From 6800a75f860b1eb52e8eae3cb5f81c845568984a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krist=C3=B3f=20Torma?= <tormakristof@tormakristof.eu>
Date: Sun, 5 Mar 2023 19:18:41 +0100
Subject: [PATCH] modify default nginx config to listen on 443

---
 roles/common/tasks/ufw.yaml      |  1 +
 roles/webserver/files/nginx.conf | 13 +++++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/roles/common/tasks/ufw.yaml b/roles/common/tasks/ufw.yaml
index e9dcde8..764d325 100644
--- a/roles/common/tasks/ufw.yaml
+++ b/roles/common/tasks/ufw.yaml
@@ -18,4 +18,5 @@
   community.general.ufw:
     rule: allow
     port: ssh
+    src: 192.168.69.0/24
 ...
diff --git a/roles/webserver/files/nginx.conf b/roles/webserver/files/nginx.conf
index 660039c..ac451f0 100644
--- a/roles/webserver/files/nginx.conf
+++ b/roles/webserver/files/nginx.conf
@@ -58,6 +58,15 @@ http {
         # Virtual Host Configs
         ##
 
-        include /etc/nginx/conf.d/*.conf;
-        include /etc/nginx/sites-enabled/*;
+        server {
+            root /var/www/html;
+            server_name _;
+            listen 443 ssl http2;
+            listen [::]:443 ssl http2;
+            ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+            ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+            location /{
+                try_files $uri $uri/ =404;
+            }
+        }
 }
\ No newline at end of file