--- - name: Install the nginx web server as our HTTPS reverse-proxy hosts: health become: yes become_user: root vars: admin_email: emi@matchu.dev tasks: - name: Update the apt cache apt: update_cache: yes - name: Install nginx apt: name: nginx - name: Install certbot apt: name: - certbot - python3-certbot-nginx - name: Set up the SSL certificate for health.openneo.net command: "certbot certonly --nginx -n --agree-tos --email {{ admin_email }} --domains health.openneo.net" - name: Add glitchtip config file to nginx copy: dest: /etc/nginx/sites-available/glitchtip.conf content: | server { server_name health.openneo.net; listen 80; listen [::]:80; if ($host = health.openneo.net) { return 301 https://$host$request_uri; } } server { server_name health.openneo.net; listen 443; listen [::]:443 ssl; ssl_certificate /etc/letsencrypt/live/health.openneo.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/health.openneo.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127 # From GlitchTip recommended config client_max_body_size 40M; location / { proxy_pass http://127.0.0.1:8000; # From GlitchTip recommended config proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } notify: - Restart nginx - name: Enable glitchtip config file in nginx file: src: /etc/nginx/sites-available/glitchtip.conf dest: /etc/nginx/sites-enabled/glitchtip.conf state: link notify: - Restart nginx handlers: - name: Restart nginx systemd: name: nginx state: restarted