wip
This commit is contained in:
parent
18a2522919
commit
84b7017504
SSH key fingerprint:
SHA256:v0410ZKfuO1QHdgKBsdQNF64xmTxOF8osF1LIqwTcVw
3 changed files with 30 additions and 6 deletions
|
|
@ -39,5 +39,5 @@ http {
|
|||
}
|
||||
% endif
|
||||
|
||||
include /etc/nginx/sites/*;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ directories = {
|
|||
'svc_systemd:nginx:restart',
|
||||
},
|
||||
},
|
||||
'/etc/nginx/sites': {
|
||||
'/etc/nginx/sites-available': {
|
||||
'purge': True,
|
||||
'triggers': {
|
||||
'svc_systemd:nginx:restart',
|
||||
|
|
@ -25,6 +25,13 @@ directories = {
|
|||
'purge': True,
|
||||
'owner': 'www-data',
|
||||
},
|
||||
|
||||
# temp
|
||||
'/var/www/certbot': {
|
||||
'owner': 'www-data',
|
||||
'group': 'www-data',
|
||||
'mode': '0755',
|
||||
}
|
||||
}
|
||||
|
||||
files = {
|
||||
|
|
@ -76,6 +83,12 @@ files = {
|
|||
},
|
||||
}
|
||||
|
||||
symlinks = {
|
||||
'/etc/nginx/sites-enabled': {
|
||||
'target': '/etc/nginx/sites-available',
|
||||
},
|
||||
}
|
||||
|
||||
actions = {
|
||||
'nginx-generate-dhparam': {
|
||||
'command': 'openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096',
|
||||
|
|
@ -94,7 +107,7 @@ svc_systemd = {
|
|||
|
||||
|
||||
for name, config in node.metadata.get('nginx/vhosts').items():
|
||||
files[f'/etc/nginx/sites/{name}'] = {
|
||||
files[f'/etc/nginx/sites-available/{name}'] = {
|
||||
'content': Template(filename=join(repo.path, 'data', config['content'])).render(
|
||||
server_name=name,
|
||||
**config.get('context', {}),
|
||||
|
|
@ -110,6 +123,6 @@ for name, config in node.metadata.get('nginx/vhosts').items():
|
|||
}
|
||||
|
||||
if name in node.metadata.get('letsencrypt/domains'):
|
||||
files[f'/etc/nginx/sites/{name}']['needs'].append(
|
||||
files[f'/etc/nginx/sites-available/{name}']['needs'].append(
|
||||
f'action:letsencrypt_ensure-some-certificate_{name}',
|
||||
)
|
||||
|
|
|
|||
|
|
@ -3,12 +3,13 @@ server {
|
|||
listen [::]:443 ssl http2;
|
||||
server_name ${server_name};
|
||||
|
||||
ssl_certificate /var/lib/dehydrated/certs/${server_name}/fullchain.pem;
|
||||
ssl_certificate_key /var/lib/dehydrated/certs/${server_name}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/archive/${server_name}/fullchain1.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/archive/${server_name}/privkey1.pem;
|
||||
|
||||
root /var/www/yourls/htdocs;
|
||||
|
||||
location / {
|
||||
index index.php index.html index.htm;
|
||||
try_files $uri $uri/ /yourls-loader.php$is_args$args;
|
||||
}
|
||||
|
||||
|
|
@ -17,4 +18,14 @@ server {
|
|||
fastcgi_index index.php;
|
||||
fastcgi_pass unix:/run/php/php${php_version}-fpm.sock;
|
||||
}
|
||||
|
||||
# temp
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
alias /var/www/certbot/;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# FIXME: this is a temporary solution to allow the certbot challenge to work:
|
||||
# - ssl_certificate
|
||||
# - ssl_certificate_key
|
||||
|
|
|
|||
Loading…
Reference in a new issue