From 02b410e433c7dc55f1c4cda9e988310f3fcf2fa7 Mon Sep 17 00:00:00 2001
From: Pierre SARRET <perso@pierresarret.fr>
Date: Fri, 30 Jun 2023 21:55:24 +0200
Subject: [PATCH] acme.sh SSL challenge Working for dolibarr

---
 ansible/dolibarr-playbook.yml           | 10 +++++-----
 ansible/dolibarr/nginx_dolibarr.conf.j2 | 15 +++++++++------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/ansible/dolibarr-playbook.yml b/ansible/dolibarr-playbook.yml
index b6a70f0..1408e02 100644
--- a/ansible/dolibarr-playbook.yml
+++ b/ansible/dolibarr-playbook.yml
@@ -135,15 +135,16 @@
           changed_when: command_output.rc != 0
         - name: Generate Let's Encrypt certificate for domain
           ansible.builtin.command:
-            cmd: '{{ acme_install_dir }}/acme.sh --issue --nginx -d {{ domain_name }} --server letsencrypt --staging'
+            cmd: '{{ acme_install_dir }}/acme.sh --issue --nginx -d {{ domain_name }} --server letsencrypt'
             chdir: '{{ acme_install_dir }}'
           register: command_output
           changed_when: command_output.rc != 0
+          ignore_errors: true
         - name: Install SSL certificate
           ansible.builtin.command:
             cmd: >
-                  '{{ acme_install_dir }}/acme.sh --install-cert -d {{ domain_name }} --key-file /etc/nginx/ssl/{{ domain_name }}.key
-                  --fullchain-file /etc/nginx/ssl/{{ domain_name }}.cer --reloadcmd "service nginx force-reload"'
+                  {{ acme_install_dir }}/acme.sh --install-cert -d {{ domain_name }} --key-file /etc/nginx/ssl/{{ domain_name }}.key
+                  --fullchain-file /etc/nginx/ssl/{{ domain_name }}.cer --reloadcmd "service nginx force-reload"
             chdir: '{{ acme_install_dir }}'
           register: command_output
           changed_when: command_output.rc != 0
@@ -155,8 +156,7 @@
           ansible.builtin.replace:
             path: /etc/nginx/sites-enabled/dolibarr.conf
             regexp: 'dummy'
-            replace: '{{ item.fqdn }}'
-          loop: "{{ proxyservers }}"
+            replace: '{{ domain_name }}'
           notify: Restart Nginx
 
   handlers:
diff --git a/ansible/dolibarr/nginx_dolibarr.conf.j2 b/ansible/dolibarr/nginx_dolibarr.conf.j2
index 23b6c6d..171bfaf 100644
--- a/ansible/dolibarr/nginx_dolibarr.conf.j2
+++ b/ansible/dolibarr/nginx_dolibarr.conf.j2
@@ -1,11 +1,14 @@
 server {
-    listen 80;
-    server_name {{ domain_name }};
-    rewrite ^/(.*) https://{{ domain_name }}/$1 permanent;
-}
+	listen 80;
+	listen [::]:80;
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	# HTTP redirect
+	if ($scheme = http) {
+            return 301 https://$server_name$request_uri;
+	}
 
-server {
-    listen 443 ssl;
     server_name {{ domain_name }};
 
     ssl_certificate /etc/nginx/ssl/dummy.cer;