diff --git a/roles/webgateway/tasks/main.yaml b/roles/webgateway/tasks/main.yaml index ea9fe15..a2f2246 100644 --- a/roles/webgateway/tasks/main.yaml +++ b/roles/webgateway/tasks/main.yaml @@ -97,7 +97,7 @@ name: - prometheus-nginx-exporter -- name: Copy default nginx config +- name: Copy nginx exporter config ansible.builtin.copy: src: prometheus-nginx-exporter dest: /etc/default/prometheus-nginx-exporter diff --git a/roles/webserver/tasks/main.yaml b/roles/webserver/tasks/main.yaml index 322a629..d818fc2 100644 --- a/roles/webserver/tasks/main.yaml +++ b/roles/webserver/tasks/main.yaml @@ -1,4 +1,10 @@ --- +- name: Allow https port via ufw + community.general.ufw: + rule: allow + port: https + src: 192.168.69.0/24 + - name: "Install Nginx via apt" apt: update_cache: yes @@ -62,7 +68,7 @@ proto: tcp src: 192.168.69.0/24 -- name: Copy default nginx config +- name: Copy nginx exporter config ansible.builtin.copy: src: prometheus-nginx-exporter dest: /etc/default/prometheus-nginx-exporter @@ -75,10 +81,4 @@ name: prometheus-nginx-exporter state: restarted enabled: yes - -- name: Allow https port via ufw - community.general.ufw: - rule: allow - port: https - src: 192.168.69.0/24 ... diff --git a/roles/webserver/templates/nginx.conf b/roles/webserver/templates/nginx.conf index 0b0b49a..351ab47 100644 --- a/roles/webserver/templates/nginx.conf +++ b/roles/webserver/templates/nginx.conf @@ -66,9 +66,8 @@ http { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name {{ server.domain }}; - ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; - ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + ssl_certificate /etc/letsencrypt/live/{{ server.domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ server.domain }}/privkey.pem; {% if server.bigrequests -%} client_max_body_size 8G; {% endif -%}