Disroot-Ansible/nginx
11
1
Fork 0
Code Pull requests Projects Releases 1 Activity

Some clarification about ssl.yml task #70

Merged
muppeth merged 3 commits from 972-ssl_src_path_clarification into staging 2024-08-02 10:16:16 +02:00
Conversation 0 Commits 3 Files changed 3 +28 -14
muppeth commented 2024-08-01 22:11:16 +02:00
Owner
Copy link
  • Added clarification to task naming in ssl.yml task
  • added a note about certificates in readme file
  • Removed changelog (we should do releases insted and keep it up to date)

This is related to #972

- Added clarification to task naming in ssl.yml task - added a note about certificates in readme file - Removed changelog (we should do releases insted and keep it up to date) This is related to [#972](https://git.disroot.org/Disroot/Disroot-Project/issues/972)
muppeth added 15 commits 2024-08-01 22:11:16 +02:00 
Changed the way vhosts are created. This is to prevent situation where https vhosts are created without corresponding certificate which is  causing error. Solution to that is to check if ssl cert exists for vhost before creating them.

Suggested approach is to create vhost called '01.letsencrypt' or `01.domain.ltd` using `letsencrypt` template. This will allow new certificates to be created for upcoming vhosts and once certs are  created, nginx will be able to create vhosts and not error out.  (so first run letsencrypt and then nginx).

Currently vhost creation and enabling is done separate for HTTP and HTTPS vhosts. Not the best solution, but works for now.

Reviewed-on: #63
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
Reviewed-on: #62
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
Co-authored-by: meaz <meaz@disroot.org>
Co-committed-by: meaz <meaz@disroot.org>
Reviewed-on: #66
changed the cgheck for certificate existance to item.ssl_name instead of item.name. This is cover situation where name of the certificate is different then then name of the vhost (eg. wildcard cert). Additionally added `item.name` to name of the tasks for things like vhost create to make sure we see which vhost is created (better visability)

Reviewed-on: #67
Reviewed-by: meaz <meaz@no-reply@disroot.org>
Co-authored-by: muppeth <muppeth@disroot.org>
Co-committed-by: muppeth <muppeth@disroot.org>
Some " Bypass PeerTube for performance reasons. Optional" are commented out, otherwise I get issue. If you manage to have those working that is nice @muppeth otherwise that's optional anyway.

Co-authored-by: muppeth <muppeth@disroot.org>
Co-authored-by: muppeth <muppeth@no-reply@disroot.org>
Reviewed-on: #59
Reviewed-by: muppeth <muppeth@no-reply@disroot.org>
muppeth changed target branch from main to staging 2024-08-01 22:11:32 +02:00
meaz approved these changes 2024-08-02 07:38:16 +02:00
muppeth merged commit 507bfd00fc into staging 2024-08-02 10:16:16 +02:00
muppeth deleted branch 972-ssl_src_path_clarification 2024-08-02 10:16:16 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
meaz
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Disroot-Ansible/nginx#70
No description provided.
Delete branch "972-ssl_src_path_clarification"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?