Use certbot to issue certificates
This commit is contained in:
parent
8e1a203df2
commit
39899cd1e0
10 changed files with 80 additions and 43 deletions
|
@ -9,8 +9,8 @@ server {
|
||||||
set $upstream {{ upstream }};
|
set $upstream {{ upstream }};
|
||||||
|
|
||||||
ssl_certificate {{ ssl_cert_path }}/fullchain.pem;
|
ssl_certificate {{ ssl_cert_path }}/fullchain.pem;
|
||||||
ssl_certificate_key {{ ssl_cert_path }}/key.pem;
|
ssl_certificate_key {{ ssl_cert_path }}/privkey.pem;
|
||||||
ssl_trusted_certificate {{ ssl_cert_path }}/cert.pem;
|
ssl_trusted_certificate {{ ssl_cert_path }}/chain.pem;
|
||||||
include includes/ssl.conf;
|
include includes/ssl.conf;
|
||||||
|
|
||||||
include includes/docker-resolver.conf;
|
include includes/docker-resolver.conf;
|
||||||
|
|
|
@ -20,3 +20,5 @@ roles:
|
||||||
version: v2022.10.17
|
version: v2022.10.17
|
||||||
- src: nginxinc.nginx
|
- src: nginxinc.nginx
|
||||||
version: 0.24.1
|
version: 0.24.1
|
||||||
|
- src: geerlingguy.certbot
|
||||||
|
version: 5.1.0
|
||||||
|
|
13
ansible/group_vars/all/certbot.yml
Normal file
13
ansible/group_vars/all/certbot.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
certbot_install_method: package
|
||||||
|
certbot_auto_renew: true
|
||||||
|
certbot_auto_renew_user: root
|
||||||
|
certbot_auto_renew_hour: 23
|
||||||
|
certbot_auto_renew_minute: 30
|
||||||
|
certbot_auto_renew_options: --quiet --post-hook "systemctl reload nginx"
|
||||||
|
certbot_admin_email: "{{ vault_certbot_admin_email }}"
|
||||||
|
|
||||||
|
certbot_create_method: webroot
|
||||||
|
|
||||||
|
certbot_webroot: /var/www/certbot-webroot
|
||||||
|
|
||||||
|
certbot_create_if_missing: true
|
77
ansible/group_vars/all/vault.yml
generated
77
ansible/group_vars/all/vault.yml
generated
|
@ -1,38 +1,41 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
64313263396466623131663462303837643566386538363331643866643630663237313165343936
|
63376661396632313137666432623833393836313463393466663331306566633734313864386538
|
||||||
6661326238643732343035346436393737303234356533630a386166383135343135373135373036
|
6365623730303762613261346138613733323664306361660a303762663233366462653363313038
|
||||||
38336137316638633339656633363263633462363766643739306136306233663732613135306230
|
64333230383538653136663630336664653435356438666261316366626238343535386431653930
|
||||||
6233653966313034350a616133663134343235643930396462613139326233396563633061623437
|
3432393363373533340a613664306366383533326637626238336638376435313730666433393439
|
||||||
63343464346239323030336261633964346331323465623461313762373863336361356533666130
|
30623336653365383939333936346661383663383535633562353130363861386264336539303566
|
||||||
61613930616462373465316532376139373261616438616334643664383937303865386663316133
|
62636634366363306536633532336664336164373739643834366431626635393762323634626436
|
||||||
30356564343334303764346433366265653663646231636666363065393465326237613236666536
|
31333936376466616261376239643961616431333461386165393762656363353964353031356538
|
||||||
64663965633264373266386131366465393938343238366430306335346561303366343836323533
|
37353466353037306236323562396264633966353932633461353964616661666363313432396236
|
||||||
38323033336361343431656233353662383463653232616137666266653332353039303438646466
|
35343065666636663632376264346263623065383266383039373132336339343030633231623636
|
||||||
31666434666264303163643662323531376239666432616561363830643836313734363732363137
|
61383765636366326231346130386562323630326161663536636534666434343035653535303961
|
||||||
66366630636465326631353464356465303939393766386332616661623133343735626338386661
|
