poll-streams-gitea-admin/qvest-task
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
qvest-task/ansible/setup-ssl.yml
aviyadeveloper 22504b886b feat: Automated Gitea deployment with SSL 
- Deployed PostgreSQL 18.4 + Gitea 1.22.6 via Docker Compose
- Configured Nginx reverse proxy with Let's Encrypt SSL
- Created Ansible playbooks for full automation (site.yml)
- Database credentials in AWS Secrets Manager
- Production deployment at https://gitea.poll-streams.com
2026-06-08 19:51:24 +02:00

81 lines
2.2 KiB
YAML
Raw Permalink Blame History

---
- name: Setup SSL certificates
hosts: gitea
become: true
tasks:
- name: Create nginx config directories
ansible.builtin.file:
path: "/opt/gitea/nginx/{{ item }}"
state: directory
owner: ubuntu
group: ubuntu
mode: "0755"
loop:
- ""
- "conf.d"
- name: Copy nginx main config
ansible.builtin.copy:
src: ../docker/nginx/nginx.conf
dest: /opt/gitea/nginx/nginx.conf
owner: ubuntu
group: ubuntu
mode: "0644"
- name: Copy initial nginx config (HTTP only for ACME challenge)
ansible.builtin.copy:
src: ../docker/nginx/conf.d/gitea-init.conf
dest: /opt/gitea/nginx/conf.d/gitea.conf
owner: ubuntu
group: ubuntu
mode: "0644"
- name: Start services with nginx
community.docker.docker_compose_v2:
project_src: /opt/gitea
state: present
become_user: ubuntu
- name: Wait for nginx to be ready
ansible.builtin.wait_for:
port: 80
delay: 5
timeout: 60
- name: Run certbot to obtain SSL certificate
community.docker.docker_compose_v2:
project_src: /opt/gitea
services:
- certbot
state: present
become_user: ubuntu
register: certbot_result
failed_when: false
- name: Check if certificate was obtained
ansible.builtin.command:
cmd: docker exec gitea-nginx ls /etc/letsencrypt/live/gitea.poll-streams.com/fullchain.pem
register: cert_check
changed_when: false
failed_when: false
- name: Copy final nginx config with SSL
ansible.builtin.copy:
src: ../docker/nginx/conf.d/gitea.conf
dest: /opt/gitea/nginx/conf.d/gitea.conf
owner: ubuntu
group: ubuntu
mode: "0644"
when: cert_check.rc == 0
- name: Reload nginx to use SSL certificate
ansible.builtin.command:
cmd: docker exec gitea-nginx nginx -s reload
when: cert_check.rc == 0
changed_when: true
- name: Display certificate status
ansible.builtin.debug:
msg: "SSL certificate {{ 'obtained successfully' if cert_check.rc == 0 else 'failed - check DNS and try again' }}"
Reference in New Issue View Git Blame Copy Permalink