diff --git a/roles/acme/application/meta/main.yml b/roles/acme/application/meta/main.yml new file mode 100644 index 0000000..e2d6cfc --- /dev/null +++ b/roles/acme/application/meta/main.yml @@ -0,0 +1,4 @@ +--- + +dependencies: + - role: nginx/application diff --git a/roles/acme/application/tasks/main.yml b/roles/acme/application/tasks/main.yml index ad5fc48..cac8442 100644 --- a/roles/acme/application/tasks/main.yml +++ b/roles/acme/application/tasks/main.yml @@ -42,8 +42,3 @@ file: path: "{{ acme_certificates_directory }}" state: "directory" - -- name: Create directory for validation - file: - path: "/var/www/validation" - state: "directory" diff --git a/roles/acme/certificate/tasks/main.yml b/roles/acme/certificate/tasks/main.yml index dd08220..879b17d 100644 --- a/roles/acme/certificate/tasks/main.yml +++ b/roles/acme/certificate/tasks/main.yml @@ -6,7 +6,7 @@ command: >- ./acme.sh --issue --domain "{{ domain }}" - --webroot "/var/www/validation" + --webroot "{{ nginx_validation_directory }}" args: chdir: "~/.acme.sh" register: acme_issue_result diff --git a/roles/nginx/application/defaults/main.yml b/roles/nginx/application/defaults/main.yml index a3a88a5..ac648e9 100644 --- a/roles/nginx/application/defaults/main.yml +++ b/roles/nginx/application/defaults/main.yml @@ -11,3 +11,5 @@ nginx_snippets_directory: "{{ nginx_installation_directory }}/snippets" nginx_global_log_directory: "/var/log/nginx" nginx_global_access_log: "{{ nginx_global_log_directory }}/access.log" nginx_global_error_log: "{{ nginx_global_log_directory }}/error.log" + +nginx_validation_directory: "/var/www/validation" diff --git a/roles/nginx/application/tasks/main.yml b/roles/nginx/application/tasks/main.yml index 6380d3c..06954fa 100644 --- a/roles/nginx/application/tasks/main.yml +++ b/roles/nginx/application/tasks/main.yml @@ -24,6 +24,7 @@ - "{{ nginx_sites_directory }}" - "{{ nginx_streams_directory }}" - "{{ nginx_snippets_directory }}" + - "{{ nginx_validation_directory }}" - name: Upload snippets to nginx copy: diff --git a/roles/nginx/application/templates/global.conf b/roles/nginx/application/templates/global.conf new file mode 100644 index 0000000..d9899d1 --- /dev/null +++ b/roles/nginx/application/templates/global.conf @@ -0,0 +1,11 @@ +location /.well-known/acme-challenge { + root {{ nginx_validation_directory }}; + access_log on; + try_files $uri $uri/ =404; +} + +location = /robots.txt { + allow all; + log_not_found off; + access_log off; +} diff --git a/roles/nginx/application/vars/main.yml b/roles/nginx/application/vars/main.yml index 0f8ab5a..b5f54c6 100644 --- a/roles/nginx/application/vars/main.yml +++ b/roles/nginx/application/vars/main.yml @@ -5,5 +5,6 @@ nginx_unnecessary_files: - sites-enabled nginx_snippets: + - global - https - ssl diff --git a/roles/nginx/forward/templates/forward.conf b/roles/nginx/forward/templates/forward.conf index 96e5fce..45b30c0 100644 --- a/roles/nginx/forward/templates/forward.conf +++ b/roles/nginx/forward/templates/forward.conf @@ -8,6 +8,7 @@ server { ssl_certificate_key {{ acme_key_location }}; include {{ nginx_snippets_directory }}/https; + include {{ nginx_snippets_directory }}/global; redirect 301 https://{{ destination }}$request_uri; }