parent
fed284254a
commit
3f32a21bca
@ -0,0 +1,24 @@
|
||||
- hosts: all
|
||||
become: yes
|
||||
tasks:
|
||||
|
||||
- name: add the package repository key
|
||||
apt_key:
|
||||
url: https://download.docker.com/linux/ubuntu/gpg
|
||||
state: present
|
||||
|
||||
- name: add the package repository
|
||||
apt_repository:
|
||||
repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable
|
||||
state: present
|
||||
filename: docker
|
||||
|
||||
- name: install Docker
|
||||
apt:
|
||||
name: "{{ item }}"
|
||||
update_cache: yes
|
||||
with_items:
|
||||
- docker-ce
|
||||
- docker-ce-cli
|
||||
- containerd.io
|
||||
- docker-compose
|
@ -0,0 +1,22 @@
|
||||
server {
|
||||
|
||||
server_name irregular-apocalypse.kejadlen.dev;
|
||||
|
||||
# Redirect non-https traffic to https
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
location /dev {
|
||||
proxy_pass http://localhost:3000/;
|
||||
}
|
||||
|
||||
listen 80; # managed by Certbot
|
||||
|
||||
listen 443 ssl; # managed by Certbot
|
||||
ssl_certificate /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/fullchain.pem; # managed by Certbot
|
||||
ssl_certificate_key /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/privkey.pem; # managed by Certbot
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||
|
||||
}
|
@ -0,0 +1,49 @@
|
||||
- hosts: all
|
||||
become: yes
|
||||
tasks:
|
||||
- name: install nginx
|
||||
apt:
|
||||
name: nginx
|
||||
|
||||
- name: install certbot
|
||||
block:
|
||||
- apt_repository:
|
||||
repo: ppa:certbot/certbot
|
||||
state: present
|
||||
filename: certbot
|
||||
- apt:
|
||||
name: python-certbot-nginx
|
||||
update_cache: yes
|
||||
|
||||
- name: setup nginx
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf
|
||||
notify:
|
||||
- reload nginx
|
||||
|
||||
- name: obtain the certificate
|
||||
command: >-
|
||||
certbot --nginx
|
||||
-d irregular-apocalypse.kejadlen.dev
|
||||
-m alpha+lets.encrypt@kejadlen.dev
|
||||
--agree-tos
|
||||
--non-interactive
|
||||
args:
|
||||
creates: /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev
|
||||
notify:
|
||||
- reload nginx
|
||||
|
||||
- name: automatically renew certs
|
||||
cron:
|
||||
name: renew certs
|
||||
minute: 0
|
||||
hour: 12
|
||||
job: /usr/bin/certbot renew --quiet
|
||||
|
||||
handlers:
|
||||
|
||||
- name: reload nginx
|
||||
block:
|
||||
- command: nginx -t
|
||||
- command: nginx -s reload
|
Loading…
Reference in new issue