kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Determine wildcard cert paths and tidy nginx role

Browse Source
This commit is contained in:
Kris Lamoureux
2022-05-23 22:33:17 -04:00
parent 9a4aece442
commit 209ff57a4a
5 changed files with 31 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/proxy/templates/nginx.conf.j2
View File

@@ -22,4 +22,5 @@ http {
server_names_hash_bucket_size 128;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

12
roles/proxy/templates/server-nginx.conf.j2
View File

@@ -2,10 +2,18 @@ server {
listen 443 ssl;
server_name {{ item.domain }};
access_log /var/log/nginx/{{ item.domain }}.log main;
{% if proxy.production and item.tls.cert is not defined %}
{% if proxy.production is defined and proxy.production and proxy.dns_cloudflare.wildcard_domains is defined and item.tls.cert is not defined %}
{% for wildcard in proxy.dns_cloudflare.wildcard_domains %}
{% set domain_regex = '^\*\.' + wildcard + '$' %}
{% if item.domain | regex_search(wildcard) %}
ssl_certificate /etc/letsencrypt/live/{{ wildcard }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ wildcard }}/privkey.pem;
{% endif %}
{% endfor %}
{% elif proxy.production is defined and proxy.production and item.tls.cert is not defined %}
ssl_certificate /etc/letsencrypt/live/{{ item.domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ item.domain }}/privkey.pem;
{% elif proxy.production and item.tls.cert is defined %}
{% elif proxy.production is defined and proxy.production and item.tls.cert is defined %}
ssl_certificate {{ item.tls.cert }};
ssl_certificate_key {{ item.tls.key }};
{% else %}