65336661366534613631343566623136626163363664303364306364313635633962333961333639
|
||||||
31346134663366386339383439363035376361313336393335656532363638616136323637333734
|
61666431393134313032633730623532383765636334666462303234313530316331646463623965
|
||||||
38343261333533653833353461386537633635303739663432633766373634363832313030623665
|
66323435313561623136636264393362323530343661303562623365636431633431636361343765
|
||||||
33663737393164643839373064383964376239333465363731643862303238353432623635656665
|
64366465613936363065303463323432646562343031363764616637623136633034383235656565
|
||||||
38383265623034393631303638663633336466336566336231366334396532303934663538656666
|
65623066653538313966376532373564633062326164643234376365623936376632623136363263
|
||||||
32316465626563306534653531646334336133343162623433623734653465346231323764393662
|
34363630613364393133343565383630623036376134353633373836636232653261633337323366
|
||||||
35333930656435636539373862346631323839303335623364313436383432316437353731373463
|
30376263613862663966396539663834313066303163663636366330316535373634346463666636
|
||||||
31373138326565626661613335663964623264336232393364336630306236396230316232306235
|
38663335336565616462613838346435353330643533326164353532646436643031666166636465
|
||||||
66626131393966313739626432366463663335643263323237333534643036396537383339373932
|
30653735396537376536613239613166323665393066616366303431336662646363613536373861
|
||||||
36343236643731646535346433363139363131623738633234336162383361326661353161656436
|
36643838633832303866363032396335626234623863656432336431666333373235373539666638
|
||||||
34663463326264323239383066623038316639336666363230616535616631623637646539343335
|
63383130363333646135333630323230393231396262363039666336326436613831633831313331
|
||||||
63633731323564636234313838306661616363306165356661343930616231666165613461366435
|
38333038353338643532343830346436353331313763323264303031396137376336643834363837
|
||||||
39313938666431303930663763363462633466326665366432363334393333343766623061666135
|
38633739613534613837643432663465366632383732333437633663643136376139363633636465
|
||||||
38636639626134663930333664396534646165383435613035393333383563616639393262333933
|
62623261663462333162313938376261386439633964626664393439356561306433333661366239
|
||||||
30623861623638393838643561373834396431396538316662326134356639323431656631623137
|
39633739333830303730353663663863623539376333373161663237663862623333626633343836
|
||||||
37666534326530623966343361393235303934323635313063623833353161643165386363373765
|
32386135636639306161303865643633616431373563626461386562626336643638336436333631
|
||||||
31633461313062396633623561666537633239353035363932333064303338363632316632343031
|
63656136363235393761366664626531313566646537343930663633393337643264633731366165
|
||||||
36323266343665356635643131613364616134666161353063356562343561633064666661623832
|
65326165376466333537653733303463363431383963343561366530343335353561613438643339
|
||||||
61366538383631303030316535666639323236323536346635326563383033643538653761623930
|
64646136336362393339323565353835376237346538396165653763343030373732633065643436
|
||||||
37336434386462363030363866636661656632663938623066636435316437663962303265353363
|
37336532313939306265303731663430613237666534616463343633313837323532666532363238
|
||||||
30353734653334323536303330633865663963333839386632333336306637333335383532323039
|
62376638343862356231323165326561653637666232646437316234376638366333313732373266
|
||||||
61666263663266313763353662353136646336646539333163303366323162323435616266626466
|
64633365613630306265303664366536616332323435356234616334323733363131366532363562
