Moved dependency of certificate validation directory to nginx role

6 years ago · 6a6e2f6602
parent 01fafa5ca1
commit 6a6e2f6602
8 changed files with 21 additions and 6 deletions
--- a/roles/acme/application/meta/main.yml
+++ b/roles/acme/application/meta/main.yml
@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: nginx/application
--- a/roles/acme/application/tasks/main.yml
+++ b/roles/acme/application/tasks/main.yml
@ -42,8 +42,3 @@
  file:
    path: "{{ acme_certificates_directory }}"
    state: "directory"
-
- name: Create directory for validation
-  file:
-    path: "/var/www/validation"
-    state: "directory"
--- a/roles/acme/certificate/tasks/main.yml
+++ b/roles/acme/certificate/tasks/main.yml
@ -6,7 +6,7 @@
  command: >-
    ./acme.sh --issue
    --domain "{{ domain }}"
-    --webroot "/var/www/validation"
+    --webroot "{{ nginx_validation_directory }}"
  args:
    chdir: "~/.acme.sh"
  register: acme_issue_result
--- a/roles/nginx/application/defaults/main.yml
+++ b/roles/nginx/application/defaults/main.yml
@ -11,3 +11,5 @@ nginx_snippets_directory: "{{ nginx_installation_directory }}/snippets"
 nginx_global_log_directory: "/var/log/nginx"
 nginx_global_access_log: "{{ nginx_global_log_directory }}/access.log"
 nginx_global_error_log: "{{ nginx_global_log_directory }}/error.log"
+
+nginx_validation_directory: "/var/www/validation"
--- a/roles/nginx/application/tasks/main.yml
+++ b/roles/nginx/application/tasks/main.yml
@ -24,6 +24,7 @@
    - "{{ nginx_sites_directory }}"
    - "{{ nginx_streams_directory }}"
    - "{{ nginx_snippets_directory }}"
+    - "{{ nginx_validation_directory }}"

 - name: Upload snippets to nginx
  copy:
--- a/roles/nginx/application/templates/global.conf
+++ b/roles/nginx/application/templates/global.conf
@ -0,0 +1,11 @@
+location /.well-known/acme-challenge {
+    root {{ nginx_validation_directory }};
+    access_log on;
+    try_files $uri $uri/ =404;
+}
+
+location = /robots.txt {
+    allow all;
+    log_not_found off;
+    access_log off;
+}
--- a/roles/nginx/application/vars/main.yml
+++ b/roles/nginx/application/vars/main.yml
@ -5,5 +5,6 @@ nginx_unnecessary_files:
  - sites-enabled

 nginx_snippets:
+  - global
  - https
  - ssl
--- a/roles/nginx/forward/templates/forward.conf
+++ b/roles/nginx/forward/templates/forward.conf
@ -8,6 +8,7 @@ server {
  ssl_certificate_key {{ acme_key_location }};

  include {{ nginx_snippets_directory }}/https;
+  include {{ nginx_snippets_directory }}/global;

  redirect 301 https://{{ destination }}$request_uri;
 }