diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml
index cd7d754be493844dd1a3bb9532047534f543f9a3..9be951c759af3a919884f053818c60d8610fda1f 100644
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@@ -1,5 +1,6 @@
---
loc_nginx:
+ service_name: mailman
default_server: lists.crans.org
default_ssl_server: lists.crans.org
auth_passwd:
diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml
index 1d97f621c60a74340edc2dee5c6f012687e3153b..4f8d5101ed48035486bb88d554332eee7efa7b93 100644
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@@ -2,18 +2,23 @@
glob_nginx:
contact: contact@crans.org
who: "L'équipe technique du Cr@ns"
+ service_name: service
ssl:
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
- default_server:
- default_ssl_server:
servers:
- ssl: false
- server_name:
- - "default"
- - "_"
- root: "/var/www/html"
- locations:
- - filter: "/"
+ - ssl: false
+ server_name:
+ - "default"
+ - "_"
+ root: "/var/www/html"
+ locations:
+ - filter: "/"
+ params: []
upstreams: []
+
+ auth_passwd: []
+ default_server:
+ default_ssl_server:
+ deploy_robots_file: false
diff --git a/host_vars/charybde.adm.crans.org.yml b/host_vars/charybde.adm.crans.org.yml
index 0bda434fb40acafd37fcd6411d9e8c2e0933c052..625d329e3b54cf8016210e52ed1b4b18c40cd4fb 100644
--- a/host_vars/charybde.adm.crans.org.yml
+++ b/host_vars/charybde.adm.crans.org.yml
@@ -35,6 +35,7 @@ to_backup:
}
loc_nginx:
+ service_name: ftp
servers:
server_name:
- "ftp"
diff --git a/hosts b/hosts
index ce350a71d7bdbd45e7ff5e997a260d1d9c102a4e..13bbcb8b6efa56feac5f67a02d95dec14484d00c 100644
--- a/hosts
+++ b/hosts
@@ -23,6 +23,7 @@ belenios.adm.crans.org
[certbot:children]
dovecot
git
+irc
radius # We use certbot to manage LE certificates
reverseproxy
@@ -87,6 +88,7 @@ monitoring.adm.crans.org
charybde.adm.crans.org
[nginx:children]
+irc
mailman
reverseproxy
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 87721eae4aa9f188814721a21c675074e58b0d57..4d4179c8c3f0d268ad85161a12adf50f318c0c70 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -64,17 +64,17 @@
when: nginx.servers is defined and nginx.servers|length > 0
template:
src: "nginx/sites-available/service.j2"
- dest: "/etc/nginx/sites-available/service"
+ dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
owner: root
group: root
mode: 0644
notify: Reload nginx
- name: Activate local nginx service site
- when: nginx.servers|bool
+ when: nginx.servers is defined and nginx.servers|length > 0
file:
- src: "/etc/nginx/sites-available/service"
- dest: "/etc/nginx/sites-enabled/service"
+ src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
+ dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
owner: root
group: root
state: link
diff --git a/roles/nginx/templates/nginx/sites-available/service.j2 b/roles/nginx/templates/nginx/sites-available/service.j2
index 11afc9d5b4a3e6ab1060addf513b1d2c823cdd78..bf529e506b246f4a3e0c87c570a7f6dd47aad0aa 100644
--- a/roles/nginx/templates/nginx/sites-available/service.j2
+++ b/roles/nginx/templates/nginx/sites-available/service.j2
@@ -1,5 +1,12 @@
{{ ansible_header | comment }}
+# Automatic Connection header for WebSocket support
+# See http://nginx.org/en/docs/http/websocket.html
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
{% for upstream in nginx.upstreams -%}
upstream {{ upstream.name }} {
# Path of the server
@@ -45,7 +52,7 @@ server {
{% endif -%}
{% for server in nginx.servers %}
-{% if server.ssl -%}
+{% if server.ssl is defined and server.ssl -%}
# Redirect HTTP to HTTPS
server {
listen 80 default;