diff --git a/tasks/roundcubemail.yml b/tasks/roundcubemail.yml index 8260e65..65d8a77 100644 --- a/tasks/roundcubemail.yml +++ b/tasks/roundcubemail.yml @@ -32,11 +32,25 @@ - name: roundcubemail - nginx local notify: reload nginx - when: mailserver_roundcubemail_domain == "" + #when: mailserver_roundcubemail_domain == "" template: src: roundcubemail-local.nginx dest: /etc/nginx/local.d/roundcubemail.act +- name: roundcube - get cert for nginx domain + notify: dehydrated + when: mailserver_roundcubemail_domain != "" + lineinfile: + path: /etc/dehydrated/domains.txt + line: "{{ mailserver_roundcubemail_domain }}" + +- name: roundcubemail - nginx domain + notify: reload nginx + when: mailserver_roundcubemail_domain != "" + template: + src: roundcubemail-domain.nginx + dest: /etc/nginx/sites.d/roundcubemail.act + - name: roundcubemail - config template: src: roundcubemail-conf.php diff --git a/templates/roundcubemail-domain.nginx b/templates/roundcubemail-domain.nginx new file mode 100644 index 0000000..e93b709 --- /dev/null +++ b/templates/roundcubemail-domain.nginx @@ -0,0 +1,27 @@ +server { + listen [::]:443 ssl http2; + listen 443 ssl http2; + + server_name {{ mailserver_roundcubemail_domain }}; + + ssl_certificate /etc/dehydrated/certs/{{ mailserver_roundcubemail_domain }}/fullchain.pem; + ssl_certificate_key /etc/dehydrated/certs/{{ mailserver_roundcubemail_domain }}/privkey.pem; + + include snippets/letsencrypt.conf; + + root /usr/share/webapps/roundcubemail; + index index.html index.htm index.php; + + location ~ \.php(?:$|/) { + fastcgi_split_path_info ^(.+.php)(/.+)$; + fastcgi_pass unix:/run/php-fpm/php-fpm.sock; + fastcgi_index index.php; + + include fastcgi.conf; + + fastcgi_param PHP_ADMIN_VALUE open_basedir=/etc/webapps/roundcubemail/:/usr/share/webapps/roundcubemail:/var/log/roundcubemail/:/var/cache/roundcubemail/:/tmp:/usr/share/pear:/dev/urandom; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + } +}