Update type for non cloud.ungleich.ch domains

This commit is contained in:
Nico Schottelius 2018-12-05 13:29:09 +01:00
parent 43fd762d9c
commit f2b210f4df
2 changed files with 26 additions and 15 deletions

View file

@ -2,19 +2,12 @@ upstream php-handler {
server unix:/run/php/php7.0-fpm.sock;
}
server {
listen [::]:80;
server_name cloud.ungleich.ch;
# enforce https
return 301 https://$server_name$request_uri;
}
server {
listen [::]:443 ssl;
server_name cloud.ungleich.ch;
server_name DOMAIN;
ssl_certificate /etc/ssl/certs/star.ungleich.ch.crt;
ssl_certificate_key /etc/ssl/private/star.ungleich.ch.key;
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
# Add headers to serve security related headers
# Before enabling Strict-Transport-Security headers please read into this

View file

@ -1,6 +1,7 @@
#!/bin/sh
#
# 2017 ungleich GmbH (cdist at ungleich.ch)
# 2018 ungleich glarus ag (cdist at ungleich.ch)
#
# This file is part of cdist.
#
@ -43,6 +44,8 @@ db_user=$(cat "$__object/parameter/db-user")
db_name=$(cat "$__object/parameter/db-name")
domain=$(cat "$__object/parameter/domain")
tmpdir="$__object/files"
mkdir "$tmpdir"
__apt_key_uri dotdeb --uri https://www.dotdeb.org/dotdeb.gpg
require="__apt_key_uri/dotdeb" __apt_source dotdeb --uri http://packages.dotdeb.org \
@ -64,19 +67,34 @@ __package curl --state=present
# Configure packages
## PHP 7
require="__package/php7.0-fpm" __file /etc/php/7.0/fpm/pool.d/www.conf \
--owner root --group root --mode 644 --source "$__type/files/fpm.conf"
## Nginx
require="__package/nginx" __file /etc/nginx/sites-enabled/nextcloud --owner www-data \
--group www-data --mode 755 --source "$__type/files/nextcloud.nginx"
### HTTP only server to allow access
__ungleich_http_server_ssl_redirect_letsencrypt --webroot /var/www/html/ "$domain"
### Get the certificates
require="__ungleich_http_server_ssl_redirect_letsencrypt/$domain" \
__letsencrypt_cert --admin-email technik@ungleich.ch \
--webroot /var/www/html/ \
--renew-hook "service nginx reload" \
--domain "$domain" --automatic-renewal \
"$domain"
### The SSL configuration
sed "s/DOMAIN/$domain/" "$__type/files/nextcloud.nginx" > "$tmpdir/nginx"
require="__letsencrypt_cert/$domain __package/nginx" __file /etc/nginx/sites-enabled/nextcloud \
--owner www-data \
--group www-data \
--mode 755 \
--source "$tmpdir/nginx"
## Postgres
require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}"\
require="__package/postgresql" __postgres_role "${db_user}" --password "${db_pass}" \
--login --createdb
require="__package/postgresql __postgres_role/${db_user}" __postgres_database "${db_name}"\