Verified Commit 9d368337 authored by Florian Pritz's avatar Florian Pritz
Browse files

dbscripts: Add HTTPS for the dev mirror


Signed-off-by: Florian Pritz's avatarFlorian Pritz <bluewind@xinu.at>
parent e424db12
......@@ -18,13 +18,22 @@
- name: set up sudoers.d for special users
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=600
- stat: path="/etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem"
register: certfile
tags:
- nginx
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=644
notify:
- restart nginx
tags:
- nginx
- name: put dbscripts.htpasswd in place
copy: src=dbscripts.htpasswd dest=/etc/nginx/auth/dbscripts.htpasswd owner=root group=http mode=640
tags:
- nginx
- name: create Arch Linux-specific users
user:
......
......@@ -2,16 +2,32 @@ server {
listen 80;
listen [::]:80;
server_name {{ repos_domain }};
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://$server_name$1;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ repos_domain }};
root /srv/ftp;
{% if certfile.stat.exists %}
ssl_certificate /etc/letsencrypt/live/{{ repos_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ repos_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ repos_domain }}/chain.pem;
{% endif %}
satisfy any;
location /lastupdate {
allow all;
}
include snippets/letsencrypt.conf;
# Server at velocitynet
allow 66.211.214.130; # dom0.archlinux.org.
allow 66.211.214.131; # gudrun.archlinux.org.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment