diff --git a/files/django-gunicorn-nginx.conf b/files/django-gunicorn-nginx.conf deleted file mode 100644 index de7710f917dc84976a8b3be6a02f8e1051a4177e..0000000000000000000000000000000000000000 --- a/files/django-gunicorn-nginx.conf +++ /dev/null @@ -1,14 +0,0 @@ -server_tokens off; -access_log /var/log/nginx/vlc.access.log; -error_log /var/log/nginx/vlc.error.log; - -# This configuration will be changed to redirect to HTTPS later -server { - server_name vlc.itn.liu.se; - listen 8080; - location / { - proxy_pass http://localhost:8000; - proxy_set_header Host $host; - } -} - diff --git a/files/vlc.conf b/files/vlc.conf index 63d87c5be9766e1f9d7e41c583409bef6465d8fb..756e3be018d87638415c4de026ee6ced0b97bf2a 100644 --- a/files/vlc.conf +++ b/files/vlc.conf @@ -2,28 +2,28 @@ access_log /var/log/nginx/vlc.access.log; error_log /var/log/nginx/vlc.error.log; server { - server_name vlc.itn.liu.se; - # ssl_protocols TLSv1.2 TLSv1.3; # duplicated in /etc/letsencrypt/options-ssl-nginx.conf + listen 80 ; + listen 443 ssl ; + listen [::]:443 ssl ; + charset utf-8 ; + ssl_certificate /etc/pki/tls/certs/letsencrypt-cert_chain-vlc.itn.liu.se.pem ; + ssl_certificate_key /etc/pki/tls/private/letsencrypt-vlc.itn.liu.se.key ; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 ; + ssl_ciphers HIGH:!aNULL:!MD5 ; + allow all ; + + server_name vlc.itn.liu.se ; + location / { #include proxy_params; proxy_pass http://unix:/run/gunicorn.sock; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } + location /static { autoindex on; alias /var/www/vlc/static/; } -} - -server { - if ($host = vlc.itn.liu.se) { - return 301 https://$host$request_uri; - } # managed by Certbot - - server_name vlc.itn.liu.se; - listen 80; - return 404; # managed by Certbot -} - +} \ No newline at end of file diff --git a/files/vlcinv.conf b/files/vlcinv.conf index ccce554d3e774bbabea37957425b77b33b89dfc9..92e24d2a84ee73ffc63639a4acc73ce8f6223bd7 100644 --- a/files/vlcinv.conf +++ b/files/vlcinv.conf @@ -2,17 +2,28 @@ access_log /var/log/nginx/vlcinv.access.log; error_log /var/log/nginx/vlcinv.error.log; server { - server_name vlcinv.itn.liu.se; - # ssl_protocols TLSv1.2 TLSv1.3; # duplicated in /etc/letsencrypt/options-ssl-nginx.conf + listen 80 ; + listen 443 ssl ; + listen [::]:443 ssl ; + charset utf-8 ; + ssl_certificate /etc/pki/tls/certs/letsencrypt-cert_chain-vlc.itn.liu.se.pem ; + ssl_certificate_key /etc/pki/tls/private/letsencrypt-vlc.itn.liu.se.key ; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3 ; + ssl_ciphers HIGH:!aNULL:!MD5 ; + allow all ; + + server_name vlcinv.itn.liu.se ; + location / { #include proxy_params; proxy_pass http://unix:/run/gunicorn_vlcinv.sock; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; } + location /static { autoindex on; alias /var/www/vlcinv/static/; } -} \ No newline at end of file +} diff --git a/manifests/nginx_cert.pp b/manifests/nginx_cert.pp index 610c88a1d8cba037c11b2b8744212a460b1886ba..3c8f29d3775dd2b961bc52d3ddf53dc675f84600 100644 --- a/manifests/nginx_cert.pp +++ b/manifests/nginx_cert.pp @@ -1,3 +1,4 @@ +#Certification class vlc::nginx_cert { $hostname = fact( 'networking.fqdn' ) $hostalias = ['vlcinv.itn.liu.se'] diff --git a/manifests/nginx_vlc.pp b/manifests/nginx_vlc.pp index 34b8dfdd4f81cd20191ee19bcdbca495ba8ac99c..5d2852e6256c67fbd378d551a55b103f03a3ccbc 100644 --- a/manifests/nginx_vlc.pp +++ b/manifests/nginx_vlc.pp @@ -4,32 +4,19 @@ class vlc::nginx_vlc () { $hostalias = [] include vlc::nginx_cert + $ssl_cert = fact("letsencrypt_certs.\"${hostname}\".files.combined") + $ssl_key = fact("letsencrypt_certs.\"${hostname}\".files.key") + package { 'nginx': ensure => 'installed', } + # inserf conf. files here file { '/etc/nginx/conf.d/vlc.conf': ensure => 'file', source => "puppet:///modules/${module_name}/vlc.conf", notify => Service['nginx'], } - file { '/etc/nginx/conf.d/django-gunicorn-nginx.conf': - ensure => 'absent', - source => "puppet:///modules/${module_name}/django-gunicorn-nginx.conf", - notify => Service['nginx'], - } - $ssl_cert = fact("letsencrypt_certs.\"${hostname}\".files.combined") - $ssl_key = fact("letsencrypt_certs.\"${hostname}\".files.key") - file { '/etc/nginx/conf.d/ssl.conf': - ensure => 'file', - content => epp( "${module_name}/ssl.conf.epp", { - hostname => $hostname, - hostalias => $hostalias, - ssl_certificate => $ssl_cert, - ssl_certificate_key => $ssl_key, - }), - notify => Service['nginx'], - } # housekeeping service { 'nginx':