diff --git a/README.md b/README.md index ba842fc..4abe21e 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ ansible-pull \ -U ssh://git@gitea.agofer.net:22001/jegomez/ansible-role-launch-container.git \ -e nombre= \ --vault-password-file ~/.vault_pass.txt \ + -l localhost,nginx \ -i hosts ``` diff --git a/local.yml b/local.yml index 51b42fd..5117fd6 100644 --- a/local.yml +++ b/local.yml @@ -25,4 +25,4 @@ dominio: agofer.net ansible_python_interpreter: python3 ansible_connection: lxd - ansible_host: nginx + ansible_host: local:nginx diff --git a/roles/lxchost/tasks/main.yml b/roles/lxchost/tasks/main.yml index b03a5b2..868f7ec 100644 --- a/roles/lxchost/tasks/main.yml +++ b/roles/lxchost/tasks/main.yml @@ -8,7 +8,8 @@ - name: Launch LXD container lxd_container: name: '{{ container }}' - ephemeral: yes + ephemeral: no + profiles: ['odoo8'] source: type: image mode: pull @@ -16,7 +17,6 @@ protocol: simplestreams fingerprint: 39a93d0b3552 -# profiles: ['odoo8'] # alias: ubuntu/18.04 - name: Register DNS CNAME alias using Dreamhost API diff --git a/roles/nginxproxy/tasks/main.yml b/roles/nginxproxy/tasks/main.yml index 8a24789..669cfd4 100644 --- a/roles/nginxproxy/tasks/main.yml +++ b/roles/nginxproxy/tasks/main.yml @@ -24,8 +24,23 @@ - name: Request Let's Encrypt certificate command: - cmd: 'certbot --redirect --agree-tos -m {{ email }} --hsts --nginx -n -d {{ nombre | lower }}.{{ dominio }}' + cmd: 'certbot --redirect --agree-tos -m {{ email }} --hsts --nginx -n -d {{ container }}.{{ dominio }}' +# Certbot doesn't add proxy_protocol. +# (https://github.com/certbot/certbot/issues/8057) + +- name: Use Proxy protocol in port 443 + lineinfile: + path: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf' + line: ' listen 443 ssl proxy_protocol;' + regexp: '^ listen 443' + +- name: Use Proxy protocol in port 443 IPv6 + lineinfile: + path: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf' + line: ' listen [::]:443 ssl proxy_protocol;' + regexp: '^ listen .....443' + - name: Restart Nginx again systemd: name: nginx