From 272d0aa82b5cf3d735047f18b1b988f7e1e2e0a7 Mon Sep 17 00:00:00 2001 From: "Ivo C.S. Wingelaar" Date: Sun, 20 Oct 2024 11:16:08 +0200 Subject: [PATCH] Make cert location configurable for nginx site This is slight hack that I want to fix in the future. It is motivated by the fact that the certbot certificate is valid for all domains that are requested, instead of a certificate-per-domain. --- roles/nginx/tasks/main.yml | 1 + roles/nginx/templates/nginx-server.j2 | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 42f6034..b1e895c 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -30,6 +30,7 @@ vars: site_name: "{{ item['name'] }}" site_port: "{{ item['port'] }}" + site_cert: "{{ item['cert'] }}" - name: Disable default nginx site ansible.builtin.file: diff --git a/roles/nginx/templates/nginx-server.j2 b/roles/nginx/templates/nginx-server.j2 index 3289192..9713456 100644 --- a/roles/nginx/templates/nginx-server.j2 +++ b/roles/nginx/templates/nginx-server.j2 @@ -5,8 +5,8 @@ server { server_name {{ site_name }}; - ssl_certificate {{ nginx_certificate_path }}/{{ site_name }}/fullchain.pem; - ssl_certificate_key {{ nginx_certificate_path }}/{{ site_name }}/privkey.pem; + ssl_certificate {{ nginx_certificate_path }}/{{ site_cert }}/fullchain.pem; + ssl_certificate_key {{ nginx_certificate_path }}/{{ site_cert }}/privkey.pem; {% if auth %} auth_basic "SCE";