kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-02 07:38:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
computer-playbook/roles/sys-svc-webserver-https
History
Kevin Veen-Birkenbach e09f561f0b Refactor run-once orchestration and bootstrap Mailu/Mastodon in a single deploy 
- Replace legacy utils/run_once.yml with the new helpers utils/once_flag.yml and utils/once_finalize.yml
- Introduce utils/compose_up.yml to ensure docker-compose stacks are up and to flush handlers safely without coupling to run-once flags
- Migrate all affected roles (desk-*, dev-*, sys-ctl-*, sys-svc-*, web-app-*, web-svc-*, util-*) to the new run-once helpers
- Rework sys-svc-msmtp to auto-load Mailu once per deploy, check reachability, and reuse the running stack instead of requiring multiple playbook passes
- Adjust web-app-mailu to integrate cert deployment, handler flushing, and run-once handling so Mailu is fully initialized in a single deploy
- Improve Matomo, CDN, logout and CSP/health-check related roles to cooperate with the new compose_up / once_* pattern
- Simplify alarm/backup/timer/service orchestration (sys-ctl-alm-*, sys-bkp-provider, sys-timer-cln-bkps, etc.) by moving run-once logic into dedicated 01_core.yml files
- Update integration tests so utils/once_flag.yml and utils/once_finalize.yml are recognised as valid run-once providers, keeping the global run_once_* guarantees consistent
- Align frontend injection and service dependencies so Mastodon- and Mailu-related services can be brought up coherently within a single deployment cycle rather than several iterations
2025-12-01 13:30:50 +01:00
..
meta
tasks
Refactor run-once orchestration and bootstrap Mailu/Mastodon in a single deploy
2025-12-01 13:30:50 +01:00
README.md

README.md

Webserver HTTPS Provisioning 🚀

Description

The sys-svc-webserver-https role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:

  1. Ensures your Nginx server is configured for SSL/TLS.
  2. Pulls in Lets Encrypt ACME challenge handling.
  3. Applies global cleanup of unused domain configs.

This role is built on top of your existing sys-svc-webserver-core role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.

Overview

When you apply sys-svc-webserver-https, it will:

  1. Include the sys-svc-webserver-core role to install and configure Nginx.
  2. Clean up any stale vHost files under sys-svc-cln-domains.
  3. Deploy the Lets Encrypt challenge-and-redirect snippet from sys-svc-letsencrypt.
  4. Reload Nginx automatically when any template changes.

All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.

Features

  • 🔒 Automatic HTTPS Redirect
    Sets up port 80 → 443 redirect and serves /.well-known/acme-challenge/ for Certbot.

  • 🔑 Lets Encrypt Integration
    Pulls in challenge configuration and CAA-record management for automatic certificate issuance and renewal.

  • 🧹 Domain Cleanup
    Removes obsolete or orphaned server blocks before enabling HTTPS.

  • 🚦 Handler-Safe
    Triggers an Nginx reload only when necessary, minimizing service interruptions.

License

This role is released under the Infinito.Nexus NonCommercial License. See https://s.infinito.nexus/license for details.

Author

Developed and maintained by Kevin Veen-Birkenbach Consulting & Coaching Solutions https://www.veen.world

Reference in New Issue View Git Blame Copy Permalink