Merge pull request #11 from coopdevs/feature/add-ssl

Add SSL certificates for all domains

Merge pull request #11 from coopdevs/feature/add-ssl
54b53c8f · Enrico Stano · GitHub · c9a9cafe · 97c044b4 · 54b53c8f
Unverified Commit 54b53c8f authored 6 years ago by Enrico Stano Committed by GitHub 6 years ago
--- a/coopdevs.yml
+++ b/coopdevs.yml
@@ -45,3 +45,11 @@
        - limesurvey_user: limesurvey
        - limesurvey_group: limesurvey
    - role: discourse
+    - role: vendor/coopdevs.certbot_nginx
+      vars:
+        letsencrypt_email: info@coopdevs.org
+    - role: letsencrypt
+      vars:
+        domain_names:
+          - community.coopdevs.org
+          - forms.coopdevs.org
--- a/dependencies.yml
+++ b/dependencies.yml
+- src: coopdevs.certbot_nginx
+  version: 0.0.3
 - src: geerlingguy.postgresql
  version: 1.3.1
 - src: geerlingguy.php

--- a/roles/discourse/templates/discourse_nginx.conf.j2
+++ b/roles/discourse/templates/discourse_nginx.conf.j2
 server {
-  listen 80;
+  listen 80; listen [::]:80;
+  server_name {{ discourse_server_name }};
+
+  return 301 https://$host$request_uri;
+}

+server {
+  listen 443 ssl http2;
  server_name {{ discourse_server_name }};

+  ssl_certificate /etc/letsencrypt/live/{{ discourse_server_name }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ discourse_server_name }}/privkey.pem;
+  include /etc/letsencrypt/options-ssl-nginx.conf;
+
+  gzip on;
+
  location / {
    proxy_pass http://unix:/var/discourse/shared/standalone/nginx.http.sock:;
    proxy_set_header Host $http_host;
    proxy_http_version 1.1;
+    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
 }
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
+---
+- name: Install SSL certificates
+  include_role:
+    name: vendor/coopdevs.certbot_nginx
+    tasks_from: certificate.yml
+  with_items: "{{ domain_names }}"
+  loop_control:
+    loop_var: domain_name
--- a/roles/limesurvey/templates/limesurvey.conf.j2
+++ b/roles/limesurvey/templates/limesurvey.conf.j2
@@ -3,10 +3,24 @@ upstream php {
 }

 server {
-  listen   80;
+  listen 80; listen [::]:80;
+  server_name {{ limesurvey_server_name }};
+
+  return 301 https://$host$request_uri;
+}
+
+server {
+  listen 443 ssl http2;
+  server_name {{ limesurvey_server_name }};
+
+  ssl_certificate /etc/letsencrypt/live/{{ limesurvey_server_name }}/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/{{ limesurvey_server_name }}/privkey.pem;
+  include /etc/letsencrypt/options-ssl-nginx.conf;
+
+  gzip on;
+
  root {{ limesurvey_dir }};
  index index.php index.html index.htm;
-  server_name {{ limesurvey_server_name }};

  location / {
    try_files $uri $uri/ =404;