Add HTTPS with certbot

Fixes #1
2020-02-19 01:16:09 +00:00 · 2020-02-19 01:16:09 +00:00 · 6d79ff1ffc
commit 6d79ff1ffc
parent 75652fe560
3 changed files with 17 additions and 0 deletions
--- a/tools/ansible/provision.yml
+++ b/tools/ansible/provision.yml
@ -8,6 +8,7 @@
  roles:
    - name: geerlingguy.firewall
    - name: geerlingguy.security
+    - name: geerlingguy.certbot
    - name: geerlingguy.mysql
    - name: geerlingguy.nginx
    - name: geerlingguy.php-versions
--- a/tools/ansible/requirements.yml
+++ b/tools/ansible/requirements.yml
@ -3,6 +3,8 @@
  version: 3.4.0
 - name: ansistrano.rollback
  version: 3.0.0
+- name: geerlingguy.certbot
+  version: 3.0.3
 - name: geerlingguy.composer
  version: 1.7.3
 - name: geerlingguy.firewall
--- a/tools/ansible/vars/provision_vars.yml
+++ b/tools/ansible/vars/provision_vars.yml
@ -30,10 +30,18 @@ nginx_remove_default_vhost: true
 nginx_server_tokens: 'off'
 nginx_vhosts:
  - listen: 80
+    server_name: d8.oliverdavies.uk
+    return: 301 https://d8.oliverdavies.uk$request_uri
+    filename: d8.oliverdavies.uk.80.conf
+
+  - listen: 443 ssl
    server_name: d8.oliverdavies.uk
    root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
    index: index.php
    extra_parameters: |
+      ssl_certificate     /etc/letsencrypt/live/d8.oliverdavies.uk/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/d8.oliverdavies.uk/privkey.pem;
+ 
      location = /favicon.ico {
          log_not_found off;
          access_log off;
@ -122,3 +130,9 @@ nginx_vhosts:
      if ($request_uri ~* "^(.*/)index\.php(.*)") {
          return 307 $1$2;
      }
+
+certbot_create_if_missing: true
+certbot_create_method: standalone
+certbot_admin_email: oliver+certbot@oliverdavies.uk
+certbot_certs:
+  - domains: [d8.oliverdavies.uk]