Use the Let's Encrypt CA for our public certs.

author: Guilhem Moulin <guilhem@fripost.org> 2015-12-20 14:13:08 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2015-12-20 14:13:13 +0100
commit: da2572ddb144086034eba1989ae909763e95c680 (patch)
tree: d3374338793592412ca1b10fb4fc20068a392c4e /roles/common-web/files
parent: 01e59771866559cc13a58800282617d04cb286a6 (diff)
2 files changed, 15 insertions, 0 deletions
diff --git a/roles/common-web/files/etc/nginx/sites-available/default b/roles/common-web/files/etc/nginx/sites-available/default
new file mode 100644
index 0000000..6df1615
--- /dev/null
+++ b/roles/common-web/files/etc/nginx/sites-available/default
@@ -0,0 +1,11 @@
+server {
+    listen      80 default_server;
+    listen [::]:80 default_server;
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log info;
+
+    # serve ACME challenges on all virtual hosts
+    # /!\ need to be served individually for each explicit virtual host as well!
+    include snippets/acme-challenge.conf;
+}
diff --git a/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf b/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf
new file mode 100644
index 0000000..b2a856a
--- /dev/null
+++ b/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf
@@ -0,0 +1,4 @@
+location /.well-known/acme-challenge/ {
+    alias /var/www/acme-challenge/;
+    default_type application/jose+json;
+}
author	Guilhem Moulin <guilhem@fripost.org>	2015-12-20 14:13:08 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2015-12-20 14:13:13 +0100
commit	da2572ddb144086034eba1989ae909763e95c680 (patch)
tree	d3374338793592412ca1b10fb4fc20068a392c4e /roles/common-web/files
parent	01e59771866559cc13a58800282617d04cb286a6 (diff)