Added SSL cert generation and installation. Moved variables to ENV

infrastructure/userdata.sh

@@ -32,11 +32,33 @@ Restart=always
 WantedBy=multi-user.target
 EOF
 
+# Install and configure acme.sh
+curl https://get.acme.sh | sh -s email=stefano@fiorinis.com
+
+# Configure acme.sh to use DNS API for FreeDNS
+. "/root/.acme.sh/acme.sh.env"
+acme.sh --issue --dns dns_freedns -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME}
+sudo mkdir -p /etc/nginx/ssl
+acme.sh --install-cert -d ${DOMAIN_NAME} -d *.${DOMAIN_NAME} \
+    --key-file /etc/nginx/ssl/${DOMAIN_NAME}.pem \
+    --fullchain-file /etc/nginx/ssl/cert.pem \
+    --reloadcmd "service nginx force-reload"
+
 # Create nginx config
 cat << 'EOF' > /etc/nginx/conf.d/iptvUpdater.conf
 server {
     listen 80;
-    server_name $HOSTNAME;
+    server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name ${DOMAIN_NAME} *.${DOMAIN_NAME};
+
+    ssl_certificate /etc/nginx/ssl/cert.pem;
+    ssl_certificate_key /etc/nginx/ssl/${DOMAIN_NAME}.pem;
+
     location / {
         proxy_pass http://127.0.0.1:8000;
         proxy_set_header Host $host;