kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-01 08:08:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Replaced nginx native with openresty for logout injection. Right now still buggy on nextcloud and espocrm

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-07-24 03:19:16 +02:00
parent f5213fd59c
commit f62355e490
129 changed files with 515 additions and 319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/srv-web-7-7-letsencrypt/tasks/main.yml
View File

@@ -2,7 +2,7 @@
template:
src: "letsencrypt.conf.j2"
dest: "{{nginx.directories.http.global}}letsencrypt.conf"
notify: restart nginx
notify: restart openresty
when: run_once_letsencrypt is not defined
- name: "Set CAA records for all base domains"

2
roles/srv-web-7-7-letsencrypt/templates/letsencrypt.conf.j2
View File

@@ -9,7 +9,7 @@ server
#letsencrypt
location ^~ /.well-known/acme-challenge/ {
allow all;
root {{ certbot_webroot_path }};
root {{ letsencrypt_webroot_path }};
default_type "text/plain";
try_files $uri =404;
}

6
roles/srv-web-7-7-letsencrypt/templates/ssl_credentials.j2
View File

@@ -1,3 +1,3 @@
ssl_certificate {{ certbot_cert_path }}/{{ ssl_cert_folder }}/fullchain.pem;
ssl_certificate_key {{ certbot_cert_path }}/{{ ssl_cert_folder }}/privkey.pem;
ssl_trusted_certificate {{ certbot_cert_path }}/{{ ssl_cert_folder }}/chain.pem;
ssl_certificate {{ [ letsencrypt_live_path, ssl_cert_folder] | path_join }}/fullchain.pem;
ssl_certificate_key {{ [ letsencrypt_live_path, ssl_cert_folder] | path_join }}/privkey.pem;
ssl_trusted_certificate {{ [ letsencrypt_live_path, ssl_cert_folder] | path_join }}/chain.pem;