- name: w.r3.at
rootdir: /srv/wiki.realraum.at/www/
urls:
- - wiki.realraum.at
- w.r3.at
+ - name: wiki.realraum.at
+ rootdir: /srv/wiki.realraum.at/www/
+ urls:
+ - wiki.realraum.at
- name: sensors.realraum.at
rootdir: /srv/sensors.realraum.at/www/
urls:
- name: link to snakeoil cert for nonexistent hostnames
file:
src: "../certs/{{ selfsigned_interim_cert_id }}"
- dest: /var/lib/acme/live/{{ r3rsrv.name }}
+ dest: "/var/lib/acme/live/{{ r3rsrv.name }}"
state: link
- name: enable nginx vhost config
import_role:
name: acmetool/cert
vars:
- acmetool_cert_name: {{ r3rsrv.name }}
+ acmetool_cert_name: "{{ r3rsrv.name }}"
--- /dev/null
+server {
+ listen [::]:443 ssl;
+ listen 443 ssl;
+
+ server_name {{ r3rsrv.urls | join(' ') }};
+
+ include snippets/acmetool.conf;
+ include snippets/ssl.conf;
+ ssl_certificate /var/lib/acme/live/{{ r3rsrv.name }}/fullchain;
+ ssl_certificate_key /var/lib/acme/live/{{ r3rsrv.name }}/privkey;
+ include snippets/hsts.conf;
+
+ include snippets/security-headers.conf;
+
+ root {{ r3rsrv.rootdir }};
+
+ access_log off;
+
+ location / {
+ return 302 https://doku.realraum.at$request_uri;
+ }
+
+ error_page 404 /404.html;
+}
projects / noc.git / commitdiff