ngnix: mv ssl/config conf.d/ssl

author: Guilhem Moulin <guilhem@fripost.org> 2015-12-09 17:21:06 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2015-12-09 17:21:06 +0100
commit: 2e67b6809d3b44da2e1e6ee6a974f10a3844964f (patch)
tree: 5e01116da2e0108dc53fe18a2d53d3a8a45c9289
parent: 32dbd35ec0e3e96a1a6ef569a641dc3c9e6a91f7 (diff)
7 files changed, 8 insertions, 8 deletions
diff --git a/roles/common-web/files/etc/nginx/ssl/config b/roles/common-web/files/etc/nginx/conf.d/ssl
index 26a64f4..26a64f4 100644
--- a/roles/common-web/files/etc/nginx/ssl/config
+++ b/roles/common-web/files/etc/nginx/conf.d/ssl
diff --git a/roles/common-web/tasks/main.yml b/roles/common-web/tasks/main.yml
index d2b2acd..1f06c13 100644
--- a/roles/common-web/tasks/main.yml
+++ b/roles/common-web/tasks/main.yml
@@ -19,43 +19,43 @@
         state=directory
         owner=root group=root
         mode=0755
   with_items:
     - fastcgi
     - ssl
 
 - name: Copy fastcgi parameters
   copy: src=etc/nginx/fastcgi/{{ item }}
         dest=/etc/nginx/fastcgi/{{ item }}
         owner=root group=root
         mode=0644
   register: r1
   with_items:
     - params
     - php
     - php-ssl
   notify:
     - Restart Nginx
 
-- name: Copy SSL configuration
-  copy: src=etc/nginx/ssl/config
-        dest=/etc/nginx/ssl/config
+- name: Copy SSL configuration snippet
+  copy: src=etc/nginx/conf.d/ssl
+        dest=/etc/nginx/conf.d/ssl
         owner=root group=root
         mode=0644
   register: r2
   notify:
     - Restart Nginx
 
 - name: Add .asc to text/plain MIME types
   lineinfile: dest=/etc/nginx/mime.types
               regexp='^(\s*text/plain\s+)'
               backrefs=yes
               line='\1txt asc;'
   register: r3
   notify:
     - Restart Nginx
 
 - name: Start Nginx
   service: name=nginx state=started
   when: not (r1.changed or r2.changed or r3.changed)
 
 - meta: flush_handlers
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git
index 112babb..c71dd7b 100644
--- a/roles/git/files/etc/nginx/sites-available/git
+++ b/roles/git/files/etc/nginx/sites-available/git
@@ -33,41 +33,41 @@ server {
         uwsgi_pass unix:/run/uwsgi/app/git-http-backend/socket;
     }
 
 
     # send all other URLs to cgit
     location / {
         gzip off;
         include uwsgi_params;
         uwsgi_modifier1 9;
         uwsgi_pass unix:/run/uwsgi/app/cgit/socket;
     }
 }
 
 
 server {
     listen      443;
     listen [::]:443;
 
     server_name  git.fripost.org;
 
-    include ssl/config;
+    include conf.d/ssl;
     ssl_certificate     /etc/nginx/ssl/git.fripost.org.pem;
     ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key;
 
     access_log /var/log/nginx/git.access.log;
     error_log  /var/log/nginx/git.error.log info;
 
     location ^~ /static/ {
         alias /usr/share/cgit/;
         expires 30d;
     }
 
     # Bypass the CGI to return static files stored on disk. Try first repo with
     # a trailing '.git', then without.
     location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" {
         root /var/lib/gitolite/repositories;
         try_files /$1.git/objects/$2 /$1/objects/$2 =404;
         expires 30d;
         gzip off;
         # TODO honor git-daemon-export-ok
     }
diff --git a/roles/lists/files/etc/nginx/sites-available/sympa b/roles/lists/files/etc/nginx/sites-available/sympa
index 77e9dc0..2dad552 100644
--- a/roles/lists/files/etc/nginx/sites-available/sympa
+++ b/roles/lists/files/etc/nginx/sites-available/sympa
@@ -3,41 +3,41 @@ server {
     listen [::]:80 ipv6only=on;
 
     server_name lists.fripost.org;
 
     access_log /var/log/nginx/lists.access.log;
     error_log  /var/log/nginx/lists.error.log info;
 
     return 302 https://$host$request_uri;
 }
 
 
 server {
     listen      443;
     listen [::]:443 ipv6only=on;
 
     server_name  lists.fripost.org;
 
     access_log /var/log/nginx/lists.access.log;
     error_log  /var/log/nginx/lists.error.log info;
 