|
||||||
34646134313732393164306463643261326439333565643036303663326263353434663762653263
|
64613631333931626263356538633831396261653038633535643437643332396436653233646438
|
||||||
63636334363965313137306238393239393938626437353832326634663562653663663265633861
|
35613861363438333463643935636232346639353763323663396366356537633339353664616636
|
||||||
62363630306364326136653234623764333063306138313037306363346435323435623661393630
|
64386133653531313039306631386136353638333066353765613761353532393662633564666130
|
||||||
31656463313838313135386331386332333763336362393630643062643966646339386230663038
|
39306534383434333733396134393163633136376633633565326331373637393231613934623638
|
||||||
36653632626663613536383331393336356333666334646633626363663965393563
|
37626130353035326230656364393164633538356466623635366230643331663634636330363561
|
||||||
|
34326465643464376565346163393834616166366464313635396463396639353965303831353564
|
||||||
|
65313534646662636636613066653938396666303733623238613662393536643364323331363961
|
||||||
|
65613037313332346665
|
||||||
|
|
|
@ -2,3 +2,12 @@ restic_backup_locations:
|
||||||
- /opt
|
- /opt
|
||||||
|
|
||||||
nginx_https_redirect: true
|
nginx_https_redirect: true
|
||||||
|
|
||||||
|
certbot_certs:
|
||||||
|
- domains:
|
||||||
|
- theorangeone.net
|
||||||
|
- domains:
|
||||||
|
- commento.theorangeone.net
|
||||||
|
- domains:
|
||||||
|
- plausible.theorangeone.net
|
||||||
|
- elbisualp.theorangeone.net
|
||||||
|
|
|
@ -99,6 +99,8 @@
|
||||||
|
|
||||||
- hosts: walker
|
- hosts: walker
|
||||||
roles:
|
roles:
|
||||||
|
- role: geerlingguy.certbot
|
||||||
|
become: true
|
||||||
- nebula
|
- nebula
|
||||||
- coredns
|
- coredns
|
||||||
- nginx
|
- nginx
|
||||||
|
|
|
@ -29,4 +29,4 @@
|
||||||
vars:
|
vars:
|
||||||
server_name: commento.theorangeone.net
|
server_name: commento.theorangeone.net
|
||||||
upstream: commento-commento-1.docker:8080
|
upstream: commento-commento-1.docker:8080
|
||||||
ssl_cert_path: /etc/nginx/ssl/theorangeone.net
|
ssl_cert_path: /etc/letsencrypt/live/commento.theorangeone.net
|
||||||
|
|
|
@ -2,5 +2,13 @@ server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name _;
|
server_name _;
|
||||||
access_log off;
|
access_log off;
|
||||||
return 308 https://$host$request_uri;
|
|
||||||
|
location ^~ /.well-known/acme-challenge/ {
|
||||||
|
default_type "text/plain";
|
||||||
|
root {{ certbot_webroot }};
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 308 https://$host$request_uri;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -45,6 +45,6 @@
|
||||||
vars:
|
vars:
|
||||||
server_name: plausible.theorangeone.net elbisualp.theorangeone.net
|
server_name: plausible.theorangeone.net elbisualp.theorangeone.net
|
||||||
upstream: plausible-plausible-1.docker:8000
|
upstream: plausible-plausible-1.docker:8000
|
||||||
ssl_cert_path: /etc/nginx/ssl/theorangeone.net
|
ssl_cert_path: /etc/letsencrypt/live/plausible.theorangeone.net
|
||||||
location_extra: |
|
location_extra: |
|
||||||
rewrite ^/js/index.js$ /js/plausible.js last;
|
rewrite ^/js/index.js$ /js/plausible.js last;
|
||||||
|
|
|
@ -29,6 +29,6 @@
|
||||||
vars:
|
vars:
|
||||||
server_name: theorangeone.net
|
server_name: theorangeone.net
|
||||||
upstream: website-nginx-1.docker:8000
|
upstream: website-nginx-1.docker:8000
|
||||||
ssl_cert_path: /etc/nginx/ssl/theorangeone.net
|
ssl_cert_path: /etc/letsencrypt/live/theorangeone.net
|
||||||
location_extra: |
|
location_extra: |
|
||||||
more_set_headers "Server: $upstream_http_server";
|
more_set_headers "Server: $upstream_http_server";
|
||||||
|
|
Loading…
Reference in a new issue