update uploadHEADmain

3 files changed, 91 insertions, 0 deletions

diff --git a/roles/upload/tasks/main.yml b/roles/upload/tasks/main.yml
index ca87a1c..b63e3f1 100644
--- a/roles/upload/tasks/main.yml
+++ b/roles/upload/tasks/main.yml
@@ -21,6 +21,14 @@
       name:
         - nodejs
       state: present
+- name: Add to dehydrated.conf
+  become: true
+  lineinfile:
+    line: "{{ upload_server_name }}"
+    path: /etc/dehydrated/domains.txt
+- name: Create or renew cert
+  command: "dehydrated --cron"
+  become: true
 - name: Create upload user
   become: true
   user:
@@ -99,6 +107,19 @@
     owner: "{{ upload_user }}"
     group: "{{ upload_group }}"
     recurse: true
+- name: Create backup dir to use when the conference is done
+  file:
+    path: "{{ upload_done_dir }}"
+    owner: "{{ upload_user }}"
+    group: "{{ upload_group }}"
+    state: directory
+- name: Create backup file to use when the conference is done
+  template:
+    src: index.html
+    owner: "{{ upload_user }}"
+    group: "{{ upload_group }}"
+    mode: 0755
+    dest: "{{ upload_done_dir }}/index.html"
 - name: Install systemd configuration
   tags: system
   become: true
@@ -109,6 +130,23 @@
     group: root
     mode: 0755
   when: not use_initd
+- name: Create main configuration if needed
+  template:
+    src: nginx-site-config
+    dest: /etc/nginx/sites-available/{{ upload_server_name }}
+- name: Make sure main configuration is enabled
+  file:
+    src: /etc/nginx/sites-available/{{ upload_server_name }}
+    dest: /etc/nginx/sites-enabled/{{ upload_server_name }}
+    owner: "{{ emacsconf_user }}"
+    group: "{{ emacsconf_group }}"
+    force: no
+    state: link
+- name: Reload configuration
+  become: true
+  service:
+    name: nginx
+    state: reloaded
 - name: Restart Upload
   become: true
   when: upload_enabled
diff --git a/roles/upload/templates/index.html b/roles/upload/templates/index.html
new file mode 100644
index 0000000..e5d8e6e
--- /dev/null
+++ b/roles/upload/templates/index.html
@@ -0,0 +1,7 @@
+<html>
+        <head>
+        </head>
+        <body>
+          EmacsConf is done for now, so we've turned off the file upload service. Let us know at <a href="mailto:emacsconf-org-private@gnu.org">emacsconf-org-private@gnu.org</a> if you need it back to upload something!
+        </body>
+</html>
diff --git a/roles/upload/templates/nginx-site-config b/roles/upload/templates/nginx-site-config
new file mode 100644
index 0000000..48842d1
--- /dev/null
+++ b/roles/upload/templates/nginx-site-config
@@ -0,0 +1,46 @@
+upstream upload_emacsconf {
+        server 127.0.0.1:3000;
+}
+
+server {
+        listen 80;
+        listen [::]:80;
+        server_name {{ upload_server_name }};
+
+        include snippets/well-known-acme-challenge.conf;
+
+        location / {
+                return 302 https://$server_name$request_uri;
+        }
+}
+
+server {
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
+        server_name {{ upload_server_name }};
+
+        ssl_certificate /var/local/dehydrated/certs/{{ upload_server_name }}/fullchain.pem;
+        ssl_certificate_key /var/local/dehydrated/certs/{{ upload_server_name }}/privkey.pem;
+        ssl_trusted_certificate /var/local/dehydrated/certs/{{ upload_server_name }}/fullchain.pem;
+        include ssl_params.local;
+        include snippets/well-known-acme-challenge.conf;
+{% if upload_enabled %}
+  			location @upload_emacsconf {
+    		proxy_pass http://upload_emacsconf;
+    proxy_http_version 1.1;
+    proxy_buffering off;
+    proxy_request_buffering off;      # needs nginx version >= 1.7.11
+    proxy_set_header Host $http_host;
+  }
+  location / {
+    #try_files $uri $uri/ @upload_emacsconf;
+    proxy_pass http://upload_emacsconf;
+    proxy_http_version 1.1;
+    proxy_buffering off;
+    proxy_request_buffering off;      # needs nginx version >= 1.7.11
+    proxy_set_header Host $http_host;
+  }
+	{% else %}
+	root {{ upload_done_dir }};
+	{% endif %}
+}