From 726e051dbf81e3f47eec428ec30dd694342f5650 Mon Sep 17 00:00:00 2001 From: cspark Date: Mon, 18 Mar 2024 11:51:19 +0000 Subject: [PATCH] Switch over to letsencrypt wildcard cert --- prox-server-setup.yml | 72 ++++++------------- .../etc/nginx/sites-available/chat.domain | 4 +- .../nginx/sites-available/invidious.domain | 4 +- .../nginx/sites-available/nextcloud.domain | 4 +- .../etc/nginx/sites-available/searxng.domain | 4 +- 5 files changed, 29 insertions(+), 59 deletions(-) diff --git a/prox-server-setup.yml b/prox-server-setup.yml index e4d0e80..8683538 100755 --- a/prox-server-setup.yml +++ b/prox-server-setup.yml @@ -95,67 +95,37 @@ path: /etc/nginx/sites-available/ state: directory - - name: Ensure reverse proxy git domain config is updated + # Ensure all NGinx site configurations are updated/enabled + - name: Ensure all NGinx site configurations are updated template: src: proxy_resources/etc/nginx/sites-available/git.domain - dest: "/etc/nginx/sites-available/git.{{ domain_name }}" - - name: Enable the reverse proxy git domain config + dest: "/etc/nginx/sites-available/{{ item }}.{{ domain_name }}" + loop: + - git + - mail + - searxng + - nextcloud + - chat + - invidious + - name: Ensure all NGinx site configurations are enabled ansible.builtin.file: - src: "/etc/nginx/sites-available/git.{{ domain_name }}" - dest: "/etc/nginx/sites-enabled/git.{{ domain_name }}" + src: "/etc/nginx/sites-available/{{ item }}.{{ domain_name }}" + dest: "/etc/nginx/sites-enabled/{{ item }}.{{ domain_name }}" state: link + loop: + - git + - mail + - searxng + - nextcloud + - chat + - invidious - # TODO : Overhaul all of this to use loops instead - # - name: Ensure reverse proxy invidious domain config is updated - # template: - # src: proxy_resources/etc/nginx/sites-available/invidious.domain - # dest: "/etc/nginx/sites-available/invidious.{{ domain_name }}" - # - name: Ensure reverse proxy mail domain config is updated - # template: - # src: proxy_resources/etc/nginx/sites-available/mail.domain - # dest: "/etc/nginx/sites-available/mail.{{ domain_name }}" - # - name: Ensure reverse proxy searxng domain config is updated - # template: - # src: proxy_resources/etc/nginx/sites-available/searxng.domain - # dest: "/etc/nginx/sites-available/searxng.{{ domain_name }}" - # - name: Ensure reverse proxy nextcloud domain config is updated - # template: - # src: proxy_resources/etc/nginx/sites-available/nextcloud.domain - # dest: "/etc/nginx/sites-available/nextcloud.{{ domain_name }}" - # - name: Ensure reverse proxy chat domain config is updated - # template: - # src: proxy_resources/etc/nginx/sites-available/chat.domain - # dest: "/etc/nginx/sites-available/chat.{{ domain_name }}" - # - name: Enable the reverse proxy invidious domain config - # ansible.builtin.file: - # src: /etc/nginx/sites-available/invidious.{{ domain_name }} - # dest: /etc/nginx/sites-enabled/invidious.{{ domain_name }} - # state: link - # - name: Enable the reverse proxy mail domain config - # ansible.builtin.file: - # src: /etc/nginx/sites-available/mail.{{ domain_name }} - # dest: /etc/nginx/sites-enabled/mail.{{ domain_name }} - # state: link - # - name: Enable the reverse proxy searxng domain config - # ansible.builtin.file: - # src: /etc/nginx/sites-available/searxng.{{ domain_name }} - # dest: /etc/nginx/sites-enabled/searxng.{{ domain_name }} - # state: link - # - name: Enable the reverse proxy nextcloud domain config - # ansible.builtin.file: - # src: /etc/nginx/sites-available/nextcloud.{{ domain_name }} - # dest: /etc/nginx/sites-enabled/nextcloud.{{ domain_name }} - # state: link - # - name: Enable the reverse proxy chat domain config - # ansible.builtin.file: - # src: /etc/nginx/sites-available/chat.{{ domain_name }} - # dest: /etc/nginx/sites-enabled/chat.{{ domain_name }} - # state: link - name: Enable NGinx ansible.builtin.systemd: name: nginx enabled: yes state: started + # Experimental NGinx Email Proxy # - name: Ensure Email Proxy Authentication Server is updated # ansible.builtin.template: diff --git a/proxy_resources/etc/nginx/sites-available/chat.domain b/proxy_resources/etc/nginx/sites-available/chat.domain index aae16ec..3b55dc7 100755 --- a/proxy_resources/etc/nginx/sites-available/chat.domain +++ b/proxy_resources/etc/nginx/sites-available/chat.domain @@ -87,8 +87,8 @@ server { } listen 443 ssl http2; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/chat.{{ domain_name }}/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/chat.{{ domain_name }}/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot diff --git a/proxy_resources/etc/nginx/sites-available/invidious.domain b/proxy_resources/etc/nginx/sites-available/invidious.domain index c1927a6..dc1e25d 100755 --- a/proxy_resources/etc/nginx/sites-available/invidious.domain +++ b/proxy_resources/etc/nginx/sites-available/invidious.domain @@ -16,8 +16,8 @@ server { listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/invidious.{{ domain_name }}-0001/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/invidious.{{ domain_name }}-0001/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot diff --git a/proxy_resources/etc/nginx/sites-available/nextcloud.domain b/proxy_resources/etc/nginx/sites-available/nextcloud.domain index e8512b6..4747726 100755 --- a/proxy_resources/etc/nginx/sites-available/nextcloud.domain +++ b/proxy_resources/etc/nginx/sites-available/nextcloud.domain @@ -26,8 +26,8 @@ server { listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/nextcloud.{{ domain_name }}/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/nextcloud.{{ domain_name }}/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot diff --git a/proxy_resources/etc/nginx/sites-available/searxng.domain b/proxy_resources/etc/nginx/sites-available/searxng.domain index d4d4b83..b72bc64 100755 --- a/proxy_resources/etc/nginx/sites-available/searxng.domain +++ b/proxy_resources/etc/nginx/sites-available/searxng.domain @@ -17,8 +17,8 @@ server { listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/searxng.{{ domain_name }}/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/searxng.{{ domain_name }}/privkey.pem; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot