <d@ilvokhin.com>	2024-01-06 18:02:13 +0000
committer	Dmitry Ilvokhin <d@ilvokhin.com>	2024-01-06 18:02:13 +0000
commit	f69780fa8d1992451150c5d67af088f5c329861a (patch)
tree	cf58989af972b5cf9432a76df6e7bf827d2ac132 /roles/web/files/sites/ip.ilvokhin.com
parent	f2e2d0ee6010b48b72c50b8747ae197bd91e491e (diff)
download	infra-f69780fa8d1992451150c5d67af088f5c329861a.tar.gz infra-f69780fa8d1992451150c5d67af088f5c329861a.tar.bz2 infra-f69780fa8d1992451150c5d67af088f5c329861a.zip