Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
9d368337
Verified
Commit
9d368337
authored
Jul 26, 2016
by
Florian Pritz
Browse files
dbscripts: Add HTTPS for the dev mirror
Signed-off-by:
Florian Pritz
<
bluewind@xinu.at
>
parent
e424db12
Changes
2
Hide whitespace changes
Inline
Side-by-side
roles/dbscripts/tasks/main.yml
View file @
9d368337
...
...
@@ -18,13 +18,22 @@
-
name
:
set up sudoers.d for special users
copy
:
src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=600
-
stat
:
path="/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem"
register
:
certfile
tags
:
-
nginx
-
name
:
set up nginx
template
:
src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=644
notify
:
-
restart nginx
tags
:
-
nginx
-
name
:
put dbscripts.htpasswd in place
copy
:
src=dbscripts.htpasswd dest=/etc/nginx/auth/dbscripts.htpasswd owner=root group=http mode=640
tags
:
-
nginx
-
name
:
create Arch Linux-specific users
user
:
...
...
roles/dbscripts/templates/nginx.d.conf.j2
View file @
9d368337
...
...
@@ -2,16 +2,32 @@ server {
listen 80;
listen [::]:80;
server_name {{ repos_domain }};
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://$server_name$1;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ repos_domain }};
root /srv/ftp;
{% if certfile.stat.exists %}
ssl_certificate /etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ repos_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ repos_domain }}/chain.pem;
{% endif %}
satisfy any;
location /lastupdate {
allow all;
}
include snippets/letsencrypt.conf;
# Server at velocitynet
allow 66.211.214.130; # dom0.archlinux.org.
allow 66.211.214.131; # gudrun.archlinux.org.
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment