From 226bc9c873b8fac45a97753b2689f74207a41fec Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Tue, 28 May 2019 18:32:17 +0200
Subject: [PATCH] Reconfigured nginx / acme validation handling

---
 roles/acme/certificate/tasks/main.yml       |  2 +-
 roles/nginx/application/defaults/main.yml   |  4 +++-
 roles/nginx/application/tasks/main.yml      | 12 +++++++++++-
 roles/nginx/application/templates/acme.conf |  4 ++--
 4 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/roles/acme/certificate/tasks/main.yml b/roles/acme/certificate/tasks/main.yml
index 879b17d..64df7c1 100644
--- a/roles/acme/certificate/tasks/main.yml
+++ b/roles/acme/certificate/tasks/main.yml
@@ -6,7 +6,7 @@
   command: >-
     ./acme.sh --issue
     --domain "{{ domain }}"
-    --webroot "{{ nginx_validation_directory }}"
+    --webroot "{{ nginx_validation_root_directory }}"
   args:
     chdir: "~/.acme.sh"
   register: acme_issue_result
diff --git a/roles/nginx/application/defaults/main.yml b/roles/nginx/application/defaults/main.yml
index ac648e9..6c890e9 100644
--- a/roles/nginx/application/defaults/main.yml
+++ b/roles/nginx/application/defaults/main.yml
@@ -12,4 +12,6 @@ nginx_global_log_directory: "/var/log/nginx"
 nginx_global_access_log: "{{ nginx_global_log_directory }}/access.log"
 nginx_global_error_log: "{{ nginx_global_log_directory }}/error.log"
 
-nginx_validation_directory: "/var/www/validation"
+acme_validation_directory: ".well-known/acme-challenge"
+nginx_validation_root_directory: "/var/www/validation"
+nginx_validation_test_file: "{{ nginx_validation_root_directory }}/{{ acme_validation_directory }}/test"
diff --git a/roles/nginx/application/tasks/main.yml b/roles/nginx/application/tasks/main.yml
index 345b7d9..9d43bbc 100644
--- a/roles/nginx/application/tasks/main.yml
+++ b/roles/nginx/application/tasks/main.yml
@@ -24,7 +24,9 @@
     - "{{ nginx_sites_directory }}"
     - "{{ nginx_streams_directory }}"
     - "{{ nginx_snippets_directory }}"
-    - "{{ nginx_validation_directory }}"
+    - "{{ nginx_validation_root_directory }}"
+    - "{{ nginx_validation_test_file | dirname }}"
+    - "{{ global_webservers_directory }}"
 
 - name: Upload snippets to nginx
   template:
@@ -35,6 +37,14 @@
     mode: "u=rw,g=r,o=r"
   with_items: "{{ nginx_snippets }}"
 
+- name: Configure test file for validation directory
+  copy:
+    content: "{{ ansible_fqdn }}"
+    dest: "{{ nginx_validation_test_file }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+
 - name: Enable nginx service
   systemd:
     enabled: yes
diff --git a/roles/nginx/application/templates/acme.conf b/roles/nginx/application/templates/acme.conf
index 7c3bee9..c59ca8b 100644
--- a/roles/nginx/application/templates/acme.conf
+++ b/roles/nginx/application/templates/acme.conf
@@ -1,5 +1,5 @@
-location /.well-known/acme-challenge {
-    root {{ nginx_validation_directory }};
+location /{{ acme_validation_directory }} {
+    root {{ nginx_validation_root_directory }};
     access_log on;
     try_files $uri $uri/ =404;
 }