-    include ssl/config;
+    include conf.d/ssl;
     ssl_certificate     /etc/nginx/ssl/lists.fripost.org.pem;
     ssl_certificate_key /etc/nginx/ssl/lists.fripost.org.key;
 
     location = / {
         return 302 /sympa$args;
     }
 
     location ^~ /static-sympa/ {
         alias /var/lib/sympa/static_content/;
         expires 30d;
     }
 
     location ^~ /sympa {
         fastcgi_split_path_info ^(/sympa)(.*)$;
         include fastcgi/params;
        
         fastcgi_pass unix:/run/wwsympa.socket;
         gzip off;
     }
 
diff --git a/roles/webmail/files/etc/nginx/sites-available/roundcube b/roles/webmail/files/etc/nginx/sites-available/roundcube
index 8251841..af1818b 100644
--- a/roles/webmail/files/etc/nginx/sites-available/roundcube
+++ b/roles/webmail/files/etc/nginx/sites-available/roundcube
@@ -2,41 +2,41 @@ server {
 
     listen      80;
     listen [::]:80 ipv6only=on;
 
     server_name  mail.fripost.org;
 
     access_log  /var/log/nginx/roundcube.access.log;
     error_log   /var/log/nginx/roundcube.error.log info;
 
     return 301 https://$host$request_uri;
 }
 
 
 server {
     listen      443;
     listen [::]:443 ipv6only=on;
 
     server_name  mail.fripost.org;
     root         /var/lib/roundcube;
 
-    include ssl/config;
+    include conf.d/ssl;
     # include the intermediate certificate, see
     # - https://www.ssllabs.com/ssltest/analyze.html?d=mail.fripost.org
     # - http://nginx.org/en/docs/http/configuring_https_servers.html
     ssl_certificate     /etc/nginx/ssl/mail.fripost.org.chained.pem;
     ssl_certificate_key /etc/nginx/ssl/mail.fripost.org.key;
 
     location = /favicon.ico {
         root          /usr/share/roundcube/skins/default/images;
         log_not_found off;
         access_log    off;
         expires       max;
     }
 
     location = /robots.txt {
         allow         all;
         log_not_found off;
         access_log    off;
     }
 
     # Deny all attempts to access hidden files, or files under hidden
diff --git a/roles/wiki/files/etc/nginx/sites-available/website b/roles/wiki/files/etc/nginx/sites-available/website
index ba8a34f..2a32212 100644
--- a/roles/wiki/files/etc/nginx/sites-available/website
+++ b/roles/wiki/files/etc/nginx/sites-available/website
@@ -1,41 +1,41 @@
 server {
     listen      80;
     listen [::]:80;
 
     server_name     fripost.org;
     server_name www.fripost.org;
 
     access_log /var/log/nginx/access.log;
     error_log  /var/log/nginx/error.log info;
 
     return 301 https://fripost.org$request_uri;
 }
 
 
 server {
     listen      443;
     listen [::]:443;
 
     server_name fripost.org;
 
-    include ssl/config;
+    include conf.d/ssl;
     # include the intermediate certificate, see
     # - https://www.ssllabs.com/ssltest/analyze.html?d=fripost.org
     # - http://nginx.org/en/docs/http/configuring_https_servers.html
     ssl_certificate     /etc/nginx/ssl/fripost.org.chained.pem;
     ssl_certificate_key /etc/nginx/ssl/fripost.org.key;
 
     access_log /var/log/nginx/access.log;
     error_log  /var/log/nginx/error.log info;
 
     location / {
         try_files $uri $uri/ =404;
         index index.html;
         root /var/lib/ikiwiki/public_html/fripost-wiki/website;
     }
     location /static/ {
         alias /var/lib/ikiwiki/public_html/fripost-wiki/static/;
         expires 30d;
     }
     location /material/ {
         alias /var/www/fripost.org/material/;
diff --git a/roles/wiki/files/etc/nginx/sites-available/wiki b/roles/wiki/files/etc/nginx/sites-available/wiki
index 304ea1a..8951633 100644
--- a/roles/wiki/files/etc/nginx/sites-available/wiki
+++ b/roles/wiki/files/etc/nginx/sites-available/wiki
@@ -9,41 +9,41 @@ server {
 
     location / {
         location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; }
         try_files $uri $uri/ =404;
         index index.html;
         root /var/lib/ikiwiki/public_html/fripost-wiki;
     }
 
     location = /ikiwiki.cgi {
         return 302 https://$host$request_uri;
     }
 }
 
 
 server {
     listen      443;
     listen [::]:443;
 
     server_name wiki.fripost.org;
 
-    include ssl/config;
+    include conf.d/ssl;
     # include the intermediate certificate, see
     # - https://www.ssllabs.com/ssltest/analyze.html?d=wiki.fripost.org
     # - http://nginx.org/en/docs/http/configuring_https_servers.html
     ssl_certificate     /etc/nginx/ssl/fripost.org.chained.pem;
     ssl_certificate_key /etc/nginx/ssl/fripost.org.key;
 
     access_log /var/log/nginx/wiki.access.log;
     error_log  /var/log/nginx/wiki.error.log info;
 
     location / {
         location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; }
         try_files $uri $uri/ =404;
         index index.html;
         root /var/lib/ikiwiki/public_html/fripost-wiki;
     }
 
     location = /ikiwiki.cgi {
         fastcgi_param DOCUMENT_ROOT   /var/lib/ikiwiki/public_html/fripost-wiki;
         fastcgi_param SCRIPT_FILENAME /var/lib/ikiwiki/public_html/ikiwiki.cgi;
         fastcgi_index ikiwiki.cgi;
author	Guilhem Moulin <guilhem@fripost.org>	2015-12-09 17:21:06 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2015-12-09 17:21:06 +0100
commit	2e67b6809d3b44da2e1e6ee6a974f10a3844964f (patch)
tree	5e01116da2e0108dc53fe18a2d53d3a8a45c9289
parent	32dbd35ec0e3e96a1a6ef569a641dc3c9e6a91f7 (diff)