nginx.conf, auto renewal ssl certificate

skyderby · Mar 16, 2018 · 75e7b5a · 75e7b5a
1 parent bf57221
commit 75e7b5a
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -4,4 +4,4 @@ dhparam.pem
 group_vars/aws.yml
 roles/monit/vars/mail.yml
 
-site.retry
+*.retry
diff --git a/roles/application/files/cron/renew_certificate.sh b/roles/application/files/cron/renew_certificate.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+docker run --rm \
+  --volumes-from  skyderby_app_1 \
+  -v /etc/letsencrypt:/etc/letsencrypt \
+  certbot/certbot certonly \
+    --webroot \
+    --email [email protected] \
+    -d skyderby.ru \
+    -d www.skyderby.ru \
+    -w /opt/app/public \
+  >> /root/cron_logs/renew_certificate.log 2>&1
+
+docker restart skyderby_web_1 >> /root/cron_logs/renew_certificate.log 2>&1
diff --git a/roles/application/files/nginx/nginx.conf b/roles/application/files/nginx/nginx.conf
@@ -81,7 +81,7 @@ http {
   }
 
   server {
-    server_name skyderby.ru;
+    server_name skyderby.ru www.skyderby.ru;
     listen 80;
     return 301 https://skyderby.ru$request_uri;
   }
@@ -138,6 +138,17 @@ http {
       add_header Cache-Control public;
     }
 
+    location ^~ /packs/ {
+      gzip_static on;
+      expires max;
+      add_header Cache-Control public;
+    }
+
+    location ~* \.(png|jpg|jpeg|gif|ico)$ {
+      expires max;
+      add_header Cache-Control public;
+    }
+
     location @app {
       # an HTTP header important enough to have its own Wikipedia entry:
       #   http://en.wikipedia.org/wiki/X-Forwarded-For

diff --git a/roles/application/tasks/autorenew_certificate.yml b/roles/application/tasks/autorenew_certificate.yml
@@ -0,0 +1,16 @@
+---
+- name: Copy cron script
+  copy:
+    src: ../files/cron/renew_certificate.sh
+    dest: /root/cron_scripts/
+    mode: 500
+  tags: certbot
+
+- name: Cron job | Renew certificate
+  cron:
+    name: Renew SSL certificate
+    minute: 0
+    hour: 7
+    day: 10
+    job: /root/cron_scripts/renew_certificate.sh
+  tags: certbot
diff --git a/roles/application/tasks/main.yml b/roles/application/tasks/main.yml
@@ -3,3 +3,4 @@
 - import_tasks: nginx.yml
 - import_tasks: postgres.yml
 - import_tasks: compose_configuration.yml
+- import_tasks: autorenew_certificate.yml
diff --git a/roles/docker/vars/main.yml b/roles/docker/vars/main.yml
@@ -10,7 +10,7 @@ apt_repository: "deb [arch=amd64] https://download.docker.com/linux/{{ ansible_d
 
 # Version and edition
 docker_edition: ce
-docker_version: 17.12.0
+docker_version: 17.12.1
 docker_distribution: '{{ ansible_local.core.distribution
                          if (ansible_local|d() and ansible_local.core|d() and
                              ansible_local.core.distribution|d())

diff --git a/rolling_update.yml b/rolling_update.yml
@@ -69,9 +69,3 @@
     - name: Clean old images
       shell: docker rmi $(docker images --filter "dangling=true" -q --no-trunc)
       ignore_errors: yes
-
-  post_tasks:
-    - name: Cleanup maintenance setup files
-      file:
-        state: absent
-        path: "{{ app_home }}/maintenance"