radityo/ansible-nginx
1
0
Fork 0
mirror of https://github.com/HanXHX/ansible-nginx.git synced 2026-02-24 09:03:29 +07:00
Code Issues Projects Releases Wiki Activity

Better SSL management

Browse Source 
- Use filter plugins
- Acme: can use proxy protocol
- Acme: uses all sites name
- Acme: add more tests while crashing
This commit is contained in:
Emilien Mantel
2019-12-31 12:43:43 +01:00
parent 2f8ce00067
commit 729173c46c
6 changed files with 56 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
templates/etc/nginx/conf.d/FAKESITE.conf.j2
View File

@@ -1,8 +1,16 @@
server {
listen {{ item.acme_port | default('80') }};
listen [::]:{{ item.acme_port | default('80') }};
{% set site = nginx_sites | nginx_search_by_ssl_name(item.name) %}
{% set __listen = site.listen | default(['80', '[::]:80']) %}
{% set __http_proxy_protocol_port = site.http_proxy_protocol_port | default([]) %}
server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(" ") }}{% endif %}{% if item.redirect_from is defined %} {% if item.redirect_from is string %}{{ item.redirect_from }}{% else %}{{ item.redirect_from | join(" ") }}{% endif %}{% endif %};
server {
{% for port in __listen %}
listen {{ port }};
{% endfor %}
{% for port in __http_proxy_protocol_port %}
listen {{ port }} proxy_protocol;
{% endfor %}
server_name {{ site | nginx_all_site_names | join(" ") }};
location / {
return 503;

2
templates/etc/nginx/sites-available/_base.j2
View File

@@ -43,7 +43,7 @@
{%- endif %}
{%- endmacro %}
{% macro ssl(ssl_name) %}
{% for sn in nginx_ssl_pairs if ((sn.name is string and sn.name == ssl_name) or (sn.name.0 == ssl_name)) %}
{% for sn in nginx_ssl_pairs if (sn.name is defined and sn.name == ssl_name) %}
ssl_certificate {{ sn | nginx_cert_path(nginx_ssl_dir) }};
ssl_certificate_key {{ sn | nginx_key_path(nginx_ssl_dir) }};
{% endfor %}