[ADD] Nginx reset conf file ให้ถูกกับสถานะว่ามี SSL หรือไม่

wdrdres3qew5ts21 · Jun 11, 2020 · e0fba01 · e0fba01
1 parent 7d02165
commit e0fba01
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 2 deletions.
diff --git a/Ansible-ELK-Stack/roles/generate_certificate/tasks/main.yml b/Ansible-ELK-Stack/roles/generate_certificate/tasks/main.yml
@@ -36,6 +36,10 @@
 
 - name: Setup Nginx SSL Template
   template:
-    src: nginx.conf
+    src: nginx_add_ssl.conf
     dest: /etc/nginx/nginx.conf
-    force: yes
+    force: yes
+
+- name: Reload Nginx
+  command: nginx -s reload
+
diff --git a/...generate_certificate/templates/nginx.conf → ..._certificate/templates/nginx_add_ssl.conf b/...generate_certificate/templates/nginx.conf → ..._certificate/templates/nginx_add_ssl.conf
diff --git a/Ansible-ELK-Stack/roles/revoke_certificate/tasks/main.yml b/Ansible-ELK-Stack/roles/revoke_certificate/tasks/main.yml
@@ -12,4 +12,14 @@
   command: certbot revoke --non-interactive --cert-path /etc/letsencrypt/live/{{ certificate_server_name }}/cert.pem 
   when: deployment_plan == "production"
 
+- name: Setup Nginx SSL Template
+  template:
+    src: nginx_remove_ssl.conf
+    dest: /etc/nginx/nginx.conf
+    force: yes
+
+- name: Reload Nginx
+  command: nginx -s reload
+
+
 
diff --git a/Ansible-ELK-Stack/roles/revoke_certificate/tasks/nginx_remove_ssl.conf b/Ansible-ELK-Stack/roles/revoke_certificate/tasks/nginx_remove_ssl.conf
@@ -0,0 +1,57 @@
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        listen       80 default_server;
+        listen       [::]:80 default_server;
+        server_name  {{ certificate_server_name }};
+        root         /usr/share/nginx/html;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        location / {
+        }
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+
+    }
+
+}
+