commit b07f3f380128a6e113d72a634356c0f15106dafb parent 3011deaaff47ee3fa2982b3d5c5ee6a2203ed05c Author: Christian Grothoff <christian@grothoff.org> Date: Sun, 22 Dec 2024 20:06:50 +0100 enable SSL properly Diffstat:
10 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/roles/auditor/tasks/main.yml b/roles/auditor/tasks/main.yml @@ -65,7 +65,7 @@ certbot_create_if_missing: true certbot_create_extra_args: certbot_hsts: false - certbot_testmode: true + certbot_testmode: false certbot_admin_email: "admin@{{ DOMAIN_NAME }}" certbot_keep_updated: true certbot_script: letsencrypt diff --git a/roles/auditor/templates/etc/nginx/sites-available/auditor-nginx.conf.j2 b/roles/auditor/templates/etc/nginx/sites-available/auditor-nginx.conf.j2 @@ -1,7 +1,7 @@ server { - listen 443; - listen [::]:443; + listen 443 ssl; + listen [::]:443 ssl; # Do not identify as nginx server_tokens off; diff --git a/roles/challenger/tasks/main.yml b/roles/challenger/tasks/main.yml @@ -302,7 +302,7 @@ certbot_create_if_missing: true certbot_create_extra_args: certbot_hsts: false - certbot_testmode: true + certbot_testmode: false certbot_admin_email: "admin@{{ DOMAIN_NAME }}" certbot_keep_updated: true certbot_script: letsencrypt @@ -325,7 +325,7 @@ certbot_create_if_missing: true certbot_create_extra_args: certbot_hsts: false - certbot_testmode: true + certbot_testmode: false certbot_admin_email: "admin@{{ DOMAIN_NAME }}" certbot_keep_updated: true certbot_script: letsencrypt @@ -349,7 +349,7 @@ certbot_create_if_missing: true certbot_create_extra_args: certbot_hsts: false - certbot_testmode: true + certbot_testmode: false certbot_admin_postal: "admin@{{ DOMAIN_NAME }}" certbot_keep_updated: true certbot_script: letsencrypt diff --git a/roles/challenger/templates/etc/nginx/sites-available/email-challenger-nginx.conf.j2 b/roles/challenger/templates/etc/nginx/sites-available/email-challenger-nginx.conf.j2 @@ -1,7 +1,7 @@ server { - listen 443; - listen [::]:443; + listen 443 ssl; + listen [::]:443 ssl; # Do not identify as nginx server_tokens off; diff --git a/roles/challenger/templates/etc/nginx/sites-available/postal-challenger-nginx.conf.j2 b/roles/challenger/templates/etc/nginx/sites-available/postal-challenger-nginx.conf.j2 @@ -1,7 +1,7 @@ server { - listen 443; - listen [::]:443; + listen 443 ssl; + listen [::]:443 ssl; # Do not identify as nginx server_tokens off; diff --git a/roles/challenger/templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2 b/roles/challenger/templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2 @@ -1,7 +1,7 @@ server { - listen 443; - listen [::]:443; + listen 443 ssl; + listen [::]:443 ssl; # Do not identify as nginx server_tokens off; diff --git a/roles/exchange/tasks/main.yml b/roles/exchange/tasks/main.yml @@ -49,7 +49,7 @@ certbot_create_if_missing: true certbot_create_extra_args: certbot_hsts: false - certbot_testmode: true + certbot_testmode: false certbot_admin_email: "admin@{{ DOMAIN_NAME }}" certbot_keep_updated: true certbot_script: letsencrypt diff --git a/roles/exchange/templates/etc/nginx/sites-available/exchange-nginx.conf.j2 b/roles/exchange/templates/etc/nginx/sites-available/exchange-nginx.conf.j2 @@ -1,7 +1,7 @@ server { - listen 443; - listen [::]:443; + listen 443 ssl; + listen [::]:443 ssl; # Do not identify as nginx server_tokens off; diff --git a/roles/monitoring/tasks/main.yml b/roles/monitoring/tasks/main.yml @@ -62,7 +62,7 @@ certbot_create_if_missing: true certbot_create_extra_args: certbot_hsts: false - certbot_testmode: true + certbot_testmode: false certbot_admin_email: "admin@{{ DOMAIN_NAME }}" certbot_keep_updated: true certbot_script: letsencrypt diff --git a/roles/monitoring/templates/etc/nginx/sites-available/monitoring-nginx.conf.j2 b/roles/monitoring/templates/etc/nginx/sites-available/monitoring-nginx.conf.j2 @@ -1,7 +1,7 @@ server { - listen 443; - listen [::]:443; + listen 443 ssl; + listen [::]:443 ssl; # Do not identify as nginx server_tokens off;