Commit c6a17764 authored by Pietro Albini's avatar Pietro Albini

nginx: deploy ssl

parent 63bf7923
...@@ -3,5 +3,6 @@ ...@@ -3,5 +3,6 @@
# {{ ansible_managed }} # {{ ansible_managed }}
# #
# Allow incoming requests on port 80 # Allow incoming requests on ports 80 and 443
command -A public_input_tcp -p tcp --dport 80 -j ACCEPT command -A public_input_tcp -p tcp --dport 80 -j ACCEPT
command -A public_input_tcp -p tcp --dport 443 -j ACCEPT
...@@ -4,10 +4,24 @@ ...@@ -4,10 +4,24 @@
server { server {
listen 80; listen 80;
listen [::]:80;
server_name {{ item.key }}; server_name {{ item.key }};
location / { location / {
proxy_pass http://{{ item.value }}/; return 302 https://{{ item.key }}$request_uri;
}
include /etc/nginx/snippets/dehydrated.conf;
}
server {
listen 443 ssl http2;
server_name {{ item.key }};
ssl_certificate /etc/ssl/localcerts/{{ item.key }}/fullchain.pem;
ssl_certificate_key /etc/ssl/localcerts/{{ item.key }}/privkey.pem;
location / {
proxy_pass http://{{ item.value }};
} }
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment