Add Nginx and Certbot configuration
This commit is contained in:
parent
0e84b3216f
commit
d1296fb250
|
@ -4,7 +4,7 @@ munin_hosts:
|
||||||
address: "127.0.0.1"
|
address: "127.0.0.1"
|
||||||
extra: ["use_node_name yes"]
|
extra: ["use_node_name yes"]
|
||||||
- name: "host.example.org"
|
- name: "host.example.org"
|
||||||
address: "address ssh://munin-async@host.example.org/ -W localhost:4949"
|
address: "ssh://munin-async@host.example.org/ -W localhost:4949"
|
||||||
|
|
||||||
munin_admin_user: "{{ vault_munin_admin_user }}"
|
munin_admin_user: "{{ vault_munin_admin_user }}"
|
||||||
munin_admin_password: "{{ vault_munin_admin_password }}"
|
munin_admin_password: "{{ vault_munin_admin_password }}"
|
||||||
|
@ -13,3 +13,49 @@ private_key_munin_async_user_host: "{{ vault_private_key_munin_async_user_host }
|
||||||
public_key_munin_async_user_host: "{{ vault_public_key_munin_async_user_host }}"
|
public_key_munin_async_user_host: "{{ vault_public_key_munin_async_user_host }}"
|
||||||
|
|
||||||
munin_alerts: []
|
munin_alerts: []
|
||||||
|
|
||||||
|
# Role ansible-role-certbot : defina auto renew, schedule, ...
|
||||||
|
certbot_auto_renew: true
|
||||||
|
certbot_auto_renew_user: "root"
|
||||||
|
certbot_auto_renew_hour: "3"
|
||||||
|
certbot_auto_renew_minute: "30"
|
||||||
|
certbot_auto_renew_options: "--quiet --no-self-upgrade"
|
||||||
|
certbot_admin_email: contact@wirebrass.fr
|
||||||
|
certbot_create_if_missing: true
|
||||||
|
certbot_create_method: standalone
|
||||||
|
certbot_create_standalone_stop_services:
|
||||||
|
- nginx
|
||||||
|
certbot_certs:
|
||||||
|
- domains:
|
||||||
|
- "{{ inventory_hostname }}"
|
||||||
|
|
||||||
|
nginx_remove_default_vhost: true
|
||||||
|
nginx_vhosts:
|
||||||
|
- listen: "80"
|
||||||
|
server_name: "{{ inventory_hostname }}"
|
||||||
|
return: "301 https://{{ inventory_hostname }}$request_uri"
|
||||||
|
filename: "{{ inventory_hostname }}.80.conf"
|
||||||
|
- listen: "443 ssl http2"
|
||||||
|
server_name: "{{ inventory_hostname }}"
|
||||||
|
root: "/var/cache/munin/www/static"
|
||||||
|
filename: "{{ inventory_hostname }}.conf"
|
||||||
|
extra_parameters: |
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem;
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
location = / {
|
||||||
|
rewrite ^/$ munin/ redirect; break;
|
||||||
|
}
|
||||||
|
location /munin/static/ {
|
||||||
|
alias /etc/munin/static/;
|
||||||
|
expires modified +1w;
|
||||||
|
}
|
||||||
|
location /munin/ {
|
||||||
|
auth_basic "Restricted";
|
||||||
|
auth_basic_user_file /etc/munin/munin-htpasswd;
|
||||||
|
|
||||||
|
alias /var/cache/munin/www/;
|
||||||
|
expires modified +310s;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue