From d74a10cbc6abe451c39eef30b6c610d916090448 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 6 Feb 2024 17:01:30 +0100
Subject: HTTPd: Set vhost karta.klimatanalysnorr.se.

---
 files/etc/lacme/lacme-certs.conf.d/hel01.conf  |  7 -------
 files/etc/lacme/lacme-certs.conf.d/webmap.conf |  8 ++++++++
 files/etc/nginx/sites-enabled/webmap           | 28 +++++++++++++++++++++-----
 tasks/httpd.yml                                |  6 +++---
 4 files changed, 34 insertions(+), 15 deletions(-)
 delete mode 100644 files/etc/lacme/lacme-certs.conf.d/hel01.conf
 create mode 100644 files/etc/lacme/lacme-certs.conf.d/webmap.conf

diff --git a/files/etc/lacme/lacme-certs.conf.d/hel01.conf b/files/etc/lacme/lacme-certs.conf.d/hel01.conf
deleted file mode 100644
index 87f290b..0000000
--- a/files/etc/lacme/lacme-certs.conf.d/hel01.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-[httpd]
-certificate-key = /etc/nginx/ssl/hel01.rsa.key
-certificate-chain = /etc/nginx/ssl/hel01.rsa.pem
-subject = /CN=hel01.guilhem.se
-notify = /bin/systemctl reload postfix
-
-; vim:ft=dosini
diff --git a/files/etc/lacme/lacme-certs.conf.d/webmap.conf b/files/etc/lacme/lacme-certs.conf.d/webmap.conf
new file mode 100644
index 0000000..0d2605a
--- /dev/null
+++ b/files/etc/lacme/lacme-certs.conf.d/webmap.conf
@@ -0,0 +1,8 @@
+[webmap]
+certificate-key = /etc/nginx/ssl/webmap.rsa.key
+certificate-chain = /etc/nginx/ssl/webmap.rsa.pem
+subject = /CN=karta.klimatanalysnorr.se
+subjectAltName = DNS:karta.klimatanalysnorr.se,DNS:hel01.guilhem.se
+notify = /bin/systemctl reload nginx
+
+; vim:ft=dosini
diff --git a/files/etc/nginx/sites-enabled/webmap b/files/etc/nginx/sites-enabled/webmap
index e967535..d16ab60 100644
--- a/files/etc/nginx/sites-enabled/webmap
+++ b/files/etc/nginx/sites-enabled/webmap
@@ -2,7 +2,7 @@ server {
     listen 80;
     listen [::]:80;
 
-    server_name hel01.guilhem.se;
+    server_name karta.klimatanalysnorr.se hel01.guilhem.se;
 
     include /etc/lacme/nginx.conf;
 
@@ -15,16 +15,34 @@ server {
 }
 
 server {
-    listen      443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443;
+    listen [::]:443;
 
     server_name hel01.guilhem.se;
 
     access_log /var/log/nginx/access.log;
     error_log /var/log/nginx/error.log warn;
 
-    ssl_certificate /etc/nginx/ssl/hel01.rsa.pem;
-    ssl_certificate_key /etc/nginx/ssl/hel01.rsa.key;
+    ssl_certificate /etc/nginx/ssl/webmap.rsa.pem;
+    ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key;
+    include snippets/ssl.conf;
+
+    location / {
+        return 303 https://karta.klimatanalysnorr.se$request_uri;
+    }
+}
+
+server {
+    listen      443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+
+    server_name karta.klimatanalysnorr.se;
+
+    access_log /var/log/nginx/access.log;
+    error_log /var/log/nginx/error.log warn;
+
+    ssl_certificate /etc/nginx/ssl/webmap.rsa.pem;
+    ssl_certificate_key /etc/nginx/ssl/webmap.rsa.key;
     include snippets/ssl.conf;
 
     add_header Referrer-Policy "no-referrer";
diff --git a/tasks/httpd.yml b/tasks/httpd.yml
index 0973db1..2138d35 100644
--- a/tasks/httpd.yml
+++ b/tasks/httpd.yml
@@ -16,9 +16,9 @@
 - name: Install lacme
   apt: pkg=lacme
 
-- name: Copy /etc/lacme/lacme-certs.conf.d/hel01.conf
-  copy: src=etc/lacme/lacme-certs.conf.d/hel01.conf
-        dest=/etc/lacme/lacme-certs.conf.d/hel01.conf
+- name: Copy /etc/lacme/lacme-certs.conf.d/webmap.conf
+  copy: src=etc/lacme/lacme-certs.conf.d/webmap.conf
+        dest=/etc/lacme/lacme-certs.conf.d/webmap.conf
         owner=root group=root
         mode=0644
 
-- 
cgit v1.2.3