diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/web/files/sites/ip.ilvokhin.com | 28 | ||||
| -rw-r--r-- | roles/web/tasks/certificate.yml | 15 | ||||
| -rw-r--r-- | roles/web/tasks/sites/ip.yml | 7 |
3 files changed, 50 insertions, 0 deletions
diff --git a/roles/web/files/sites/ip.ilvokhin.com b/roles/web/files/sites/ip.ilvokhin.com new file mode 100644 index 0000000..0555c67 --- /dev/null +++ b/roles/web/files/sites/ip.ilvokhin.com @@ -0,0 +1,28 @@ +server { + server_name ip.ilvokhin.com www.ip.ilvokhin.com; + + location / { + default_type text/plain; + return 200 $remote_addr\n; + } + + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/ip.ilvokhin.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ip.ilvokhin.com/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +} + +# Do not redirect to https to get a plain output for `curl ip.ilvokhin.com` +# command. +server { + server_name ip.ilvokhin.com www.ip.ilvokhin.com; + + location / { + default_type text/plain; + return 200 $remote_addr\n; + } + + listen 80; + listen [::]:80; +} diff --git a/roles/web/tasks/certificate.yml b/roles/web/tasks/certificate.yml new file mode 100644 index 0000000..5d25a63 --- /dev/null +++ b/roles/web/tasks/certificate.yml @@ -0,0 +1,15 @@ +- name: Request SSL certificate from Let's Encrypt + shell: | + # Make task independent: if nginx is already running, stop it and then + # start back on exit. + [ -f /var/run/nginx.pid ] && systemctl stop nginx + trap "systemctl start nginx" EXIT + certbot certonly \ + --standalone \ + --agree-tos \ + --renew-by-default \ + --email webmaster@ilvokhin.com \ + --rsa-key-size 4096 \ + -d {{ domains | join(' -d ') }} + args: + creates: '/etc/letsencrypt/live/{{ domains | first }}/fullchain.pem' diff --git a/roles/web/tasks/sites/ip.yml b/roles/web/tasks/sites/ip.yml new file mode 100644 index 0000000..a9d2d32 --- /dev/null +++ b/roles/web/tasks/sites/ip.yml @@ -0,0 +1,7 @@ +- name: Configure nginx for ip.ilvokhin.com + ansible.builtin.copy: + src: roles/web/files/sites/ip.ilvokhin.com + dest: /etc/nginx/sites-available + owner: root + group: root + mode: u+rw,g+r,o+r |