Add LOCAL_DOMAIN variable. #3
|
@ -2,3 +2,5 @@
|
||||||
# Please note that the playbook will drop this database in preparation for Mastodon's
|
# Please note that the playbook will drop this database in preparation for Mastodon's
|
||||||
# database setup process.
|
# database setup process.
|
||||||
DB_NAME:
|
DB_NAME:
|
||||||
|
# Specify the hostname you wish to use (in case it doesn't match the server's name).
|
||||||
|
LOCAL_DOMAIN:
|
||||||
|
|
|
@ -16,7 +16,7 @@ DB_PASS=
|
||||||
DB_PORT=5432
|
DB_PORT=5432
|
||||||
|
|
||||||
# Your instance's domain (Don't modify this, we get this from a variable)
|
# Your instance's domain (Don't modify this, we get this from a variable)
|
||||||
LOCAL_DOMAIN={{ ansible_nodename }}
|
LOCAL_DOMAIN={{ LOCAL_DOMAIN }}
|
||||||
# We have HTTPS enabled
|
# We have HTTPS enabled
|
||||||
LOCAL_HTTPS=true
|
LOCAL_HTTPS=true
|
||||||
|
|
||||||
|
|
|
@ -18,11 +18,11 @@
|
||||||
- name: Copy Mastodon nginx vhost template to sites-available
|
- name: Copy Mastodon nginx vhost template to sites-available
|
||||||
template:
|
template:
|
||||||
src: mastodon-nginx.conf
|
src: mastodon-nginx.conf
|
||||||
dest: /etc/nginx/sites-available/{{ ansible_nodename }}.conf
|
dest: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
|
||||||
- name: Enable Mastodon nginx vhost template
|
- name: Enable Mastodon nginx vhost template
|
||||||
file:
|
file:
|
||||||
src: /etc/nginx/sites-available/{{ ansible_nodename }}.conf
|
src: /etc/nginx/sites-available/{{ LOCAL_DOMAIN }}.conf
|
||||||
dest: /etc/nginx/sites-enabled/{{ ansible_nodename }}.conf
|
dest: /etc/nginx/sites-enabled/{{ LOCAL_DOMAIN }}.conf
|
||||||
state: link
|
state: link
|
||||||
- name: Start nginx
|
- name: Start nginx
|
||||||
service: name=nginx state=started
|
service: name=nginx state=started
|
||||||
|
|
|
@ -6,7 +6,7 @@ map $http_upgrade $connection_upgrade {
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name {{ ansible_nodename }};
|
server_name {{ LOCAL_DOMAIN }};
|
||||||
# Useful for Let's Encrypt
|
# Useful for Let's Encrypt
|
||||||
location /.well-known/acme-challenge/ { allow all; }
|
location /.well-known/acme-challenge/ { allow all; }
|
||||||
location / { return 301 https://$host$request_uri; }
|
location / { return 301 https://$host$request_uri; }
|
||||||
|
@ -15,15 +15,15 @@ server {
|
||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
server_name {{ ansible_nodename }};
|
server_name {{ LOCAL_DOMAIN }};
|
||||||
|
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2;
|
||||||
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/{{ ansible_nodename }}/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/{{ LOCAL_DOMAIN }}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/letsencrypt/live/{{ ansible_nodename }}/privkey.pem;
|
ssl_certificate_key /etc/letsencrypt/live/{{ LOCAL_DOMAIN }}/privkey.pem;
|
||||||
|
|
||||||
keepalive_timeout 70;
|
keepalive_timeout 70;
|
||||||
sendfile on;
|
sendfile on;
|
||||||
|
|
Loading…
Reference in New Issue