[irregular-apocalypse] nginx

6 years ago · 3f32a21bca
parent fed284254a
commit 3f32a21bca
4 changed files with 97 additions and 0 deletions
--- a/ansible/irregular-apocalypse/docker.yml
+++ b/ansible/irregular-apocalypse/docker.yml
@ -0,0 +1,24 @@
+- hosts: all
+  become: yes
+  tasks:
+
+    - name: add the package repository key
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: add the package repository
+      apt_repository:
+        repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu bionic stable
+        state: present
+        filename: docker
+
+    - name: install Docker
+      apt:
+        name: "{{ item }}"
+        update_cache: yes
+      with_items:
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+        - docker-compose
--- a/ansible/irregular-apocalypse/main.yml
+++ b/ansible/irregular-apocalypse/main.yml
@ -28,7 +28,9 @@
    - dotfiles
    - zsh

+- import_playbook: docker.yml
 - import_playbook: js.yml
+- import_playbook: nginx.yml

 - hosts: all
  tasks:
--- a/ansible/irregular-apocalypse/nginx.conf
+++ b/ansible/irregular-apocalypse/nginx.conf
@ -0,0 +1,22 @@
+server {
+
+    server_name irregular-apocalypse.kejadlen.dev;
+
+    # Redirect non-https traffic to https
+    if ($scheme != "https") {
+        return 301 https://$host$request_uri;
+    }
+
+    location /dev {
+        proxy_pass http://localhost:3000/;
+    }
+
+    listen 80; # managed by Certbot
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
--- a/ansible/irregular-apocalypse/nginx.yml
+++ b/ansible/irregular-apocalypse/nginx.yml
@ -0,0 +1,49 @@
+- hosts: all
+  become: yes
+  tasks:
+  - name: install nginx
+    apt:
+      name: nginx
+
+  - name: install certbot
+    block:
+    - apt_repository:
+        repo: ppa:certbot/certbot
+        state: present
+        filename: certbot
+    - apt:
+        name: python-certbot-nginx
+        update_cache: yes
+
+  - name: setup nginx
+    copy:
+      src: nginx.conf
+      dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf
+    notify:
+    - reload nginx
+
+  - name: obtain the certificate
+    command: >-
+      certbot --nginx
+      -d irregular-apocalypse.kejadlen.dev
+      -m alpha+lets.encrypt@kejadlen.dev
+      --agree-tos
+      --non-interactive
+    args:
+      creates: /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev
+    notify:
+    - reload nginx
+
+  - name: automatically renew certs
+    cron:
+      name: renew certs
+      minute: 0
+      hour: 12
+      job: /usr/bin/certbot renew --quiet
+
+  handlers:
+
+  - name: reload nginx
+    block:
+    - command: nginx -t
+    - command: nginx -s reload