lucabon/webserver

Fork 0

forked from fsfe-system-hackers/webserver

Go to file

This branch is 29 commits behind fsfe-system-hackers/webserver:master

Linus Sehn 993b306290 Trying to properly proxypass to Luca's ebook generator

2023-02-14 17:15:26 +01:00

files

provide rrsync

2022-08-25 17:06:54 +02:00

group_vars

make ip_proxy vars global per host+

2021-10-13 16:26:14 +02:00

host_vars

Trying to properly proxypass to Luca's ebook generator

2023-02-14 17:15:26 +01:00

inventory @ de8e53f300

Bump inventory

2022-12-14 13:06:03 +01:00

roles

Trying to properly proxypass to Luca's ebook generator

2023-02-14 17:15:26 +01:00

.drone.yml

adding drone CI for docs sync

2023-01-13 15:48:52 +01:00

.gitignore

initial apache+letsencrypt setup

2018-07-09 11:22:01 +02:00

.gitmodules

prepare cert deployment via acme-dns

2021-10-12 12:52:00 +02:00

ansible.cfg

Set remote_user in ansible.cfg

2023-01-11 09:05:51 +01:00

COPYING

initial apache+letsencrypt setup

2018-07-09 11:22:01 +02:00

playbook.yaml

provide rrsync

2022-08-25 17:06:54 +02:00

README.md

added docs.fsfe.org badge to the README

2023-01-13 15:51:08 +01:00

requirements.txt

initial apache+letsencrypt setup

2018-07-09 11:22:01 +02:00

README.md

FSFE Webserver

Install

Clone this repo:

git clone --recurse-submodules git@git.fsfe.org:fsfe-system-hackers/webserver.git

Usage

Update the inventory submodule to reflect the newest changes to the list of our /generate_inventory and the groups that they are in:

git submodule update --remote inventory

Deploy/update all webservers:

ansible-playbook playbook.yaml

Deploy/update only one webserver:

ansible-playbook -l bunsen.fsfeurope.org playbook.yaml

Host Vars

The hosts' variables play an essential role. Some are self-explanatory, some are more complex

Host-wide config:

onion_address defines the Onion/Tor address for that host. Currently only applies to fsfe.org.
ip_proxy defines whether the whole server – so all primary and alias domains – is behind our ip-proxy. In this case, some extra settings have to be made, and the Apache LogFormat is different. Unfortunately, this cannot be set on a vhost basis.

Each entry under domains is an own vhost and certificate. The parent is the primary domain, e.g. fsfe.org or freeyourandroid.org.

template defines the type of the apache2 vhost config to be used (see under /roles/apache2-site/templates).
aliases are domains that are aliases to the primary domain (ServerAlias).
mode is a special declaration to differ fsfe.org and test.fsfe.org, and not used for templates other than "fsfe"
target applies to "redirection" vhosts, so the URL all requests are pointed to.
www_dir is for vhosts that are served directly from a directory ("subdirectory" template).
acme_challenge defines how TLS certs are gathered. Default is http-01, but dns-01 triggers the use of the acne-dns-client role.
rewrites can define paths for "subdirectory" templates which redirect to the primary domain.
includes defines special Apache2 config files that should be included.

Important Notes

All domains/aliases that are served by more than one host/VM MUST have acme_challenge: "dns-01". Otherwise, gathering a new or renewerd cert will fail sooner or later. This then applies all aliases of the primary domain.

README.md Unescape Escape

FSFE Webserver

Install

Usage

Tags

Host Vars

Important Notes

README.md