aboutsummaryrefslogtreecommitdiff
path: root/roles/webserver/files/user_conf.d
diff options
context:
space:
mode:
authorJohannes Stoelp <johannes.stoelp@gmail.com>2022-12-05 21:42:17 +0100
committerJohannes Stoelp <johannes.stoelp@gmail.com>2022-12-05 21:42:17 +0100
commit3b040fac09eb158caf963d7c956610f99f8e0c17 (patch)
treea39b2297abf2d404e1c974aebdd2fb17ffa2de69 /roles/webserver/files/user_conf.d
downloadansible-memzero-3b040fac09eb158caf963d7c956610f99f8e0c17.tar.gz
ansible-memzero-3b040fac09eb158caf963d7c956610f99f8e0c17.zip
initial ansible setup
Diffstat (limited to 'roles/webserver/files/user_conf.d')
-rw-r--r--roles/webserver/files/user_conf.d/memzero.conf43
1 files changed, 43 insertions, 0 deletions
diff --git a/roles/webserver/files/user_conf.d/memzero.conf b/roles/webserver/files/user_conf.d/memzero.conf
new file mode 100644
index 0000000..5419eb8
--- /dev/null
+++ b/roles/webserver/files/user_conf.d/memzero.conf
@@ -0,0 +1,43 @@
+server {
+ # Listen to port 443 on both IPv4 and IPv6.
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ # Domain names this server should respond to.
+ server_name memzero.de www.memzero.de;
+
+ # Load the certificate files.
+ ssl_certificate /etc/letsencrypt/live/memzero/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/memzero/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
+
+ # Load the Diffie-Hellman parameter.
+ ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+
+ root /www/memzero;
+}
+
+server {
+ # Listen to port 443 on both IPv4 and IPv6.
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ # Domain names this server should respond to.
+ server_name git.memzero.de;
+
+ # Load the certificate files.
+ ssl_certificate /etc/letsencrypt/live/memzero/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/memzero/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
+
+ # Load the Diffie-Hellman parameter.
+ ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+
+ root /www/git;
+}
+
+server {
+ # Drop any request that does not match any of the other server names.
+ listen 443 ssl default_server;
+ ssl_reject_handshake on;
+}