Remove beta.impress.openneo.net from deploy setup
We're now all-in on impress.openneo.net for this box! One little wrinkle is that certbot was initially upset that I had already uploaded the copy-pasted certs from the other box to here, at the file path it expected to get to manage. So, I moved those to `/srv/impress/shared/temp-certs`, and changed the nginx config accordingly; and then deleted the original and let certbot control it!
This commit is contained in:
parent
56ce32b6cb
commit
29dd353895
2 changed files with 3 additions and 39 deletions
|
@ -1,3 +1,3 @@
|
||||||
# There is currently only one impress box in our Ansible inventory!
|
# There is currently only one impress box in our Ansible inventory!
|
||||||
[webserver]
|
[webserver]
|
||||||
beta.impress.openneo.net
|
impress.openneo.net
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
become_user: root
|
become_user: root
|
||||||
vars:
|
vars:
|
||||||
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
|
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
|
||||||
impress_hostname: beta.impress.openneo.net
|
impress_hostname: impress.openneo.net
|
||||||
tasks:
|
tasks:
|
||||||
- name: Create SSH folder for logged-in user
|
- name: Create SSH folder for logged-in user
|
||||||
become: no
|
become: no
|
||||||
|
@ -312,47 +312,11 @@
|
||||||
classic: yes
|
classic: yes
|
||||||
|
|
||||||
- name: Set up certbot
|
- name: Set up certbot
|
||||||
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains beta.impress.openneo.net"
|
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains {{ impress_hostname }}"
|
||||||
|
|
||||||
# TODO: Remove the duplication once we've fully switched over hosts!
|
|
||||||
# NOTE: I migrated over the certs manually, we'll want to have certbot
|
|
||||||
# replace them once it's recognized as impress.openneo.net!
|
|
||||||
- name: Add impress config file to nginx
|
- name: Add impress config file to nginx
|
||||||
copy:
|
copy:
|
||||||
content: |
|
content: |
|
||||||
server {
|
|
||||||
server_name impress.openneo.net;
|
|
||||||
listen 80;
|
|
||||||
if ($host = impress.openneo.net) {
|
|
||||||
return 301 https://$host$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name impress.openneo.net;
|
|
||||||
listen 443 ssl;
|
|
||||||
ssl_certificate /etc/letsencrypt/live/impress.openneo.net/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/impress.openneo.net/privkey.pem;
|
|
||||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
||||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
||||||
ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127
|
|
||||||
|
|
||||||
root /srv/impress/current/public;
|
|
||||||
|
|
||||||
# Try serving static files first. If not found, fall back to the app.
|
|
||||||
try_files $uri/index.html $uri @app;
|
|
||||||
|
|
||||||
location @app {
|
|
||||||
proxy_pass http://127.0.0.1:3000;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
|
||||||
proxy_set_header X-Forwarded-Server $host;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_redirect off;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
server {
|
||||||
server_name {{ impress_hostname }};
|
server_name {{ impress_hostname }};
|
||||||
listen 80;
|
listen 80;
|
||||||
|
|
Loading…
Reference in a new issue