change order so it is possible to reach nginx

roles/webgateway/tasks/main.yaml

@@ -97,7 +97,7 @@
     name:
      - prometheus-nginx-exporter
 
-- name: Copy default nginx config
+- name: Copy nginx exporter config
   ansible.builtin.copy:
     src: prometheus-nginx-exporter
     dest: /etc/default/prometheus-nginx-exporter

roles/webserver/tasks/main.yaml

@@ -1,4 +1,10 @@
 ---
+- name: Allow https port via ufw
+  community.general.ufw:
+    rule: allow
+    port: https
+    src: 192.168.69.0/24
+
 - name: "Install Nginx via apt"
   apt:
     update_cache: yes
@@ -62,7 +68,7 @@
     proto: tcp
     src: 192.168.69.0/24
 
-- name: Copy default nginx config
+- name: Copy nginx exporter config
   ansible.builtin.copy:
     src: prometheus-nginx-exporter
     dest: /etc/default/prometheus-nginx-exporter
@@ -75,10 +81,4 @@
     name: prometheus-nginx-exporter
     state: restarted
     enabled: yes
-
-- name: Allow https port via ufw
-  community.general.ufw:
-    rule: allow
-    port: https
-    src: 192.168.69.0/24
 ...

roles/webserver/templates/nginx.conf

@@ -66,9 +66,8 @@ http {
         server {
             listen 443 ssl http2;
             listen [::]:443 ssl http2;
-            server_name {{ server.domain }};
+            ssl_certificate /etc/letsencrypt/live/{{ server.domain }}/fullchain.pem;
-            ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
+            ssl_certificate_key /etc/letsencrypt/live/{{ server.domain }}/privkey.pem;
-            ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
             {% if server.bigrequests -%}
             client_max_body_size    8G;
             {% endif -%}