Webserver HTTPS Provisioning 🚀

Description

The srv-web-7-6-https role extends a basic Nginx installation by wiring in everything you need to serve content over HTTPS:

Ensures your Nginx server is configured for SSL/TLS.
Pulls in Let’s Encrypt ACME challenge handling.
Applies global cleanup of unused domain configs.

This role is built on top of your existing srv-web-7-4-core role, and it automates the end-to-end process of turning HTTP sites into secure HTTPS sites.

Overview

When you apply srv-web-7-6-https, it will:

Include the srv-web-7-4-core role to install and configure Nginx.
Clean up any stale vHost files under cln-domains.
Deploy the Let’s Encrypt challenge-and-redirect snippet from srv-web-7-7-letsencrypt.
Reload Nginx automatically when any template changes.

All tasks are idempotent—once your certificates are in place and your configuration is set, Ansible will skip unchanged steps on subsequent runs.

Features

🔒 Automatic HTTPS Redirect
Sets up port 80 → 443 redirect and serves /.well-known/acme-challenge/ for Certbot.
🔑 Let’s Encrypt Integration
Pulls in challenge configuration and CAA-record management for automatic certificate issuance and renewal.
🧹 Domain Cleanup
Removes obsolete or orphaned server blocks before enabling HTTPS.
🚦 Handler-Safe
Triggers an Nginx reload only when necessary, minimizing service interruptions.

Requirements

A working srv-web-7-4-core setup.
DNS managed via Cloudflare (for CAA record tasks) or equivalent ACME DNS flow.
Variables:
- certbot_webroot_path
- certbot_cert_path
- on_calendar_renew_lets_encrypt_certificates

License

This role is released under the CyMaIS NonCommercial License (CNCL). See https://s.veen.world/cncl for details.

Author

Developed and maintained by Kevin Veen-Birkenbach Consulting & Coaching Solutions https://www.veen.world

2.0 KiB Raw Blame History Unescape Escape