diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2024-02-06 17:01:30 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2024-02-15 14:15:13 +0100 |
| commit | d74a10cbc6abe451c39eef30b6c610d916090448 (patch) | |
| tree | 02a9457925476463ed03332ac25f3ecf53de8f2e | |
| parent | 3b8151bbaeb569753fc9ddcb4d66af40c2de036a (diff) | |
HTTPd: Set vhost karta.klimatanalysnorr.se.
| -rw-r--r-- | files/etc/lacme/lacme-certs.conf.d/hel01.conf | 7 | ||||
| -rw-r--r-- | files/etc/lacme/lacme-certs.conf.d/webmap.conf | 8 | ||||
| -rw-r--r-- | files/etc/nginx/sites-enabled/webmap | 28 | ||||
| -rw-r--r-- | tasks/httpd.yml | 6 |
4 files changed, 34 insertions, 15 deletions
diff --git a/files/etc/lacme/lacme-certs.conf.d/hel01.conf b/files/etc/lacme/lacme-certs.conf.d/hel01.conf deleted file mode 100644 index 87f290b..0000000 --- a/files/etc/lacme/lacme-certs.conf.d/hel01.conf +++ /dev/null @@ -1,7 +0,0 @@ -[httpd] -certificate-key = /etc/nginx/ssl/hel01.rsa.key -certificate-chain = /etc/nginx/ssl/hel01.rsa.pem -subject = /CN=hel01.guilhem.se -notify = /bin/systemctl reload postfix - -; vim:ft=dosini diff --git a/files/etc/lacme/lacme-certs.conf.d/webmap.conf b/files/etc/lacme/lacme-certs.conf.d/webmap.conf new file mode 100644 index 0000000..0d2605a --- /dev/null +++ b/files/etc/lacme/lacme-certs.conf.d/webmap.conf @@ -0,0 +1,8 @@ +[webmap] +certificate-key = /etc/nginx/ssl/webmap.rsa.key +certificate-chain = /etc/nginx/ssl/webmap.rsa.pem +subject = /CN=karta.klimatanalysnorr.se +subjectAltName = DNS:karta.klimatanalysnorr.se,DNS:hel01.guilhem.se +notify = /bin/systemctl reload nginx + +; vim:ft=dosini diff --git a/files/etc/nginx/sites-enabled/webmap b/files/etc/nginx/sites-enabled/webmap index e967535..d16ab60 100644 --- a/files/etc/nginx/sites-enabled/webmap +++ b/files/etc/nginx/sites-enabled/webmap @@ -2,7 +2,7 @@ server { listen 80; listen [::]:80; - server_name hel01.guilhem.se; + server_name karta.klimatanalysnorr.se hel01.guilhem.se; include /etc/lacme/nginx.conf; @@ -15,16 +15,34 @@ server { } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443; + listen [::]:443; server_name hel01.guilhem.se; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log warn; - ssl_certificate /etc/nginx/ssl/hel01.rsa.pem; - ssl_certificate_key /etc/nginx/ssl/hel01.rsa.key; + ssl_certificate /etc/nginx/ssl/webmap.rsa.pem; + ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key; + include snippets/ssl.conf; + + location / { + return 303 https://karta.klimatanalysnorr.se$request_uri; + } +} + +server { + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + server_name karta.klimatanalysnorr.se; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log warn; + + ssl_certificate /etc/nginx/ssl/webmap.rsa.pem; + ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key; include snippets/ssl.conf; add_header Referrer-Policy "no-referrer"; diff --git a/tasks/httpd.yml b/tasks/httpd.yml index 0973db1..2138d35 100644 --- a/tasks/httpd.yml +++ b/tasks/httpd.yml @@ -16,9 +16,9 @@ - name: Install lacme apt: pkg=lacme -- name: Copy /etc/lacme/lacme-certs.conf.d/hel01.conf - copy: src=etc/lacme/lacme-certs.conf.d/hel01.conf - dest=/etc/lacme/lacme-certs.conf.d/hel01.conf +- name: Copy /etc/lacme/lacme-certs.conf.d/webmap.conf + copy: src=etc/lacme/lacme-certs.conf.d/webmap.conf + dest=/etc/lacme/lacme-certs.conf.d/webmap.conf owner=root group=root mode=0644 |