parent
fed284254a
commit
3f32a21bca
@ -0,0 +1,24 @@
|
|||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
tasks:
|
||||||
|
|
||||||
|
- name: add the package repository key
|
||||||
|
apt_key:
|
||||||
|
url: https://download.docker.com/linux/ubuntu/gpg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: add the package repository
|
||||||
|
apt_repository:
|
||||||
|
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable
|
||||||
|
state: present
|
||||||
|
filename: docker
|
||||||
|
|
||||||
|
- name: install Docker
|
||||||
|
apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
update_cache: yes
|
||||||
|
with_items:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
- docker-compose
|
@ -0,0 +1,22 @@
|
|||||||
|
server {
|
||||||
|
|
||||||
|
server_name irregular-apocalypse.kejadlen.dev;
|
||||||
|
|
||||||
|
# Redirect non-https traffic to https
|
||||||
|
if ($scheme != "https") {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /dev {
|
||||||
|
proxy_pass http://localhost:3000/;
|
||||||
|
}
|
||||||
|
|
||||||
|
listen 80; # managed by Certbot
|
||||||
|
|
||||||
|
listen 443 ssl; # managed by Certbot
|
||||||
|
ssl_certificate /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/fullchain.pem; # managed by Certbot
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/privkey.pem; # managed by Certbot
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,49 @@
|
|||||||
|
- hosts: all
|
||||||
|
become: yes
|
||||||
|
tasks:
|
||||||
|
- name: install nginx
|
||||||
|
apt:
|
||||||
|
name: nginx
|
||||||
|
|
||||||
|
- name: install certbot
|
||||||
|
block:
|
||||||
|
- apt_repository:
|
||||||
|
repo: ppa:certbot/certbot
|
||||||
|
state: present
|
||||||
|
filename: certbot
|
||||||
|
- apt:
|
||||||
|
name: python-certbot-nginx
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: setup nginx
|
||||||
|
copy:
|
||||||
|
src: nginx.conf
|
||||||
|
dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf
|
||||||
|
notify:
|
||||||
|
- reload nginx
|
||||||
|
|
||||||
|
- name: obtain the certificate
|
||||||
|
command: >-
|
||||||
|
certbot --nginx
|
||||||
|
-d irregular-apocalypse.kejadlen.dev
|
||||||
|
-m alpha+lets.encrypt@kejadlen.dev
|
||||||
|
--agree-tos
|
||||||
|
--non-interactive
|
||||||
|
args:
|
||||||
|
creates: /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev
|
||||||
|
notify:
|
||||||
|
- reload nginx
|
||||||
|
|
||||||
|
- name: automatically renew certs
|
||||||
|
cron:
|
||||||
|
name: renew certs
|
||||||
|
minute: 0
|
||||||
|
hour: 12
|
||||||
|
job: /usr/bin/certbot renew --quiet
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
|
||||||
|
- name: reload nginx
|
||||||
|
block:
|
||||||
|
- command: nginx -t
|
||||||
|
- command: nginx -s reload
|
Loading…
Reference in new issue