hell yeah now i can access the admin page

2025-12-16 23:42:13 +11:00 · 2023-12-12 08:49:38 +11:00 · 2023-12-12 08:49:38 +11:00 · e59b52a9fa
commit e59b52a9fa
parent ae6084b6c8
1 changed files with 42 additions and 13 deletions
--- a/main.ansible.yml
+++ b/main.ansible.yml
@ -16,6 +16,11 @@
          - python3-pip
          - libaugeas0
          - nginx
+          - php7.4-fpm
+          - php7.4-cgi 
+          - php7.4-xml 
+          - php7.4-sqlite3 
+          - php7.4-intl 
        state: present
    
    - name: install virtualenv via pip3
@ -28,18 +33,23 @@
        name: certbot
        virtualenv: /opt/certbot/
        state: present
+
+    - name: install certbot via pip3
+      ansible.builtin.pip:
+        name: certbot-nginx
+        virtualenv: /opt/certbot/
+        state: present
    
    - name: stop lighttpd, so that certbot can run
      ansible.builtin.systemd_service:
        name: lighttpd
        state: stopped
-
-    - name: stop nginx if running, so that certbot can run
+    
+    - name: stop nginx, so that certbot can run
      ansible.builtin.systemd_service:
        name: nginx
        state: stopped

-
    - name: link certbot to /usr/bin 
      ansible.builtin.shell:
        cmd: |
@ -62,34 +72,46 @@
    - name: remove default site nginx
      ansible.builtin.file:
        state: absent
-        path: /etc/nginx/sites-enabled/default.conf
+        path: /etc/nginx/sites-enabled/default
+
    - name: create new config for pihol configuration
      ansible.builtin.blockinfile:
        content: |
          server {
            listen 80;
+            listen 443 ssl;
            listen [::]:80;
+            listen [::]:443 ssl;
+            ssl_certificate /etc/letsencrypt/live/{{ DNSDOMAIN }}/fullchain.pem; # managed by Certbot
+            ssl_certificate_key /etc/letsencrypt/live/{{ DNSDOMAIN }}/privkey.pem; # managed by Certbot
            root /var/www/html;
            server_name {{ DNSDOMAIN }};
            autoindex off;
+
            index pihole/index.php index.php index.html index.htm;
+
            location / {
-                    expires max;
-                    try_files $uri $uri/ =404;
+              expires max;
            }
+
            location ~ \.php$ {
-                    include snippets/fastcgi-php.conf;
-                    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
+                include fastcgi_params;
+                fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
+                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+                fastcgi_param FQDN true;
            }
+
            location /*.js {
-                    index pihole/index.js;
+                index pihole/index.js;
            }
+
            location /admin {
-                    root /var/www/html;
-                    index index.php index.html index.htm;
+                root /var/www/html;
+                index index.php index.html index.htm;
            }
+
            location ~ /\.ht {
-                    deny all;
+                deny all;
            }
          }
        path: /etc/nginx/sites-enabled/dnsovertls.conf
@ -117,8 +139,15 @@
          }
        path: /etc/nginx/streams/dnsovertls.conf
        create: true
+
+    
+    - name: Start nginx
+      ansible.builtin.systemd_service:
+        name: php7.4-fpm
+        state: restarted
+        enabled: true
    - name: Start nginx
      ansible.builtin.systemd_service:
        name: nginx
-        state: started
+        state: restarted
        enabled: true