add valid cert to internal communication

2023-03-05 18:26:08 +01:00
parent 3c883cdded
commit 4e1833bbbf
12 changed files with 66 additions and 41 deletions
--- a/roles/webserver/templates/certbot.sh
+++ b/roles/webserver/templates/certbot.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+# {{ansible_managed}}
+{% for server in webserver %}
+certbot renew --nginx --cert-name {{ server.domain }}
+{% endfor %}
--- a/roles/webserver/templates/nginx.conf
+++ b/roles/webserver/templates/nginx.conf
@ -69,9 +69,9 @@ http {
            server_name {{ server.domain }};
            ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
            ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
-            {% if server.bigrequests %}
+            {% if server.bigrequests -%}
            client_max_body_size    8G;
-            {% endif %}
+            {% endif -%}
            location /{
                {% if server.https %}
                proxy_pass  https://127.0.0.1:{{ server.port }};
@ -97,11 +97,11 @@ http {
                proxy_pass  http://127.0.0.1:{{ location.port }};
                {% endif %}
            }
-            {% endfor %}
+            {% endfor -%}
            {% endif %}
        }

-        {%- endfor %}
+        {%- endfor -%}

        server {
            listen 8888;