From e93b521d9739162605cd746f29138ef44b1de93c Mon Sep 17 00:00:00 2001
From: Alpha Chen <alpha@kejadlen.dev>
Date: Thu, 20 Jun 2019 23:36:17 +0000
Subject: [PATCH] [irregular-apocalypse] add a dev. subdomain

---
 ansible/irregular-apocalypse/nginx.conf | 23 +++++++++++++++--------
 ansible/irregular-apocalypse/nginx.yml  | 25 ++++++++++++-------------
 2 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/ansible/irregular-apocalypse/nginx.conf b/ansible/irregular-apocalypse/nginx.conf
index 17fb504..740f25f 100644
--- a/ansible/irregular-apocalypse/nginx.conf
+++ b/ansible/irregular-apocalypse/nginx.conf
@@ -1,22 +1,29 @@
 server {
 
-    server_name irregular-apocalypse.kejadlen.dev;
+    server_name dev.irregular-apocalypse.kejadlen.dev;
 
     # Redirect non-https traffic to https
     if ($scheme != "https") {
         return 301 https://$host$request_uri;
     }
 
-    location /dev {
+    location / {
         proxy_pass http://localhost:3000/;
     }
 
-    listen 80; # managed by Certbot
+}
+
+server {
+
+    server_name irregular-apocalypse.kejadlen.dev;
 
-    listen 443 ssl; # managed by Certbot
-    ssl_certificate /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/privkey.pem; # managed by Certbot
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    # Redirect non-https traffic to https
+    if ($scheme != "https") {
+        return 301 https://$host$request_uri;
+    }
+
+    location /dev {
+        proxy_pass http://localhost:3000/;
+    }
 
 }
diff --git a/ansible/irregular-apocalypse/nginx.yml b/ansible/irregular-apocalypse/nginx.yml
index b52db5b..40466a3 100644
--- a/ansible/irregular-apocalypse/nginx.yml
+++ b/ansible/irregular-apocalypse/nginx.yml
@@ -15,35 +15,34 @@
         name: python-certbot-nginx
         update_cache: yes
 
-  - name: setup nginx
+  - name: nginx conf files
     copy:
       src: nginx.conf
       dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf
-    notify:
-    - reload nginx
+    notify: reload nginx
 
-  - name: obtain the certificate
+  - name: obtain ssl certificates
     command: >-
       certbot --nginx
-      -d irregular-apocalypse.kejadlen.dev
+      -d {{ item }}
       -m alpha+lets.encrypt@kejadlen.dev
       --agree-tos
       --non-interactive
     args:
-      creates: /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev
-    notify:
-    - reload nginx
+      creates: /etc/letsencrypt/live/{{ item }}
+    with_items:
+      - irregular-apocalypse.kejadlen.dev
+      - dev.irregular-apocalypse.kejadlen.dev
+    notify: reload nginx
 
   - name: automatically renew certs
     cron:
       name: renew certs
-      minute: 0
-      hour: 12
+      minute: "0"
+      hour: "12"
       job: /usr/bin/certbot renew --quiet
 
   handlers:
 
   - name: reload nginx
-    block:
-    - command: nginx -t
-    - command: nginx -s reload
+    shell: nginx -t && nginx -s reload