Update type for non cloud.ungleich.ch domains
This commit is contained in:
Nico Schottelius
parent
43fd762d9c
commit
f2b210f4df
2 changed files with 26 additions and 15 deletions
|
|
@ -2,19 +2,12 @@ upstream php-handler {
|
|||
server unix:/run/php/php7.0-fpm.sock;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:80;
|
||||
server_name cloud.ungleich.ch;
|
||||
# enforce https
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [::]:443 ssl;
|
||||
server_name cloud.ungleich.ch;
|
||||
server_name DOMAIN;
|
||||
|
||||
ssl_certificate /etc/ssl/certs/star.ungleich.ch.crt;
|
||||
ssl_certificate_key /etc/ssl/private/star.ungleich.ch.key;
|
||||
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
|
||||
|
||||
# Add headers to serve security related headers
|
||||
# Before enabling Strict-Transport-Security headers please read into this
|
||||
|
|
|
|||
26
manifest
26
manifest
|
|
@ -1,6 +1,7 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# 2017 ungleich GmbH (cdist at ungleich.ch)
|
||||
# 2018 ungleich glarus ag (cdist at ungleich.ch)
|
||||
#
|
||||
# This file is part of cdist.
|
||||
#
|
||||
|
|
@ -43,6 +44,8 @@ db_user=$(cat "$__object/parameter/db-user")
|
|||
db_name=$(cat "$__object/parameter/db-name")
|
||||
domain=$(cat "$__object/parameter/domain")
|
||||
|
||||
tmpdir="$__object/files"
|
||||
mkdir "$tmpdir"
|
||||
|
||||
__apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg
|
||||
require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \
|
||||
|
|
@ -64,16 +67,31 @@ __package curl --state=present
|
|||
|
||||
# Configure packages
|
||||
## PHP 7
|
||||
|
||||
|
||||
require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \
|
||||
--owner root --group root --mode 644 --source "$__type/files/fpm.conf"
|
||||
|
||||
|
||||
|
||||
## Nginx
|
||||
require="__package/nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www-data \
|
||||
--group www-data --mode 755 --source "$__type/files/nextcloud.nginx"
|
||||
### HTTP only server to allow access
|
||||
__ungleich_http_server_ssl_redirect_letsencrypt --webroot /var/www/html/ "$domain"
|
||||
|
||||
### Get the certificates
|
||||
require="__ungleich_http_server_ssl_redirect_letsencrypt/$domain" \
|
||||
__letsencrypt_cert --admin-email technik@ungleich.ch \
|
||||
--webroot /var/www/html/ \
|
||||
--renew-hook "service nginx reload" \
|
||||
--domain "$domain" --automatic-renewal \
|
||||
"$domain"
|
||||
|
||||
### The SSL configuration
|
||||
sed "s/DOMAIN/$domain/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx"
|
||||
require="__letsencrypt_cert/$domain __package/nginx" __file /etc/nginx/sites-enabled/nextcloud \
|
||||
--owner www-data \
|
||||
--group www-data \
|
||||
--mode 755 \
|
||||
--source "$tmpdir/nginx"
|
||||
|
||||
|
||||
## Postgres
|
||||
require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}" \
|
||||
|
|
|
|||
Loading…
Reference in a new issue