disable SSL

Laniakea-elixir-it · Oct 11, 2023 · fefc58d · fefc58d
1 parent 5465fb7
commit fefc58d
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 24 deletions.
diff --git a/tasks/nginx.yml b/tasks/nginx.yml
@@ -6,29 +6,40 @@
     pip_virtualenv_command: /usr/bin/python3 -m virtualenv # usegalaxy_eu.certbot, usegalaxy_eu.tiaas2, galaxyproject.galaxy
     certbot_virtualenv_package_name: python3-virtualenv # usegalaxy_eu.certbot
     pip_package: python3-pip
-    #Certbot
-    certbot_auto_renew_hour: "{{ 23 |random(seed=inventory_hostname)  }}"
-    certbot_auto_renew_minute: "{{ 59 |random(seed=inventory_hostname)  }}"
-    certbot_auth_method: --webroot
-    certbot_install_method: virtualenv
-    certbot_virtualenv_command: /usr/bin/python3 -m virtualenv
-    certbot_auto_renew: yes
-    certbot_auto_renew_user: root
-    certbot_environment: production
-    certbot_admin_email: paul.geronimo.who@gmail.com
-    certbot_well_known_root: /srv/nginx/_well-known_root
-    certbot_share_key_users:
-      - nginx
-    certbot_post_renewal: |
-      systemctl restart nginx || true
-    certbot_domains:
-      - "{{ inventory_hostname }}"
-    certbot_agree_tos: --agree-tos
+    ### DISABLE SSL ###
+    # Certbot and SSL configuration is currently disabled since the DNS record is needed
+    # this will be checked and tested later
+    # github issue: 
+    #
+    ##Certbot
+    #certbot_auto_renew_hour: "{{ 23 |random(seed=inventory_hostname)  }}"
+    #certbot_auto_renew_minute: "{{ 59 |random(seed=inventory_hostname)  }}"
+    #certbot_auth_method: --webroot
+    #certbot_install_method: virtualenv
+    #certbot_virtualenv_command: /usr/bin/python3 -m virtualenv
+    #certbot_auto_renew: yes
+    #certbot_auto_renew_user: root
+    #certbot_environment: production
+    #certbot_admin_email: paul.geronimo.who@gmail.com
+    #certbot_well_known_root: /srv/nginx/_well-known_root
+    #certbot_share_key_users:
+    #  - nginx
+    #certbot_post_renewal: |
+    #  systemctl restart nginx || true
+    #certbot_domains:
+    #  - "{{ inventory_hostname }}"
+    #certbot_agree_tos: --agree-tos
+    ### DISABLE SSL ###
 
     nginx_selinux_allow_local_connections: true
+    ### DISABLE SSL ###
+    #nginx_servers:
+    #  - redirect-ssl
+    #nginx_ssl_servers:
+    #  - galaxy
+    ### DISABLE SSL ###
+    # No SSL config
     nginx_servers:
-      - redirect-ssl
-    nginx_ssl_servers:
       - galaxy
     nginx_enable_default_server: false
     nginx_conf_http:
@@ -55,8 +66,10 @@
         image/png
         image/svg+xml
         image/x-icon
-    nginx_ssl_role: usegalaxy_eu.certbot
-    nginx_conf_ssl_certificate: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem"
-    nginx_conf_ssl_certificate_key: "/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem"
+    ### DISABLE SSL ###   
+    #nginx_ssl_role: usegalaxy_eu.certbot
+    #nginx_conf_ssl_certificate: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem"
+    #nginx_conf_ssl_certificate_key: "/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem"
+    ### DISABLE SSL ###
     nginx_conf_user: galaxy
     nginx_conf_group: galaxy
diff --git a/templates/nginx/galaxy.j2 b/templates/nginx/galaxy.j2
@@ -7,8 +7,11 @@ upstream galaxy {
 }
 
 server {
+    # Currently no SSL.
     # Listen on port 443
-    listen        *:443 ssl default_server;
+    #listen        *:443 ssl default_server;
+    # Listen on port 80
+    listen        *:80 default_server;
     # The virtualhost is our domain name
     server_name   "{{ inventory_hostname }}";