From fefc58d433bfd7deea38e90834de1eeb2a1cd574 Mon Sep 17 00:00:00 2001 From: mtangaro Date: Wed, 11 Oct 2023 17:55:55 +0000 Subject: [PATCH] disable SSL --- tasks/nginx.yml | 59 ++++++++++++++++++++++++--------------- templates/nginx/galaxy.j2 | 5 +++- 2 files changed, 40 insertions(+), 24 deletions(-) diff --git a/tasks/nginx.yml b/tasks/nginx.yml index 288b6f5..5f15d57 100644 --- a/tasks/nginx.yml +++ b/tasks/nginx.yml @@ -6,29 +6,40 @@ pip_virtualenv_command: /usr/bin/python3 -m virtualenv # usegalaxy_eu.certbot, usegalaxy_eu.tiaas2, galaxyproject.galaxy certbot_virtualenv_package_name: python3-virtualenv # usegalaxy_eu.certbot pip_package: python3-pip - #Certbot - certbot_auto_renew_hour: "{{ 23 |random(seed=inventory_hostname) }}" - certbot_auto_renew_minute: "{{ 59 |random(seed=inventory_hostname) }}" - certbot_auth_method: --webroot - certbot_install_method: virtualenv - certbot_virtualenv_command: /usr/bin/python3 -m virtualenv - certbot_auto_renew: yes - certbot_auto_renew_user: root - certbot_environment: production - certbot_admin_email: paul.geronimo.who@gmail.com - certbot_well_known_root: /srv/nginx/_well-known_root - certbot_share_key_users: - - nginx - certbot_post_renewal: | - systemctl restart nginx || true - certbot_domains: - - "{{ inventory_hostname }}" - certbot_agree_tos: --agree-tos + ### DISABLE SSL ### + # Certbot and SSL configuration is currently disabled since the DNS record is needed + # this will be checked and tested later + # github issue: + # + ##Certbot + #certbot_auto_renew_hour: "{{ 23 |random(seed=inventory_hostname) }}" + #certbot_auto_renew_minute: "{{ 59 |random(seed=inventory_hostname) }}" + #certbot_auth_method: --webroot + #certbot_install_method: virtualenv + #certbot_virtualenv_command: /usr/bin/python3 -m virtualenv + #certbot_auto_renew: yes + #certbot_auto_renew_user: root + #certbot_environment: production + #certbot_admin_email: paul.geronimo.who@gmail.com + #certbot_well_known_root: /srv/nginx/_well-known_root + #certbot_share_key_users: + # - nginx + #certbot_post_renewal: | + # systemctl restart nginx || true + #certbot_domains: + # - "{{ inventory_hostname }}" + #certbot_agree_tos: --agree-tos + ### DISABLE SSL ### nginx_selinux_allow_local_connections: true + ### DISABLE SSL ### + #nginx_servers: + # - redirect-ssl + #nginx_ssl_servers: + # - galaxy + ### DISABLE SSL ### + # No SSL config nginx_servers: - - redirect-ssl - nginx_ssl_servers: - galaxy nginx_enable_default_server: false nginx_conf_http: @@ -55,8 +66,10 @@ image/png image/svg+xml image/x-icon - nginx_ssl_role: usegalaxy_eu.certbot - nginx_conf_ssl_certificate: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem" - nginx_conf_ssl_certificate_key: "/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem" + ### DISABLE SSL ### + #nginx_ssl_role: usegalaxy_eu.certbot + #nginx_conf_ssl_certificate: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.pem" + #nginx_conf_ssl_certificate_key: "/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem" + ### DISABLE SSL ### nginx_conf_user: galaxy nginx_conf_group: galaxy diff --git a/templates/nginx/galaxy.j2 b/templates/nginx/galaxy.j2 index 32c6dc4..443178b 100644 --- a/templates/nginx/galaxy.j2 +++ b/templates/nginx/galaxy.j2 @@ -7,8 +7,11 @@ upstream galaxy { } server { + # Currently no SSL. # Listen on port 443 - listen *:443 ssl default_server; + #listen *:443 ssl default_server; + # Listen on port 80 + listen *:80 default_server; # The virtualhost is our domain name server_name "{{ inventory_hostname }}";