Fix certbot tasks and nginx template

usegalaxy-au · Sep 30, 2024 · 3cce8e4 · 3cce8e4
1 parent 82b4dc3
commit 3cce8e4
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/deploy/ansible/roles/galaxy_media_site/tasks/main.yml b/deploy/ansible/roles/galaxy_media_site/tasks/main.yml
@@ -1,5 +1,15 @@
 ---
 
+- name: Check whether SSL certificate is already installed
+  ansible.builtin.shell: "certbot certificates"
+  register: certbot_certificates
+  changed_when: false
+
+- name: Set ssl_cert_exists fact from certbot output
+  ansible.builtin.set_fact:
+    ssl_cert_exists: "{{ true if inventory_hostname in certbot_certificates.stdout else false }}"
+  changed_when: false
+
 - name: create server directory
   file:
     path: "{{ server_root }}"

diff --git a/deploy/ansible/roles/galaxy_media_site/templates/nginx.vhost.j2 b/deploy/ansible/roles/galaxy_media_site/templates/nginx.vhost.j2
@@ -46,4 +46,26 @@ server {
         client_max_body_size  1000m;
     }
 
+    {% if ssl_cert_exists %}
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/gms.neoformit.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/gms.neoformit.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    {% endif %}
+
+}
+
+{% if ssl_cert_exists %}
+server {
+
+    if ($host = gms.neoformit.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    listen 80;
+    server_name  gms.neoformit.com;
+    return 404; # managed by Certbot
+
 }
+{% endif %}