From f69780fa8d1992451150c5d67af088f5c329861a Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sat, 6 Jan 2024 18:02:13 +0000
Subject: Add half-baked and untested certificate management

---
 roles/web/files/sites/ip.ilvokhin.com | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 roles/web/files/sites/ip.ilvokhin.com

(limited to 'roles/web/files/sites/ip.ilvokhin.com')

diff --git a/roles/web/files/sites/ip.ilvokhin.com b/roles/web/files/sites/ip.ilvokhin.com
new file mode 100644
index 0000000..0555c67
--- /dev/null
+++ b/roles/web/files/sites/ip.ilvokhin.com
@@ -0,0 +1,28 @@
+server {
+    server_name ip.ilvokhin.com www.ip.ilvokhin.com;
+
+    location / {
+        default_type text/plain;
+        return 200 $remote_addr\n;
+    }
+
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/live/ip.ilvokhin.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/ip.ilvokhin.com/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
+
+# Do not redirect to https to get a plain output for `curl ip.ilvokhin.com`
+# command.
+server {
+    server_name ip.ilvokhin.com www.ip.ilvokhin.com;
+
+    location / {
+        default_type text/plain;
+        return 200 $remote_addr\n;
+    }
+
+    listen 80;
+    listen [::]:80;
+}
-- 
cgit v1.2.3-70-g09d2