feat: re-add certbot confs

files/inception/srcs/docker-compose.yml

@@ -72,6 +72,7 @@ services:
     depends_on:
       - wordpress
     volumes:
+      - site_data:/var/www/wordpress
       - ./nginx/secure/:/etc/nginx/templates/
       - /etc/localtime:/etc/localtime:ro
       - ./nginx/certbot/conf:/etc/letsencrypt

files/inception/srcs/nginx/secure/default.conf.template

@@ -24,8 +24,8 @@ server {
     ssl_protocols TLSv1.2 TLSv1.3;
     ssl_certificate /etc/letsencrypt/live/${APP_DOMAIN}/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/${APP_DOMAIN}/privkey.pem;
-    # include /etc/letsencrypt/options-ssl-nginx.conf;
-    # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
     location ~ \.php$ {
         try_files $uri =404;

tasks/install-docker.yml

@@ -17,6 +17,7 @@
     pkg:
       - ca-certificates
       - curl
+      - make
     force: true
 
 - name: Add Docker GPG key and Repository

tasks/setup-and-start-app.yml

@@ -41,6 +41,16 @@
         state: present
       when: not ansible_check_mode
 
+    - name: Download recommended NGINX conf
+      ansible.builtin.get_url:
+        url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
+        dest: "{{ dest_dir }}/srcs/nginx/certbot/conf/options-ssl-nginx.conf"
+
+    - name: Download recommended TLS parameters
+      ansible.builtin.get_url:
+        url: https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem
+        dest: "{{ dest_dir }}/srcs/nginx/certbot/conf/ssl-dhparams.pem"
+
 
 - name: Run the app
   ansible.builtin.command: "make -C {{ dest_dir }}"