diff --git a/deploy/ansible/roles/galaxy_media_site/tasks/main.yml b/deploy/ansible/roles/galaxy_media_site/tasks/main.yml index 549dd94..03335ba 100644 --- a/deploy/ansible/roles/galaxy_media_site/tasks/main.yml +++ b/deploy/ansible/roles/galaxy_media_site/tasks/main.yml @@ -1,5 +1,15 @@ --- +- name: Check whether SSL certificate is already installed + ansible.builtin.shell: "certbot certificates" + register: certbot_certificates + changed_when: false + +- name: Set ssl_cert_exists fact from certbot output + ansible.builtin.set_fact: + ssl_cert_exists: "{{ true if inventory_hostname in certbot_certificates.stdout else false }}" + changed_when: false + - name: create server directory file: path: "{{ server_root }}" diff --git a/deploy/ansible/roles/galaxy_media_site/templates/nginx.vhost.j2 b/deploy/ansible/roles/galaxy_media_site/templates/nginx.vhost.j2 index 547a3b1..2acdde2 100644 --- a/deploy/ansible/roles/galaxy_media_site/templates/nginx.vhost.j2 +++ b/deploy/ansible/roles/galaxy_media_site/templates/nginx.vhost.j2 @@ -46,4 +46,26 @@ server { client_max_body_size 1000m; } + {% if ssl_cert_exists %} + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/gms.neoformit.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/gms.neoformit.com/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + {% endif %} + +} + +{% if ssl_cert_exists %} +server { + + if ($host = gms.neoformit.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80; + server_name gms.neoformit.com; + return 404; # managed by Certbot + } +{% endif %}