From f2f8d661a0f1a99604fd1c502c708d6824948376 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Mon, 14 Oct 2019 21:27:28 +0200
Subject: nextcloud deployment made easier

---
 roles/nextcloud/tasks/main.yml | 42 ++++++++----------------------------------
 1 file changed, 8 insertions(+), 34 deletions(-)

(limited to 'roles/nextcloud/tasks')

diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index 0f9413b9..1b0602f5 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -89,45 +89,14 @@
     src: apache-site.conf.j2
     dest: "{{ nextcloud_base_path }}/{{ item }}/config/apache-site.conf"
 
-- name: configure apache to run on port 8443 only
+- name: configure apache to run on port 8080 only
   loop: "{{ nextcloud_instances | list }}"
   copy:
     content: |
-      Listen 8443
+      Listen 8080
     dest: "{{ nextcloud_base_path }}/{{ item }}/config/ports.conf"
 
 
-- name: create tls cert/key directory
-  loop: "{{ nextcloud_instances | list }}"
-  file:
-    path: "{{ nextcloud_base_path }}/{{ item }}/config/tls"
-    state: directory
-
-- name: generate tls private key for apache
-  loop: "{{ nextcloud_instances | list }}"
-  openssl_privatekey:
-    path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.key"
-    mode: 0640
-    owner: root
-    group: nc-app
-
-- name: generate csr for selfsigned certifacate
-  loop: "{{ nextcloud_instances | list }}"
-  openssl_csr:
-    path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.csr"
-    privatekey_path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.key"
-    common_name: "nextcloud-{{ item }}"
-
-## TODO: fix idempotence
-- name: generate tls self-signed certificate for apache
-  loop: "{{ nextcloud_instances | list }}"
-  openssl_certificate:
-    path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.crt"
-    privatekey_path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.key"
-    csr_path: "{{ nextcloud_base_path }}/{{ item }}/config/tls/nextcloud.csr"
-    provider: selfsigned
-
-
 - name: generate pod manifests
   loop: "{{ nextcloud_instances | dict2items }}"
   loop_control:
@@ -172,6 +141,11 @@
   vars:
     nginx_vhost:
       name: "{{ item.key }}"
-      content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"
+      template: generic-proxy-no-buffering-with-acme
       acme: true
       hostnames: "{{ item.value.hostnames }}"
+      client_max_body_size: "512M"
+      proxy_pass: "http://127.0.0.1:{{ item.value.port }}"
+      proxy_redirect:
+        redirect: "http://$host:8080/"
+        replacement: "https://$host/"
-- 
cgit v1.2.3