foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nginx: Configure proxy key/cert globally and not in site

Browse source
This commit is contained in:
Timo Makinen 2020-09-09 19:55:00 +00:00
parent 852770b74a
commit 3b67903e4f
2 changed files with 3 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
roles/nginx/server/templates/nginx.conf.j2
View file

@ -25,6 +25,9 @@ http {
ssl_ciphers {{ tls_ciphers }}; ssl_ciphers {{ tls_ciphers }};
ssl_prefer_server_ciphers off; ssl_prefer_server_ciphers off;
proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;

4
roles/nginx/site/templates/site.conf.j2
View file

@ -22,8 +22,6 @@ server {
{% else %} {% else %}
proxy_pass {{ proxy }}; proxy_pass {{ proxy }};
{% endif %} {% endif %}
proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
} }
{% else %} {% else %}
root /srv/web/{{ site }}; root /srv/web/{{ site }};
@ -38,8 +36,6 @@ server {
server_name {{ site }}; server_name {{ site }};
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
proxy_pass https://certbot.home.foo.sh/.well-known/acme-challenge/; proxy_pass https://certbot.home.foo.sh/.well-known/acme-challenge/;
proxy_ssl_certificate {{ tls_certs }}/{{ inventory_hostname }}.crt;
proxy_ssl_certificate_key {{ tls_private }}/{{ inventory_hostname }}.key;
} }
location / { location / {
{% if redirect is defined %} {% if redirect is defined %}