initial ansible setup

1 files changed, 43 insertions, 0 deletions

diff --git a/roles/webserver/files/user_conf.d/memzero.conf b/roles/webserver/files/user_conf.d/memzero.conf
new file mode 100644
index 0000000..5419eb8
--- /dev/null
+++ b/roles/webserver/files/user_conf.d/memzero.conf
@@ -0,0 +1,43 @@
+server {
+    # Listen to port 443 on both IPv4 and IPv6.
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    # Domain names this server should respond to.
+    server_name memzero.de www.memzero.de;
+
+    # Load the certificate files.
+    ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
+
+    # Load the Diffie-Hellman parameter.
+    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+
+    root /www/memzero;
+}
+
+server {
+    # Listen to port 443 on both IPv4 and IPv6.
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    # Domain names this server should respond to.
+    server_name git.memzero.de;
+
+    # Load the certificate files.
+    ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
+
+    # Load the Diffie-Hellman parameter.
+    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+
+    root /www/git;
+}
+
+server {
+    # Drop any request that does not match any of the other server names.
+    listen               443 ssl default_server;
+    ssl_reject_handshake on;
+}