kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-09 18:28:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
computer-playbook/roles/sys-svc-webserver-https
History
Kevin Veen-Birkenbach 97af4990aa refactor(webserver): rename roles and update references 
- Rename sys-svc-webserver -> sys-svc-webserver-core
- Rename sys-stk-front-pure -> sys-svc-webserver-https
- Update includes, run_once flags, and docs across:
  * sys-ctl-mtn-cert-renew
  * sys-front-inj-*
  * sys-stk-front-proxy
  * sys-svc-certs
  * sys-svc-cln-domains
  * web-opt-rdr-*
  * web-svc-*
- Remove redundant webserver include in web-opt-rdr-www
- Fix documentation links

Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b
2025-09-26 19:34:42 +02:00
..
meta
refactor(webserver): rename roles and update references
2025-09-26 19:34:42 +02:00
tasks
refactor(webserver): rename roles and update references
2025-09-26 19:34:42 +02:00
README.md
refactor(webserver): rename roles and update references
2025-09-26 19:34:42 +02:00

README.md

Webserver HTTPS Provisioning 🚀

Description

The sys-svc-webserver-https role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:

  1. Ensures your Nginx server is configured for SSL/TLS.
  2. Pulls in Lets Encrypt ACME challenge handling.
  3. Applies global cleanup of unused domain configs.

This role is built on top of your existing sys-svc-webserver-core role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.

Overview

When you apply sys-svc-webserver-https, it will:

  1. Include the sys-svc-webserver-core role to install and configure Nginx.
  2. Clean up any stale vHost files under sys-svc-cln-domains.
  3. Deploy the Lets Encrypt challenge-and-redirect snippet from sys-svc-letsencrypt.
  4. Reload Nginx automatically when any template changes.

All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.

Features

  • 🔒 Automatic HTTPS Redirect
    Sets up port 80 → 443 redirect and serves /.well-known/acme-challenge/ for Certbot.

  • 🔑 Lets Encrypt Integration
    Pulls in challenge configuration and CAA-record management for automatic certificate issuance and renewal.

  • 🧹 Domain Cleanup
    Removes obsolete or orphaned server blocks before enabling HTTPS.

  • 🚦 Handler-Safe
    Triggers an Nginx reload only when necessary, minimizing service interruptions.

License

This role is released under the Infinito.Nexus NonCommercial License. See https://s.infinito.nexus/license for details.

Author

Developed and maintained by Kevin Veen-Birkenbach Consulting & Coaching Solutions https://www.veen.world