Created
September 23, 2019 03:06
-
-
Save egeneralov/1759ca0cb52fea61c7a014e1051563c7 to your computer and use it in GitHub Desktop.
egeneralov.nginx + acme.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DOMAIN=e-xample.com | |
| PROXY_TO=127.0.0.1:8427 | |
| cat << EOF > nginx.yml | |
| --- | |
| - hosts: ${DOMAIN} | |
| vars: | |
| upstreams: | |
| $(echo ${DOMAIN} | sed 's/\./-/g'): | |
| ip_hash: False | |
| proxy_to: | |
| - ${PROXY_TO} | |
| vhosts: | |
| - domain: "${DOMAIN}" | |
| ssl: false | |
| rewrite_ssl: false | |
| rewrite_www: false | |
| root: "/var/www/${DOMAIN}" | |
| index: "index.html" | |
| locations: | |
| - path: / | |
| type: upstream | |
| upstream: $(echo ${DOMAIN} | sed 's/\./-/g') | |
| schema: "http://" | |
| proxy_connect_timeout: 60s | |
| proxy_send_timeout: 60s | |
| proxy_read_timeout: 60s | |
| send_timeout: 60s | |
| proxy_redirect: off | |
| - path: /.well-known | |
| type: static | |
| roles: | |
| - egeneralov.nginx | |
| - hosts: ${DOMAIN} | |
| tasks: | |
| - file: | |
| path: "{{ item }}" | |
| state: directory | |
| owner: nginx | |
| group: nginx | |
| with_items: | |
| - "/etc/nginx/ssl/" | |
| - "/var/www/${DOMAIN}" | |
| - name: issue verify | |
| shell: "/root/.acme.sh/acme.sh --issue -d ${DOMAIN} -w /var/www/${DOMAIN}" | |
| failed_when: "'Verify error' in verify.stdout" | |
| register: verify | |
| - name: install cert | |
| shell: "/root/.acme.sh/acme.sh --install-cert -d ${DOMAIN} -w /var/www --fullchain-file '/etc/nginx/ssl/${DOMAIN}.crt' --key-file '/etc/nginx/ssl/${DOMAIN}.key' --reloadCmd 'systemctl reload nginx'" | |
| - hosts: ${DOMAIN} | |
| vars: | |
| upstreams: | |
| $(echo ${DOMAIN} | sed 's/\./-/g'): | |
| ip_hash: False | |
| proxy_to: | |
| - ${PROXY_TO} | |
| vhosts: | |
| - domain: "${DOMAIN}" | |
| ssl: true | |
| rewrite_ssl: true | |
| rewrite_www: false | |
| root: "/var/www/${DOMAIN}" | |
| index: "index.html" | |
| locations: | |
| - path: / | |
| type: upstream | |
| upstream: $(echo ${DOMAIN} | sed 's/\./-/g') | |
| schema: "http://" | |
| proxy_connect_timeout: 60s | |
| proxy_send_timeout: 60s | |
| proxy_read_timeout: 60s | |
| send_timeout: 60s | |
| proxy_redirect: off | |
| - path: /.well-known | |
| type: static | |
| roles: | |
| - egeneralov.nginx | |
| EOF | |
| ansible-playbook nginx.yml | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -xe | |
| # on remote server (ansible powered) | |
| DOMAIN=example.com | |
| cat << EOF > nginx.yml | |
| --- | |
| - hosts: localhost | |
| vars: | |
| vhosts: | |
| - domain: "${DOMAIN}" | |
| ssl: false | |
| rewrite_ssl: false | |
| rewrite_www: false | |
| root: "/var/www/${DOMAIN}" | |
| index: "index.html" | |
| locations: | |
| - path: / | |
| type: static | |
| roles: | |
| - egeneralov.nginx | |
| EOF | |
| ansible-playbook nginx.yml | |
| mkdir -p /etc/nginx/ssl/ /var/www/${DOMAIN} | |
| chown -R nginx:nginx /var/www/${DOMAIN} | |
| /root/.acme.sh/acme.sh --issue -d ${DOMAIN} -w /var/www/${DOMAIN} | |
| /root/.acme.sh/acme.sh \ | |
| --install-cert \ | |
| -d ${DOMAIN} \ | |
| -w /var/www \ | |
| --fullchain-file "/etc/nginx/ssl/${DOMAIN}.crt" \ | |
| --key-file "/etc/nginx/ssl/${DOMAIN}.key" \ | |
| --reloadCmd "systemctl reload nginx" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment