summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain Porte <microjoe@microjoe.org>2020-05-06 22:04:38 +0200
committerRomain Porte <microjoe@microjoe.org>2020-05-06 22:05:25 +0200
commit259f2d464f752e61539e34dd2a19f9a2aea281e5 (patch)
tree79c06715e6935c0976ff11d4816ad1ff9d0e8c38
parent8dbc020f9780e79c748b997fdad6b6dc039bc74b (diff)
downloadMicroJoe.nginx-259f2d464f752e61539e34dd2a19f9a2aea281e5.tar.gz
MicroJoe.nginx-259f2d464f752e61539e34dd2a19f9a2aea281e5.zip
default.j2: simplify, add tls option
-rw-r--r--defaults/main.yml1
-rw-r--r--files/default.j292
2 files changed, 8 insertions, 85 deletions
diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..7462c0a
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1 @@
+ssl: false
diff --git a/files/default.j2 b/files/default.j2
index b06a155..bc4bddb 100644
--- a/files/default.j2
+++ b/files/default.j2
@@ -1,120 +1,42 @@
-##
-# You should look at the following URL's in order to grasp a solid understanding
-# of Nginx configuration files in order to fully unleash the power of Nginx.
-# https://www.nginx.com/resources/wiki/start/
-# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
-# https://wiki.debian.org/Nginx/DirectoryStructure
-#
-# In most cases, administrators will remove this file from sites-enabled/ and
-# leave it as reference inside of sites-available where it will continue to be
-# updated by the nginx packaging team.
-#
-# This file will automatically load configuration files provided by other
-# applications, such as Drupal or Wordpress. These applications will be made
-# available underneath a path with that package name, such as /drupal8.
-#
-# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
-##
-
-# Default server configuration
-#
server {
listen 80 default_server;
listen [::]:80 default_server;
- # SSL configuration
- #
- #listen 443 ssl default_server;
- #listen [::]:443 ssl default_server;
- #
- # Note: You should disable gzip for SSL traffic.
- # See: https://bugs.debian.org/773332
- #
- # Read up on ssl_ciphers to ensure a secure configuration.
- # See: https://bugs.debian.org/765782
- #
- # Self signed certs generated by the ssl-cert package
- # Don't use them in a production server!
- #
- # include snippets/snakeoil.conf;
- include snippets/ssl.conf;
+ server_name _;
root /var/www/html;
-
- # Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
- server_name _;
-
location ^~ /.well-known/acme-challenge {
root /var/www/letsencrypt/;
}
location / {
- # First attempt to serve request as file, then
- # as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
-
- # pass PHP scripts to FastCGI server
- #
- #location ~ \.php$ {
- # include snippets/fastcgi-php.conf;
- #
- # # With php-fpm (or other unix sockets):
- # fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
- # # With php-cgi (or other tcp sockets):
- # fastcgi_pass 127.0.0.1:9000;
- #}
-
- # deny access to .htaccess files, if Apache's document root
- # concurs with nginx's one
- #
- #location ~ /\.ht {
- # deny all;
- #}
}
-
-# Virtual Host configuration for example.com
-#
-# You can move that to a different file under sites-available/ and symlink that
-# to sites-enabled/ to enable it.
-#
-#server {
-# listen 80;
-# listen [::]:80;
-#
-# server_name example.com;
-#
-# root /var/www/example.com;
-# index index.html;
-#
-# location / {
-# try_files $uri $uri/ =404;
-# }
-#}
+{% if ssl %}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
+ server_name _;
+
ssl on;
- ssl_certificate /etc/letsencrypt/live/{{ letsencrypt_default_domain }}/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/{{ letsencrypt_default_domain }}/privkey.pem;
+ ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
include /etc/nginx/snippets/ssl.conf;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
- server_name _;
-
location / {
- # First attempt to serve request as file, then
- # as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}
+{% endif %}
# Status server for munin stats
server {