1
0
Fork 0
forked from OpenNeo/impress

Remove beta.impress.openneo.net from deploy setup

We're now all-in on impress.openneo.net for this box!

One little wrinkle is that certbot was initially upset that I had
already uploaded the copy-pasted certs from the other box to here, at
the file path it expected to get to manage. So, I moved those to
`/srv/impress/shared/temp-certs`, and changed the nginx config
accordingly; and then deleted the original and let certbot control it!
This commit is contained in:
Emi Matchu 2023-10-25 15:15:46 -07:00
parent 56ce32b6cb
commit 29dd353895
2 changed files with 3 additions and 39 deletions

View file

@ -1,3 +1,3 @@
# There is currently only one impress box in our Ansible inventory!
[webserver]
beta.impress.openneo.net
impress.openneo.net

View file

@ -5,7 +5,7 @@
become_user: root
vars:
email_address: "emi@matchu.dev" # TODO: Extract this to personal config?
impress_hostname: beta.impress.openneo.net
impress_hostname: impress.openneo.net
tasks:
- name: Create SSH folder for logged-in user
become: no
@ -312,47 +312,11 @@
classic: yes
- name: Set up certbot
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains beta.impress.openneo.net"
command: "certbot certonly --nginx -n --agree-tos --email {{ email_address }} --domains {{ impress_hostname }}"
# TODO: Remove the duplication once we've fully switched over hosts!
# NOTE: I migrated over the certs manually, we'll want to have certbot
# replace them once it's recognized as impress.openneo.net!
- name: Add impress config file to nginx
copy:
content: |
server {
server_name impress.openneo.net;
listen 80;
if ($host = impress.openneo.net) {
return 301 https://$host$request_uri;
}
}
server {
server_name impress.openneo.net;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/impress.openneo.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/impress.openneo.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127
root /srv/impress/current/public;
# Try serving static files first. If not found, fall back to the app.
try_files $uri/index.html $uri @app;
location @app {
proxy_pass http://127.0.0.1:3000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host $http_host;
proxy_redirect off;
}
}
server {
server_name {{ impress_hostname }};
listen 80;