From a04282629b69180b27f125e0293400326c56cce7 Mon Sep 17 00:00:00 2001 From: staticsafe Date: Sat, 11 Sep 2021 15:11:35 -0400 Subject: [PATCH] add nginx template and do the setup in nitter-nginx/tasks/main.yml --- nitter-nginx/tasks/main.yml | 17 +++++++++++++++++ nitter-nginx/templates/nitter-nginx.conf | 23 +++++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 nitter-nginx/templates/nitter-nginx.conf diff --git a/nitter-nginx/tasks/main.yml b/nitter-nginx/tasks/main.yml index 120818c..e7797fa 100644 --- a/nitter-nginx/tasks/main.yml +++ b/nitter-nginx/tasks/main.yml @@ -29,3 +29,20 @@ ignore_errors: yes - name: Install certificate in storage directory ansible.builtin.shell: /root/.acme.sh/acme.sh --install-cert -d {{ NITTER_DOMAIN }} --key-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.pem --fullchain-file /etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.crt --reloadcmd "service nginx restart" +- name: Remove default nginx config in sites-enabled + ansible.builtin.file: + path: /etc/nginx/sites-enabled/default + state: absent +- name: Copy Nitter nginx vhost template to sites-available + ansible.builtin.template: + src: nitter-nginx.conf + dest: /etc/nginx/sites-available/{{ NITTER_DOMAIN }}.conf +- name: Enable Nitter nginx vhost template + ansible.builtin.file: + src: /etc/nginx/sites-available/{{ NITTER_DOMAIN }}.conf + dest: /etc/nginx/sites-enabled/{{ NITTER_DOMAIN }}.conf + state: link +- name: Make sure nginx service is restarted + ansible.builtin.service: + name: nginx + state: restarted diff --git a/nitter-nginx/templates/nitter-nginx.conf b/nitter-nginx/templates/nitter-nginx.conf new file mode 100644 index 0000000..0700e77 --- /dev/null +++ b/nitter-nginx/templates/nitter-nginx.conf @@ -0,0 +1,23 @@ +server { + listen *:80; + listen [::]:80; + server_name {{ NITTER_DOMAIN }}; + return 301 "https://$host$request_uri"; +} + +server { + listen *:443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ NITTER_DOMAIN }}; + access_log off; + error_log "/var/log/nginx/{{ NITTER_DOMAIN }}.error.log"; + ssl_certificate "/etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.crt"; + ssl_certificate_key "/etc/ssl/letsencrypt/{{ NITTER_DOMAIN }}.pem"; + ssl_stapling on; + resolver [::1] valid=300s; + add_header Strict-Transport-Security max-age=31536000; + location / { + proxy_pass http://127.0.0.1:{{ NITTER_PORT }}; + + } +}