add nginx template and do the setup in nitter-nginx/tasks/main.yml

This commit is contained in:
staticsafe 2021-09-11 15:11:35 -04:00
parent b6b76af30f
commit a04282629b
2 changed files with 40 additions and 0 deletions

View File

@ -29,3 +29,20 @@
ignore_errors: yes
- name: Install certificate in storage directory
ansible.builtin.shell: /root/.acme.sh/acme.sh --install-cert -d {{ NITTER_DOMAIN }} --key-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.pem --fullchain-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.crt --reloadcmd "service nginx restart"
- name: Remove default nginx config in sites-enabled
ansible.builtin.file:
path: /etc/nginx/sites-enabled/default
state: absent
- name: Copy Nitter nginx vhost template to sites-available
ansible.builtin.template:
src: nitter-nginx.conf
dest: /etc/nginx/sites-available/{{ NITTER_DOMAIN }}.conf
- name: Enable Nitter nginx vhost template
ansible.builtin.file:
src: /etc/nginx/sites-available/{{ NITTER_DOMAIN }}.conf
dest: /etc/nginx/sites-enabled/{{ NITTER_DOMAIN }}.conf
state: link
- name: Make sure nginx service is restarted
ansible.builtin.service:
name: nginx
state: restarted

View File

@ -0,0 +1,23 @@
server {
listen *:80;
listen [::]:80;
server_name {{ NITTER_DOMAIN }};
return 301 "https://$host$request_uri";
}
server {
listen *:443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ NITTER_DOMAIN }};
access_log off;
error_log "/var/log/nginx/{{ NITTER_DOMAIN }}.error.log";
ssl_certificate "/etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.crt";
ssl_certificate_key "/etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.pem";
ssl_stapling on;
resolver [::1] valid=300s;
add_header Strict-Transport-Security max-age=31536000;
location / {
proxy_pass http://127.0.0.1:{{ NITTER_PORT }};
}
}