Switch over to letsencrypt wildcard cert

2024-03-18 11:51:19 +00:00 · 2024-03-18 11:51:19 +00:00 · 726e051dbf
parent f4ed15669c
commit 726e051dbf
5 changed files with 29 additions and 59 deletions
--- a/prox-server-setup.yml
+++ b/prox-server-setup.yml
@ -95,67 +95,37 @@
        path: /etc/nginx/sites-available/
        state: directory
-    - name: Ensure reverse proxy git domain config is updated
+    # Ensure all NGinx site configurations are updated/enabled
    - name: Ensure all NGinx site configurations are updated
      template:
        src: proxy_resources/etc/nginx/sites-available/git.domain
-        dest: "/etc/nginx/sites-available/git.{{ domain_name }}"
+        dest: "/etc/nginx/sites-available/{{ item }}.{{ domain_name }}"
-    - name: Enable the reverse proxy git domain config
+      loop:
        - git
        - mail
        - searxng
        - nextcloud
        - chat
        - invidious
    - name: Ensure all NGinx site configurations are enabled      
      ansible.builtin.file:
-        src: "/etc/nginx/sites-available/git.{{ domain_name }}"
+        src: "/etc/nginx/sites-available/{{ item }}.{{ domain_name }}"
-        dest: "/etc/nginx/sites-enabled/git.{{ domain_name }}"
+        dest: "/etc/nginx/sites-enabled/{{ item }}.{{ domain_name }}"
        state: link
      loop:
        - git
        - mail
        - searxng
        - nextcloud
        - chat
        - invidious
          # TODO : Overhaul all of this to use loops instead
          #    - name: Ensure reverse proxy invidious domain config is updated
          #      template:
          #        src: proxy_resources/etc/nginx/sites-available/invidious.domain
          #        dest: "/etc/nginx/sites-available/invidious.{{ domain_name }}"
          #    - name: Ensure reverse proxy mail domain config is updated
          #      template:
          #        src: proxy_resources/etc/nginx/sites-available/mail.domain
          #        dest: "/etc/nginx/sites-available/mail.{{ domain_name }}"
          #    - name: Ensure reverse proxy searxng domain config is updated
          #      template:
          #        src: proxy_resources/etc/nginx/sites-available/searxng.domain
          #        dest: "/etc/nginx/sites-available/searxng.{{ domain_name }}"
          #    - name: Ensure reverse proxy nextcloud domain config is updated
          #      template:
          #        src: proxy_resources/etc/nginx/sites-available/nextcloud.domain
          #        dest: "/etc/nginx/sites-available/nextcloud.{{ domain_name }}"
          #    - name: Ensure reverse proxy chat domain config is updated
          #      template:
          #        src: proxy_resources/etc/nginx/sites-available/chat.domain
          #        dest: "/etc/nginx/sites-available/chat.{{ domain_name }}"
          #    - name: Enable the reverse proxy invidious domain config
          #      ansible.builtin.file:
          #        src: /etc/nginx/sites-available/invidious.{{ domain_name }}
          #        dest: /etc/nginx/sites-enabled/invidious.{{ domain_name }}
          #        state: link
          #    - name: Enable the reverse proxy mail domain config
          #      ansible.builtin.file:
          #        src: /etc/nginx/sites-available/mail.{{ domain_name }}
          #        dest: /etc/nginx/sites-enabled/mail.{{ domain_name }}
          #        state: link
          #    - name: Enable the reverse proxy searxng domain config
          #      ansible.builtin.file:
          #        src: /etc/nginx/sites-available/searxng.{{ domain_name }}
          #        dest: /etc/nginx/sites-enabled/searxng.{{ domain_name }}
          #        state: link
          #    - name: Enable the reverse proxy nextcloud domain config
          #      ansible.builtin.file:
          #        src: /etc/nginx/sites-available/nextcloud.{{ domain_name }}
          #        dest: /etc/nginx/sites-enabled/nextcloud.{{ domain_name }}
          #        state: link
          #    - name: Enable the reverse proxy chat domain config
          #      ansible.builtin.file:
          #        src: /etc/nginx/sites-available/chat.{{ domain_name }}
          #        dest: /etc/nginx/sites-enabled/chat.{{ domain_name }}
          #        state: link
    - name: Enable NGinx
      ansible.builtin.systemd:
        name: nginx
        enabled: yes
        state: started
    # Experimental NGinx Email Proxy
    #    - name: Ensure Email Proxy Authentication Server is updated
    #      ansible.builtin.template:
--- a/proxy_resources/etc/nginx/sites-available/chat.domain
+++ b/proxy_resources/etc/nginx/sites-available/chat.domain
@ -87,8 +87,8 @@ server {
  }
    listen 443 ssl http2; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/chat.{{ domain_name }}/fullchain.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/chat.{{ domain_name }}/privkey.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
--- a/proxy_resources/etc/nginx/sites-available/invidious.domain
+++ b/proxy_resources/etc/nginx/sites-available/invidious.domain
@ -16,8 +16,8 @@ server {
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/invidious.{{ domain_name }}-0001/fullchain.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/invidious.{{ domain_name }}-0001/privkey.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
--- a/proxy_resources/etc/nginx/sites-available/nextcloud.domain
+++ b/proxy_resources/etc/nginx/sites-available/nextcloud.domain
@ -26,8 +26,8 @@ server {
    	listen [::]:443 ssl; # managed by Certbot
    	listen 443 ssl; # managed by Certbot
-    	ssl_certificate /etc/letsencrypt/live/nextcloud.{{ domain_name }}/fullchain.pem; # managed by Certbot
+    	ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
-    	ssl_certificate_key /etc/letsencrypt/live/nextcloud.{{ domain_name }}/privkey.pem; # managed by Certbot
+    	ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
    	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
--- a/proxy_resources/etc/nginx/sites-available/searxng.domain
+++ b/proxy_resources/etc/nginx/sites-available/searxng.domain
@ -17,8 +17,8 @@ server {
    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/searxng.{{ domain_name }}/fullchain.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/searxng.{{ domain_name }}/privkey.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot