escuela-comun/abyayala
1
0
Fork 0
Code Issues 45 Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into rap

Browse Source
This commit is contained in:
Bet@
2024-09-10 12:01:55 -03:00
parent 836a58f37e 9aeed678e3
commit 20e13644f9
5 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
abyayala.yml
View File

@ -15,7 +15,7 @@ matrix:
- rakiduam
# END PROXY
# BEGIN NODES
- service_name: marmita
- service_name: marmite
domains:
- marmite.abyaya.la
nodo: marmite.comun

10
ansible.cfg
View File

@ -1,2 +1,12 @@
[defaults]
inventory = ./hosts.production
forks = 10
[ssh_connection]
ssh_args = -C -o ControlMaster=auto -o ControlPersist=1h -o PreferredAuthentications=publickey -o ForwardAgent=yes
control_path_dir = ~/.ansible/cp
control_path = /tmp/ssh-%%r@%%h:%%p
pipelining = True
scp_if_ssh = smart
transfer_method = smart
sftp_batch_mode = True

2
roles/certbot/tasks/certbot.yml
View File

@ -26,7 +26,7 @@
state: started
volumes:
- "{{ althost }}_certs_data:/etc/letsencrypt"
command: "--staging --non-interactive --agree-tos --email {{ webmaster_email }} certonly --preferred-challenges dns --authenticator dns-standalone --dns-standalone-address={{ host_ip }} --dns-standalone-port=53 --dns-standalone-propagation-seconds=1 -d {{ loop.domains[0] }} -d *.{{ loop.domains[0] }}"
command: "--non-interactive --agree-tos --email {{ webmaster_email }} certonly --preferred-challenges dns --authenticator dns-standalone --dns-standalone-address={{ host_ip }} --dns-standalone-port=53 --dns-standalone-propagation-seconds=60 {% for domain in loop.domains }} -d {{ domain }} -d *.{{ domain }} {% endfor %}"
detach: no
cleanup: yes
ports:

4
roles/proxy/templates/default_proxy.conf
View File

@ -1,15 +1,15 @@
# BEGIN PROXY
location / {
proxy_ssl_verify off;
proxy_ssl_name $comun;
proxy_ssl_server_name on;
proxy_ssl_name $ssl_server_name;
proxy_pass https://$comun_{{ vhost.nodo | replace(".", "_") }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
{% include "files/custom_proxy_includes/" ~ vhost.domains[0] ignore missing %}
}

2
roles/proxy/templates/vhost.conf
View File

@ -10,7 +10,7 @@ server {
listen 80;
resolver 127.0.0.1 valid=300s;
resolver 10.13.12.1 valid=300s;
resolver_timeout 5s;
{% if not needs_vhost and ((vhost.ssl | default(domains_default_ssl) ) or (vhost.force_https | default(domains_default_force_https))) %}