[irregular-apocalypse] add a dev. subdomain

6 years ago · e93b521d97
parent 3f32a21bca
commit e93b521d97
2 changed files with 27 additions and 21 deletions
--- a/ansible/irregular-apocalypse/nginx.conf
+++ b/ansible/irregular-apocalypse/nginx.conf
@ -1,22 +1,29 @@
 server {
-    server_name irregular-apocalypse.kejadlen.dev;
+    server_name dev.irregular-apocalypse.kejadlen.dev;
    # Redirect non-https traffic to https
    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    }
-    location /dev {
+    location / {
        proxy_pass http://localhost:3000/;
    }
-    listen 80; # managed by Certbot
+}
 server {
    server_name irregular-apocalypse.kejadlen.dev;
-    listen 443 ssl; # managed by Certbot
+    # Redirect non-https traffic to https
-    ssl_certificate /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/fullchain.pem; # managed by Certbot
+    if ($scheme != "https") {
-    ssl_certificate_key /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev/privkey.pem; # managed by Certbot
+        return 301 https://$host$request_uri;
-    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    }
-    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
    location /dev {
        proxy_pass http://localhost:3000/;
    }
 }
--- a/ansible/irregular-apocalypse/nginx.yml
+++ b/ansible/irregular-apocalypse/nginx.yml
@ -15,35 +15,34 @@
        name: python-certbot-nginx
        update_cache: yes
-  - name: setup nginx
+  - name: nginx conf files
    copy:
      src: nginx.conf
      dest: /etc/nginx/conf.d/irregular-apocalypse.kejadlen.dev.conf
-    notify:
+    notify: reload nginx
    - reload nginx
-  - name: obtain the certificate
+  - name: obtain ssl certificates
    command: >-
      certbot --nginx
-      -d irregular-apocalypse.kejadlen.dev
+      -d {{ item }}
      -m alpha+lets.encrypt@kejadlen.dev
      --agree-tos
      --non-interactive
    args:
-      creates: /etc/letsencrypt/live/irregular-apocalypse.kejadlen.dev
+      creates: /etc/letsencrypt/live/{{ item }}
-    notify:
+    with_items:
-    - reload nginx
+      - irregular-apocalypse.kejadlen.dev
      - dev.irregular-apocalypse.kejadlen.dev
    notify: reload nginx
  - name: automatically renew certs
    cron:
      name: renew certs
-      minute: 0
+      minute: "0"
-      hour: 12
+      hour: "12"
      job: /usr/bin/certbot renew --quiet
  handlers:
  - name: reload nginx
-    block:
+    shell: nginx -t && nginx -s reload
    - command: nginx -t
    - command: nginx -s reload