From 29dd353895cc6595e89e4f30143628aa8cde26c1 Mon Sep 17 00:00:00 2001 From: Matchu Date: Wed, 25 Oct 2023 15:15:46 -0700 Subject: [PATCH] Remove beta.impress.openneo.net from deploy setup We're now all-in on impress.openneo.net for this box! One little wrinkle is that certbot was initially upset that I had already uploaded the copy-pasted certs from the other box to here, at the file path it expected to get to manage. So, I moved those to `/srv/impress/shared/temp-certs`, and changed the nginx config accordingly; and then deleted the original and let certbot control it! --- deploy/inventory.cfg | 2 +- deploy/setup.yml | 40 ++-------------------------------------- 2 files changed, 3 insertions(+), 39 deletions(-) diff --git a/deploy/inventory.cfg b/deploy/inventory.cfg index 7a93711e..57d6f8b8 100644 --- a/deploy/inventory.cfg +++ b/deploy/inventory.cfg @@ -1,3 +1,3 @@ # There is currently only one impress box in our Ansible inventory! [webserver] -beta.impress.openneo.net +impress.openneo.net diff --git a/deploy/setup.yml b/deploy/setup.yml index c9b06558..2375ed70 100644 --- a/deploy/setup.yml +++ b/deploy/setup.yml @@ -5,7 +5,7 @@ become_user: root vars: email_address: "emi@matchu.dev" # TODO: Extract this to personal config? - impress_hostname: beta.impress.openneo.net + impress_hostname: impress.openneo.net tasks: - name: Create SSH folder for logged-in user become: no @@ -312,47 +312,11 @@ classic: yes - name: Set up certbot - command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains beta.impress.openneo.net" + command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains {{ impress_hostname }}" - # TODO: Remove the duplication once we've fully switched over hosts! - # NOTE: I migrated over the certs manually, we'll want to have certbot - # replace them once it's recognized as impress.openneo.net! - name: Add impress config file to nginx copy: content: | - server { - server_name impress.openneo.net; - listen 80; - if ($host = impress.openneo.net) { - return 301 https://$host$request_uri; - } - } - - server { - server_name impress.openneo.net; - listen 443 ssl; - ssl_certificate /etc/letsencrypt/live/impress.openneo.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/impress.openneo.net/privkey.pem; - include /etc/letsencrypt/options-ssl-nginx.conf; - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; - ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127 - - root /srv/impress/current/public; - - # Try serving static files first. If not found, fall back to the app. - try_files $uri/index.html $uri @app; - - location @app { - proxy_pass http://127.0.0.1:3000; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header Host $http_host; - proxy_redirect off; - } - } - server { server_name {{ impress_hostname }}; listen 80;