diff --git a/files/inception/Makefile b/files/inception/Makefile index f619b53..e8d7cef 100644 --- a/files/inception/Makefile +++ b/files/inception/Makefile @@ -15,7 +15,7 @@ check_env: fi run : build - @docker compose $(CMPS) up -d -y + @docker compose $(CMPS) up nginx mariadb wordpress wp-cli -d -y build : check_env ${DATA_DIR} @docker compose $(CMPS) build diff --git a/files/inception/srcs/docker-compose.yml b/files/inception/srcs/docker-compose.yml index 8284376..57f81d0 100644 --- a/files/inception/srcs/docker-compose.yml +++ b/files/inception/srcs/docker-compose.yml @@ -95,9 +95,9 @@ services: - ./nginx/certbot/www:/var/www/certbot - ./nginx/99-autoreload.sh:/docker-entrypoint.d/99-autoreload.sh - # certbot: - # image: certbot/certbot - # volumes: - # - ./nginx/certbot/conf:/etc/letsencrypt - # - ./nginx/certbot/www:/var/www/certbot - # entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" \ No newline at end of file + certbot: + image: certbot/certbot + volumes: + - ./nginx/certbot/conf:/etc/letsencrypt + - ./nginx/certbot/www:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" \ No newline at end of file diff --git a/files/inception/srcs/nginx/99-autoreload.sh b/files/inception/srcs/nginx/99-autoreload.sh new file mode 100644 index 0000000..17548a3 --- /dev/null +++ b/files/inception/srcs/nginx/99-autoreload.sh @@ -0,0 +1,5 @@ +#!/bin/sh +while :; do + sleep 6h + nginx -t && nginx -s reload +done & \ No newline at end of file diff --git a/run.yml b/run.yml index a022429..0c0e865 100644 --- a/run.yml +++ b/run.yml @@ -5,4 +5,5 @@ tasks: - import_tasks: ./tasks/install-docker.yml - - import_tasks: ./tasks/setup-and-start-app.yml \ No newline at end of file + - import_tasks: ./tasks/setup-and-start-app.yml + - import_tasks: ./tasks/request-certificate.yml \ No newline at end of file diff --git a/tasks/request-certificate.yml b/tasks/request-certificate.yml new file mode 100644 index 0000000..5cfb475 --- /dev/null +++ b/tasks/request-certificate.yml @@ -0,0 +1,23 @@ + +- name: Request SSL certifiate to letsencrypt + block: + - name: Obtain or renew SSL certificate for {{ cert_domain }} + ansible.builtin.shell: | + sudo docker compose -f {{ dest_dir }}/srcs/docker-compose.yml run --rm --entrypoint \ + "certbot certonly --test-cert -d {{ cert_domain }} --webroot --webroot-path /var/www/certbot --agree-tos" certbot + args: + executable: /bin/bash + creates: "{{ dest_dir }}/srcs/nginx/conf/{{ cert_domain }}/fullchain.pem" + register: certbot_result + changed_when: "'Obtained a new certificate' in certbot_result.stdout or 'renewed' in certbot_result.stdout" + when: cert_domain is defined + ignore_errors: True + + - name: Restart nginx + ansible.builtin.shell: | + sudo docker compose -f {{ dest_dir }}/srcs/docker-compose.yml exec nginx nginx -s reload + + - name: Start certbot auto-renew + ansible.builtin.shell: | + sudo docker compose -f {{ dest_dir }}/srcs/docker-compose.yml up certbot -d -y + when: not is_local \ No newline at end of file