aboutsummaryrefslogtreecommitdiff
path: root/setup_webserver.yml
diff options
context:
space:
mode:
Diffstat (limited to 'setup_webserver.yml')
-rw-r--r--setup_webserver.yml52
1 files changed, 52 insertions, 0 deletions
diff --git a/setup_webserver.yml b/setup_webserver.yml
new file mode 100644
index 0000000..7dc65c5
--- /dev/null
+++ b/setup_webserver.yml
@@ -0,0 +1,52 @@
+- name: Copy first stage nginx config
+ copy:
+ src: nginx_nossl.conf
+ dest: /etc/nginx/nginx.conf
+
+- name: Add nginx user to uwsgi group for access to uwsgi socket
+ user:
+ name: nginx
+ groups: uwsgi
+ append: yes
+
+- name: Copy uwsgi systemd socket config
+ copy:
+ src: uwsgi-app@.socket
+ dest: /etc/systemd/system/
+
+- name: Copy uwsgi systemd service config
+ copy:
+ src: uwsgi-app@.service
+ dest: /etc/systemd/system/
+
+- name: Set SELinux to permissive mode # FIXME this is to let nginx talk to uwsgi
+ selinux:
+ state: permissive
+ policy: targeted
+
+- name: Enable and launch nginx systemd service
+ systemd:
+ name: nginx.service
+ enabled: yes
+ state: restarted
+
+- name: Create letsencrypt certificate
+ command: certbot --nginx certonly -d gerbolyze.jaseg.net -n --agree-tos --email gerboweb@jaseg.net
+ args:
+ creates: /etc/letsencrypt/live/gerbolyze.jaseg.net/fullchain.pem
+
+- name: Copy final nginx config
+ copy:
+ src: nginx.conf
+ dest: /etc/nginx/nginx.conf
+
+- name: Restart nginx to load new cert
+ systemd:
+ name: nginx.service
+ state: restarted
+
+- name: Enable certbot renewal timer
+ systemd:
+ name: certbot-renew.timer
+ enabled: yes
+
generated by cgit (git 2.34.1) at 2024-05-11 14:23:21 +0000