alpine: assume one DNS name per host
Avoid needless complexity.
This commit is contained in:
parent
393614aa79
commit
38c3464279
|
@ -1,11 +1,10 @@
|
|||
{% for fqdn in fqdns %}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name {{ fqdn }};
|
||||
server_name {{ dns_name }};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
|
@ -35,5 +34,3 @@ server {
|
|||
fastcgi_pass unix:/run/php-fpm.socket;
|
||||
}
|
||||
}
|
||||
|
||||
{% endfor %}
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
{% for fqdn in fqdns %}
|
||||
server {
|
||||
server_name {{ fqdn }};
|
||||
server_name {{ dns_name }};
|
||||
|
||||
listen [::]:443 ssl ipv6only=off;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/lib/forgejo/socket;
|
||||
|
@ -19,5 +18,3 @@ server {
|
|||
client_max_body_size 512M;
|
||||
}
|
||||
}
|
||||
|
||||
{% endfor %}
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
line: '{{ item.line }}'
|
||||
loop:
|
||||
- key: '^ALLOWED_HOSTS = '
|
||||
line: "ALLOWED_HOSTS = [{{ fqdns | map('regex_replace', '^(.*)$', '\"\\1\"') | join(', ') }}]"
|
||||
line: "ALLOWED_HOSTS = ['{{ dns_name }}']"
|
||||
- key: 'USER.*PostgreSQL username'
|
||||
line: " 'USER': '{{ user }}', # PostgreSQL username"
|
||||
# XXX unnecessary?
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
{% for fqdn in fqdns %}
|
||||
server {
|
||||
server_name {{ fqdn }};
|
||||
server_name {{ dns_name }};
|
||||
|
||||
listen [::]:443 ssl ipv6only=off;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ fqdn }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ fqdn }}/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
|
||||
|
||||
client_max_body_size 100m;
|
||||
|
||||
|
@ -19,5 +18,3 @@ server {
|
|||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
|
||||
{% endfor %}
|
||||
|
|
|
@ -26,9 +26,8 @@
|
|||
|
||||
- name: Get LE certificate
|
||||
command:
|
||||
cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ item }}
|
||||
creates: '/etc/letsencrypt/renewal/{{ item }}.conf'
|
||||
loop: '{{ fqdns }}'
|
||||
cmd: certbot certonly --non-interactive --agree-tos --register-unsafely-without-email --webroot --webroot-path /srv/http -d {{ dns_name }}
|
||||
creates: '/etc/letsencrypt/renewal/{{ dns_name }}.conf'
|
||||
|
||||
- name: Enable certbot renewal
|
||||
cron:
|
||||
|
|
Loading…
Reference in a new issue