Merge pull request #3 from dracos/allow-local-domain-variable

Add LOCAL_DOMAIN variable.
This commit is contained in:
Sadiq Saif 2018-08-23 17:55:05 -04:00 committed by GitHub
commit ba85bec09f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 8 deletions

View File

@ -2,3 +2,5 @@
# Please note that the playbook will drop this database in preparation for Mastodon's # Please note that the playbook will drop this database in preparation for Mastodon's
# database setup process. # database setup process.
DB_NAME: DB_NAME:
# Specify the hostname you wish to use (in case it doesn't match the server's name).
LOCAL_DOMAIN:

View File

@ -16,7 +16,7 @@ DB_PASS=
DB_PORT=5432 DB_PORT=5432
# Your instance's domain (Don't modify this, we get this from a variable) # Your instance's domain (Don't modify this, we get this from a variable)
LOCAL_DOMAIN={{ ansible_nodename }} LOCAL_DOMAIN={{ LOCAL_DOMAIN }}
# We have HTTPS enabled # We have HTTPS enabled
LOCAL_HTTPS=true LOCAL_HTTPS=true

View File

@ -18,11 +18,11 @@
- name: Copy Mastodon nginx vhost template to sites-available - name: Copy Mastodon nginx vhost template to sites-available
template: template:
src: mastodon-nginx.conf src: mastodon-nginx.conf
dest: /etc/nginx/sites-available/{{ ansible_nodename }}.conf dest: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
- name: Enable Mastodon nginx vhost template - name: Enable Mastodon nginx vhost template
file: file:
src: /etc/nginx/sites-available/{{ ansible_nodename }}.conf src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
dest: /etc/nginx/sites-enabled/{{ ansible_nodename }}.conf dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
state: link state: link
- name: Start nginx - name: Start nginx
service: name=nginx state=started service: name=nginx state=started

View File

@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;
server_name {{ ansible_nodename }}; server_name {{ LOCAL_DOMAIN }};
# Useful for Let's Encrypt # Useful for Let's Encrypt
location /.well-known/acme-challenge/ { allow all; } location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; } location / { return 301 https://$host$request_uri; }
@ -15,15 +15,15 @@ server {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name {{ ansible_nodename }}; server_name {{ LOCAL_DOMAIN }};
ssl_protocols TLSv1.2; ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m; ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/letsencrypt/live/{{ ansible_nodename }}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/{{ LOCAL_DOMAIN }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ ansible_nodename }}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/{{ LOCAL_DOMAIN }}/privkey.pem;
keepalive_timeout 70; keepalive_timeout 70;
sendfile on; sendfile on;