Change domain csicsoka.org to openfood.hu

[dacook]

https://openfoodnetwork.slack.com/archives/C0DNLAZC7/p1721824249711239

[dacook]

Provisioned on hu_prod (also with #933 )

The following changes were observed.

In summary:

• /home/openfoodnetwork/apps/openfoodnetwork/shared/config/.env.production
• bash_profile
• certbot config (this tool automatically renews SSL certificates)

TASK [app : template files] ********************************************************************************************
changed: [openfood.hu] => (item={'src': 'env.j2', 'dest': '/home/openfoodnetwork/apps/openfoodnetwork/shared/config/.env.production'})

TASK [app_user : Write bash_profile for app user] **********************************************************************
changed: [openfood.hu]
TASK [add nodenv to user path] *****************************************************************************************
changed: [openfood.hu]
TASK [geerlingguy.postgresql : Configure host based authentication (if entries are configured).] ***********************
changed: [openfood.hu]

TASK [coopdevs.certbot_nginx : Extract current domains list from the certificate] **************************************
[WARNING]: Consider using 'become', 'become_method', and 'become_user' rather than running sudo
changed: [openfood.hu]
TASK [jdauphant.nginx : Ensure APT official nginx key] *****************************************************************
changed: [openfood.hu]
changed: [openfood.hu] => (item={'key': 'ofn_80', 'value': ['listen 80;\nlisten [::]:80;\nserver_name openfood.hu;\n\nadd_header X-Content-Type-Options nosniff always;\nadd_header X-Xss-Protection "1; mode=block" always;\n\nlocation \'/.well-known/acme-challenge\' {\n  default_type "text/plain";\n  root /etc/letsencrypt/webrootauth;\n}\n\n\n\nlocation / {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n  return 301 https://openfood.hu$request_uri;\n}\n']})
changed: [openfood.hu] => (item={'key': '000_redirect_www', 'value': ['listen 443 ssl http2;\nlisten [::]:443 ssl http2;\nserver_name www.openfood.hu;\n\nssl_certificate      /etc/letsencrypt/live/openfood.hu/fullchain.pem;\nssl_certificate_key  /etc/letsencrypt/live/openfood.hu/privkey.pem;\n\nssl_protocols TLSv1.2;\nssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;\nssl_prefer_server_ciphers on;\n\n\n\nreturn 301 https://openfood.hu$request_uri;\n']})
changed: [openfood.hu] => (item={'key': 'ofn_443', 'value': ['listen 443 ssl http2;\nlisten [::]:443 ssl http2;\nserver_name openfood.hu;\nroot /home/openfoodnetwork/apps/openfoodnetwork/current/public;\n\nssl_certificate      /etc/letsencrypt/live/openfood.hu/fullchain.pem;\nssl_certificate_key  /etc/letsencrypt/live/openfood.hu/privkey.pem;\n\nssl_protocols TLSv1.2;\nssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;\nssl_prefer_server_ciphers on;\n\n\n\nadd_header X-Content-Type-Options nosniff always;\nadd_header X-Xss-Protection "1; mode=block" always;\n\ngzip on;\ngzip_types text/css text/javascript text/plain application/javascript application/x-javascript application/json;\ngzip_disable "msie6";\n\nbrotli on;\nbrotli_types text/css text/javascript text/plain application/javascript application/x-javascript application/json;\n\ntry_files $uri/index.html $uri @rails;\nlocation @rails {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n\n  if (-f /etc/nginx/maintenance.html) {\n    return 503;\n  }\n\n  gzip_proxied no-cache no-store private expired auth;\n  proxy_http_version 1.1;\n  proxy_set_header X-Real-IP $remote_addr;\n  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n  proxy_set_header Host $host;\n  proxy_set_header X-Forwarded-Proto $scheme;\n  proxy_set_header X-Request-Start "t=${msec}";\n  proxy_redirect off;\n  proxy_pass http://rails;\n}\n\nlocation ~ ^/(assets)/ {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n  gzip_static on;\n  brotli_static on;\n  expires max;\n  add_header Cache-Control public;\n}\n\nerror_page 500 502 504 /500.html;\nerror_page 503 @maintenance;\n\nlocation @maintenance {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n  root /etc/nginx;\n  try_files /maintenance.html =503;\n}\n\nlocation /cable {\n  limit_except GET POST PUT PATCH DELETE OPTIONS { deny all; }\n  proxy_pass http://rails;\n  proxy_http_version 1.1;\n  proxy_set_header X-Forwarded-Proto https;\n  proxy_set_header X-Forwarded-Ssl on;\n  proxy_set_header Upgrade $http_upgrade;\n  proxy_set_header Connection "upgrade";\n  proxy_set_header Host $host;\n}\n\nclient_max_body_size 4G;\nkeepalive_timeout 30;\nproxy_read_timeout 30;\nproxy_send_timeout 30;\n\ninclude /etc/nginx/sites-available/ofn/*;\n']})