diff options
m--------- | library/inwx-collection | 0 | ||||
-rw-r--r-- | nginx.conf | 50 | ||||
-rw-r--r-- | nginx_nossl.conf | 7 | ||||
-rw-r--r-- | playbook.yml | 5 | ||||
-rw-r--r-- | setup_containers.yml | 2 | ||||
-rw-r--r-- | setup_git.yml | 2 | ||||
-rw-r--r-- | setup_webserver.yml | 8 |
7 files changed, 64 insertions, 10 deletions
diff --git a/library/inwx-collection b/library/inwx-collection -Subproject 0ac040da14cc9d834098addc03cd8d4d26647df +Subproject 2928298f35d66d265679e8188029ce5834b2898 @@ -88,7 +88,6 @@ http { listen 443 ssl http2; listen [::]:443 ssl http2; server_name blog.jaseg.net; - root /usr/share/nginx/html; ssl_certificate "/etc/letsencrypt/live/blog.jaseg.net/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.net/privkey.pem"; @@ -103,11 +102,33 @@ http { add_header Strict-Transport-Security "max-age=86400"; + return 301 https://blog.jaseg.de$request_uri; + } + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name blog.jaseg.de; + root /usr/share/nginx/html; + + ssl_certificate "/etc/letsencrypt/live/blog.jaseg.de/fullchain.pem"; + ssl_certificate_key "/etc/letsencrypt/live/blog.jaseg.de/privkey.pem"; + ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; + include /etc/letsencrypt/options-ssl-nginx.conf; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; + + add_header Strict-Transport-Security "max-age=86400"; + # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; location / { - root /var/www/blog.jaseg.net; + root /var/www/blog.jaseg.de; } location /d/ { @@ -327,7 +348,6 @@ http { listen 443 ssl http2; listen [::]:443 ssl http2; server_name git.jaseg.net; - root /usr/share/nginx/html; ssl_certificate "/etc/letsencrypt/live/git.jaseg.net/fullchain.pem"; ssl_certificate_key "/etc/letsencrypt/live/git.jaseg.net/privkey.pem"; @@ -342,6 +362,28 @@ http { add_header Strict-Transport-Security "max-age=86400"; + return 301 https://git.jaseg.de$request_uri; + } + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name git.jaseg.de; + root /usr/share/nginx/html; + + ssl_certificate "/etc/letsencrypt/live/git.jaseg.de/fullchain.pem"; + ssl_certificate_key "/etc/letsencrypt/live/git.jaseg.de/privkey.pem"; + ssl_dhparam "/etc/letsencrypt/ssl-dhparams.pem"; + include /etc/letsencrypt/options-ssl-nginx.conf; + + ssl_stapling on; + ssl_stapling_verify on; + + resolver 67.207.67.2 67.207.67.3 valid=300s; + resolver_timeout 10s; + + add_header Strict-Transport-Security "max-age=86400"; + # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; @@ -351,7 +393,7 @@ http { } location ~ ^/(cgit.png|favicon.png) { - alias /var/www/git.jaseg.net/cgit.png; + alias /var/www/git.jaseg.de/cgit.png; } location / { diff --git a/nginx_nossl.conf b/nginx_nossl.conf index 8d5a5a5..87de478 100644 --- a/nginx_nossl.conf +++ b/nginx_nossl.conf @@ -48,5 +48,12 @@ http { server_name blog.jaseg.net; return 301 https://$host$request_uri; } + + server { + listen 80; + listen [::]:80; + server_name blog.jaseg.de; + return 301 https://$host$request_uri; + } } diff --git a/playbook.yml b/playbook.yml index 6b1f46f..72beb91 100644 --- a/playbook.yml +++ b/playbook.yml @@ -1,5 +1,6 @@ - name: DNS setup hosts: localhost + tags: dns module_defaults: inwx: username: "{{lookup('ini', 'user section=inwx file=credentials.ini')}}" @@ -7,7 +8,9 @@ vars: subdomains: - git.jaseg.net + - git.jaseg.de - blog.jaseg.net + - blog.jaseg.de - kochbuch.jaseg.net - gerbolyze.jaseg.net - tracespace.jaseg.net @@ -42,7 +45,7 @@ - name: Install host requisites dnf: - name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd + name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd state: latest - name: Disable password-based root login diff --git a/setup_containers.yml b/setup_containers.yml index 4738f1e..8adb9da 100644 --- a/setup_containers.yml +++ b/setup_containers.yml @@ -1,7 +1,7 @@ --- - name: Install host requisites dnf: - name: btrfs-progs,arch-install-scripts,systemd-container,libselinux-python + name: btrfs-progs,arch-install-scripts,systemd-container,python3-libselinux state: latest - name: Create individual containers diff --git a/setup_git.yml b/setup_git.yml index 9d351e5..6e7d621 100644 --- a/setup_git.yml +++ b/setup_git.yml @@ -6,7 +6,7 @@ - name: Copy cgit favicon copy: src: cgit-logo.png - dest: /var/www/git.jaseg.net/cgit.png + dest: /var/www/git.jaseg.de/cgit.png - name: Create cgit instance config dir file: diff --git a/setup_webserver.yml b/setup_webserver.yml index eb34a5b..4711ad0 100644 --- a/setup_webserver.yml +++ b/setup_webserver.yml @@ -17,8 +17,8 @@ group: nginx mode: 0550 loop: - - git.jaseg.net - - blog.jaseg.net + - git.jaseg.de + - blog.jaseg.de - kochbuch.jaseg.net - tracespace.jaseg.net - openjscad.jaseg.net @@ -46,12 +46,14 @@ state: restarted - name: Create subdomain letsencrypt certificates - command: certbot --nginx certonly -d {{item}} -n --agree-tos --email {{item}}-letsencrypt@jaseg.net + command: certbot --nginx certonly -d {{item}} -n --agree-tos --email {{item}}-letsencrypt@jaseg.de args: creates: /etc/letsencrypt/live/{{item}}/fullchain.pem loop: - git.jaseg.net + - git.jaseg.de - blog.jaseg.net + - blog.jaseg.de - kochbuch.jaseg.net - gerbolyze.jaseg.net - tracespace.jaseg.net |