Switch over to letsencrypt wildcard cert

2024-03-18 11:51:19 +00:00 · 2024-03-18 11:51:19 +00:00 · 726e051dbf
parent f4ed15669c
commit 726e051dbf
5 changed files with 29 additions and 59 deletions
--- a/prox-server-setup.yml
+++ b/prox-server-setup.yml
@ -95,67 +95,37 @@
        path: /etc/nginx/sites-available/
        state: directory

-    - name: Ensure reverse proxy git domain config is updated
+    # Ensure all NGinx site configurations are updated/enabled
+    - name: Ensure all NGinx site configurations are updated
      template:
        src: proxy_resources/etc/nginx/sites-available/git.domain
-        dest: "/etc/nginx/sites-available/git.{{ domain_name }}"
-    - name: Enable the reverse proxy git domain config
+        dest: "/etc/nginx/sites-available/{{ item }}.{{ domain_name }}"
+      loop:
+        - git
+        - mail
+        - searxng
+        - nextcloud
+        - chat
+        - invidious
+    - name: Ensure all NGinx site configurations are enabled      
      ansible.builtin.file:
-        src: "/etc/nginx/sites-available/git.{{ domain_name }}"
-        dest: "/etc/nginx/sites-enabled/git.{{ domain_name }}"
+        src: "/etc/nginx/sites-available/{{ item }}.{{ domain_name }}"
+        dest: "/etc/nginx/sites-enabled/{{ item }}.{{ domain_name }}"
        state: link
+      loop:
+        - git
+        - mail
+        - searxng
+        - nextcloud
+        - chat
+        - invidious

-          # TODO : Overhaul all of this to use loops instead
-          #    - name: Ensure reverse proxy invidious domain config is updated
-          #      template:
-          #        src: proxy_resources/etc/nginx/sites-available/invidious.domain
-          #        dest: "/etc/nginx/sites-available/invidious.{{ domain_name }}"
-          #    - name: Ensure reverse proxy mail domain config is updated
-          #      template:
-          #        src: proxy_resources/etc/nginx/sites-available/mail.domain
-          #        dest: "/etc/nginx/sites-available/mail.{{ domain_name }}"
-          #    - name: Ensure reverse proxy searxng domain config is updated
-          #      template:
-          #        src: proxy_resources/etc/nginx/sites-available/searxng.domain
-          #        dest: "/etc/nginx/sites-available/searxng.{{ domain_name }}"
-          #    - name: Ensure reverse proxy nextcloud domain config is updated
-          #      template:
-          #        src: proxy_resources/etc/nginx/sites-available/nextcloud.domain
-          #        dest: "/etc/nginx/sites-available/nextcloud.{{ domain_name }}"
-          #    - name: Ensure reverse proxy chat domain config is updated
-          #      template:
-          #        src: proxy_resources/etc/nginx/sites-available/chat.domain
-          #        dest: "/etc/nginx/sites-available/chat.{{ domain_name }}"
-          #    - name: Enable the reverse proxy invidious domain config
-          #      ansible.builtin.file:
-          #        src: /etc/nginx/sites-available/invidious.{{ domain_name }}
-          #        dest: /etc/nginx/sites-enabled/invidious.{{ domain_name }}
-          #        state: link
-          #    - name: Enable the reverse proxy mail domain config
-          #      ansible.builtin.file:
-          #        src: /etc/nginx/sites-available/mail.{{ domain_name }}
-          #        dest: /etc/nginx/sites-enabled/mail.{{ domain_name }}
-          #        state: link
-          #    - name: Enable the reverse proxy searxng domain config
-          #      ansible.builtin.file:
-          #        src: /etc/nginx/sites-available/searxng.{{ domain_name }}
-          #        dest: /etc/nginx/sites-enabled/searxng.{{ domain_name }}
-          #        state: link
-          #    - name: Enable the reverse proxy nextcloud domain config
-          #      ansible.builtin.file:
-          #        src: /etc/nginx/sites-available/nextcloud.{{ domain_name }}
-          #        dest: /etc/nginx/sites-enabled/nextcloud.{{ domain_name }}
-          #        state: link
-          #    - name: Enable the reverse proxy chat domain config
-          #      ansible.builtin.file:
-          #        src: /etc/nginx/sites-available/chat.{{ domain_name }}
-          #        dest: /etc/nginx/sites-enabled/chat.{{ domain_name }}
-          #        state: link
    - name: Enable NGinx
      ansible.builtin.systemd:
        name: nginx
        enabled: yes
        state: started
+
    # Experimental NGinx Email Proxy
    #    - name: Ensure Email Proxy Authentication Server is updated
    #      ansible.builtin.template:
--- a/proxy_resources/etc/nginx/sites-available/chat.domain
+++ b/proxy_resources/etc/nginx/sites-available/chat.domain
@ -87,8 +87,8 @@ server {
  }

    listen 443 ssl http2; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/chat.{{ domain_name }}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/chat.{{ domain_name }}/privkey.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

--- a/proxy_resources/etc/nginx/sites-available/invidious.domain
+++ b/proxy_resources/etc/nginx/sites-available/invidious.domain
@ -16,8 +16,8 @@ server {

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/invidious.{{ domain_name }}-0001/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/invidious.{{ domain_name }}-0001/privkey.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

--- a/proxy_resources/etc/nginx/sites-available/nextcloud.domain
+++ b/proxy_resources/etc/nginx/sites-available/nextcloud.domain
@ -26,8 +26,8 @@ server {

    	listen [::]:443 ssl; # managed by Certbot
    	listen 443 ssl; # managed by Certbot
-    	ssl_certificate /etc/letsencrypt/live/nextcloud.{{ domain_name }}/fullchain.pem; # managed by Certbot
-    	ssl_certificate_key /etc/letsencrypt/live/nextcloud.{{ domain_name }}/privkey.pem; # managed by Certbot
+    	ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
+    	ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
    	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

--- a/proxy_resources/etc/nginx/sites-available/searxng.domain
+++ b/proxy_resources/etc/nginx/sites-available/searxng.domain
@ -17,8 +17,8 @@ server {

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/searxng.{{ domain_name }}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/searxng.{{ domain_name }}/privkey.pem; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot