Add Nginx and Certbot configuration

This commit is contained in:
Nemo 2020-07-11 00:01:16 +02:00
parent 0e84b3216f
commit d1296fb250

View file

@ -4,7 +4,7 @@ munin_hosts:
address: "127.0.0.1" address: "127.0.0.1"
extra: ["use_node_name yes"] extra: ["use_node_name yes"]
- name: "host.example.org" - name: "host.example.org"
address: "address ssh://munin-async@host.example.org/ -W localhost:4949" address: "ssh://munin-async@host.example.org/ -W localhost:4949"
munin_admin_user: "{{ vault_munin_admin_user }}" munin_admin_user: "{{ vault_munin_admin_user }}"
munin_admin_password: "{{ vault_munin_admin_password }}" munin_admin_password: "{{ vault_munin_admin_password }}"
@ -13,3 +13,49 @@ private_key_munin_async_user_host: "{{ vault_private_key_munin_async_user_host }
public_key_munin_async_user_host: "{{ vault_public_key_munin_async_user_host }}" public_key_munin_async_user_host: "{{ vault_public_key_munin_async_user_host }}"
munin_alerts: [] munin_alerts: []
# Role ansible-role-certbot : defina auto renew, schedule, ...
certbot_auto_renew: true
certbot_auto_renew_user: "root"
certbot_auto_renew_hour: "3"
certbot_auto_renew_minute: "30"
certbot_auto_renew_options: "--quiet --no-self-upgrade"
certbot_admin_email: contact@wirebrass.fr
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_create_standalone_stop_services:
- nginx
certbot_certs:
- domains:
- "{{ inventory_hostname }}"
nginx_remove_default_vhost: true
nginx_vhosts:
- listen: "80"
server_name: "{{ inventory_hostname }}"
return: "301 https://{{ inventory_hostname }}$request_uri"
filename: "{{ inventory_hostname }}.80.conf"
- listen: "443 ssl http2"
server_name: "{{ inventory_hostname }}"
root: "/var/cache/munin/www/static"
filename: "{{ inventory_hostname }}.conf"
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location = / {
rewrite ^/$ munin/ redirect; break;
}
location /munin/static/ {
alias /etc/munin/static/;
expires modified +1w;
}
location /munin/ {
auth_basic "Restricted";
auth_basic_user_file /etc/munin/munin-htpasswd;
alias /var/cache/munin/www/;
expires modified +310s;
}