From d83c801db12f38e0221031cd024c4e32b64d4ad6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krist=C3=B3f=20Torma?= <tormakristof@tormakristof.eu>
Date: Sun, 5 Mar 2023 18:53:55 +0100
Subject: [PATCH] change order so it is possible to reach nginx

---
 roles/webgateway/tasks/main.yaml     |  2 +-
 roles/webserver/tasks/main.yaml      | 14 +++++++-------
 roles/webserver/templates/nginx.conf |  5 ++---
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/roles/webgateway/tasks/main.yaml b/roles/webgateway/tasks/main.yaml
index ea9fe15..a2f2246 100644
--- a/roles/webgateway/tasks/main.yaml
+++ b/roles/webgateway/tasks/main.yaml
@@ -97,7 +97,7 @@
     name:
      - prometheus-nginx-exporter
 
-- name: Copy default nginx config
+- name: Copy nginx exporter config
   ansible.builtin.copy:
     src: prometheus-nginx-exporter
     dest: /etc/default/prometheus-nginx-exporter
diff --git a/roles/webserver/tasks/main.yaml b/roles/webserver/tasks/main.yaml
index 322a629..d818fc2 100644
--- a/roles/webserver/tasks/main.yaml
+++ b/roles/webserver/tasks/main.yaml
@@ -1,4 +1,10 @@
 ---
+- name: Allow https port via ufw
+  community.general.ufw:
+    rule: allow
+    port: https
+    src: 192.168.69.0/24
+
 - name: "Install Nginx via apt"
   apt:
     update_cache: yes
@@ -62,7 +68,7 @@
     proto: tcp
     src: 192.168.69.0/24
 
-- name: Copy default nginx config
+- name: Copy nginx exporter config
   ansible.builtin.copy:
     src: prometheus-nginx-exporter
     dest: /etc/default/prometheus-nginx-exporter
@@ -75,10 +81,4 @@
     name: prometheus-nginx-exporter
     state: restarted
     enabled: yes
-
-- name: Allow https port via ufw
-  community.general.ufw:
-    rule: allow
-    port: https
-    src: 192.168.69.0/24
 ...
diff --git a/roles/webserver/templates/nginx.conf b/roles/webserver/templates/nginx.conf
index 0b0b49a..351ab47 100644
--- a/roles/webserver/templates/nginx.conf
+++ b/roles/webserver/templates/nginx.conf
@@ -66,9 +66,8 @@ http {
         server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
-            server_name {{ server.domain }};
-            ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
-            ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+            ssl_certificate /etc/letsencrypt/live/{{ server.domain }}/fullchain.pem;
+            ssl_certificate_key /etc/letsencrypt/live/{{ server.domain }}/privkey.pem;
             {% if server.bigrequests -%}
             client_max_body_size    8G;
             {% endif -%}