Make cert location configurable for nginx site

This is slight hack that I want to fix in the future. It is motivated by the fact that the certbot certificate is valid for all domains that are requested, instead of a certificate-per-domain.
Use HTTP/2 for nginx
2024-10-20 11:16:08 +02:00 · 2024-10-19 19:53:28 +02:00
2 changed files with 5 additions and 4 deletions
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -30,6 +30,7 @@
  vars:
    site_name: "{{ item['name'] }}"
    site_port: "{{ item['port'] }}"
+    site_cert: "{{ item['cert'] }}"

 - name: Disable default nginx site
  ansible.builtin.file:
--- a/roles/nginx/templates/nginx-server.j2
+++ b/roles/nginx/templates/nginx-server.j2
@ -1,12 +1,12 @@
 # {{ ansible_managed }}
 server {
-  listen 443 ssl;
-  listen [::]:443 ssl;
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;

  server_name {{ site_name }};

-  ssl_certificate {{ nginx_certificate_path }}/{{ site_name }}/fullchain.pem;
-  ssl_certificate_key {{ nginx_certificate_path }}/{{ site_name }}/privkey.pem;
+  ssl_certificate {{ nginx_certificate_path }}/{{ site_cert }}/fullchain.pem;
+  ssl_certificate_key {{ nginx_certificate_path }}/{{ site_cert }}/privkey.pem;

 {% if auth %}
  auth_basic "SCE";
Author	SHA1	Message	Date
Ivo C.S. Wingelaar	272d0aa82b	Make cert location configurable for nginx site This is slight hack that I want to fix in the future. It is motivated by the fact that the certbot certificate is valid for all domains that are requested, instead of a certificate-per-domain.	2024-10-20 11:16:08 +02:00
Ivo C.S. Wingelaar	f9d480335f	Use HTTP/2 for nginx	2024-10-19 19:53:28 +02:00