summaryrefslogtreecommitdiffstats
path: root/roles/common-web
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common-web')
-rw-r--r--roles/common-web/files/etc/nginx/sites-available/default11
-rw-r--r--roles/common-web/files/etc/nginx/snippets/acme-challenge.conf4
-rw-r--r--roles/common-web/tasks/main.yml3
3 files changed, 17 insertions, 1 deletions
diff --git a/roles/common-web/files/etc/nginx/sites-available/default b/roles/common-web/files/etc/nginx/sites-available/default
new file mode 100644
index 0000000..6df1615
--- /dev/null
+++ b/roles/common-web/files/etc/nginx/sites-available/default
@@ -0,0 +1,11 @@
+server {
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log info;
+
+ # serve ACME challenges on all virtual hosts
+ # /!\ need to be served individually for each explicit virtual host as well!
+ include snippets/acme-challenge.conf;
+}
diff --git a/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf b/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf
new file mode 100644
index 0000000..b2a856a
--- /dev/null
+++ b/roles/common-web/files/etc/nginx/snippets/acme-challenge.conf
@@ -0,0 +1,4 @@
+location /.well-known/acme-challenge/ {
+ alias /var/www/acme-challenge/;
+ default_type application/jose+json;
+}
diff --git a/roles/common-web/tasks/main.yml b/roles/common-web/tasks/main.yml
index c44e3a5..fb6bb2d 100644
--- a/roles/common-web/tasks/main.yml
+++ b/roles/common-web/tasks/main.yml
@@ -1,41 +1,42 @@
- name: Install Nginx
apt: pkg=nginx
- name: Limit Nginx logging
lineinfile: "dest=/etc/logrotate.d/nginx create=yes
regexp='^\\s*rotate\\s'
line='\trotate 1'"
tags:
- logrotate
-- name: Copy fastcgi parameters and SSL configuration snippets
+- name: Copy fastcgi parameters, acme-challenge and SSL configuration snippets
copy: src=etc/nginx/snippets/{{ item }}
dest=/etc/nginx/snippets/{{ item }}
owner=root group=root
mode=0644
register: r1
with_items:
- fastcgi.conf
- fastcgi-php.conf
- fastcgi-php-ssl.conf
- ssl.conf
+ - acme-challenge.conf
notify:
- Restart Nginx
- name: Copy /etc/nginx/sites-available/default
copy: src=etc/nginx/sites-available/default
dest=/etc/nginx/sites-available/default
owner=root group=root
mode=0644
register: r2
notify:
- Restart Nginx
- name: Create /etc/nginx/sites-enabled/default
file: src=../sites-available/default
dest=/etc/nginx/sites-enabled/default
owner=root group=root
state=link force=yes
register: r3
notify:
- Restart Nginx
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-08 06:10:01 +0000