--- a/deploy/deploy.sh	Fri Sep 14 22:07:56 2018 +0200
+++ b/deploy/deploy.sh	Sat Sep 15 01:24:07 2018 +0200
@@ -31,6 +31,6 @@
 
 pushd "$SCRIPTPATH"
 
-ansible-playbook -v -i "./hosts/hosts.$DASHBOARDNAME" -l "$DASHBOARDNAME" ./deploy.yml --extra-vars "dashboard_version=${VERSION}" --step --ask-vault-pass
+ANSIBLE_STDOUT_CALLBACK=debug ansible-playbook -v -i "./hosts/hosts.$DASHBOARDNAME" -l "$DASHBOARDNAME" ./deploy.yml --extra-vars "dashboard_version=${VERSION}" --ask-vault-pass
 
 popd

--- a/deploy/deploy.yml	Fri Sep 14 22:07:56 2018 +0200
+++ b/deploy/deploy.yml	Sat Sep 15 01:24:07 2018 +0200
@@ -181,7 +181,7 @@
     # TODO : set dashboard name in setting
     - name: transfert static dist to remote
       copy:
-        src: "{{clientjs_dir}}/{{dashboard_name}}/build/"
+        src: "{{clientjs_dir}}/packages/{{dashboard_name}}/build/"
         dest: "{{remote_static_path}}/"
         owner: "{{static_http_user}}"
         group: "{{static_http_group}}"
@@ -190,7 +190,7 @@
 
     - name: create refresh nginx config
       template:
-        src: netrights.iri-research.org.j2
+        src: "{{static_nginx_use_ssl | ternary('nginx.static.ssl.conf.j2', 'nginx.static.conf.j2')}}"
         dest: "{{static_nginx_config | default('/etc/nginx/site-available/'+static_server_name, true)}}"
       notify:
         - restart static nginx

--- a/deploy/group_vars/explorunivers_test.yml	Fri Sep 14 22:07:56 2018 +0200
+++ b/deploy/group_vars/explorunivers_test.yml	Sat Sep 15 01:24:07 2018 +0200
@@ -5,7 +5,8 @@
 
 # note : must not end with /
 remote_static_path: "/var/www"
-static_nginx_config: "/etc/nginx/site-available/172.16.1.7"
+static_nginx_config: "/etc/nginx/conf.d/172.16.1.7.conf"
+static_nginx_use_ssl: false
 static_server_name: "172.16.1.7"
 static_http_service: "nginx"
 

--- a/deploy/group_vars/group_vars.yml.tmpl	Fri Sep 14 22:07:56 2018 +0200
+++ b/deploy/group_vars/group_vars.yml.tmpl	Sat Sep 15 01:24:07 2018 +0200
@@ -14,6 +14,9 @@
 # remote path for nginx static file config
 static_nginx_config: ""
 
+# use the nginx ssl config template for static webserver of not
+static_nginx_use_ssl: true
+
 # static file domain
 static_server_name: "netrights.iri-research.org"
 

--- a/deploy/templates/netrights.iri-research.org.j2	Fri Sep 14 22:07:56 2018 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-upstream annotation-api {
-    server {{annotations_api_host}}:{{annotations_api_port}};
-    server 127.0.0.1 backup;
-}
-
-upstream discussion-api {
-    server {{discussions_host}}:{{discussions_port}};
-    server 127.0.0.1 backup;
-}
-
-
-server {
-    listen 80;
-    listen [::]:80;
-
-    server_name {{static_server_name}};
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
-
-    server_name {{static_server_name}};
-
-    access_log /var/log/nginx/{{static_server_name}}-access.log;
-    error_log /var/log/nginx/{{static_server_name}}-error.log;
-
-    ssl_certificate /etc/letsencrypt/live/{{static_server_name}}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{static_server_name}}/privkey.pem;
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
-    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
-
-
-    root {{remote_static_path}}/;
-    index index.html index.htm;
-
-    location /.well-known/acme-challenge {
-        alias /var/lib/letsencrypt/.well-known/acme-challenge;
-        default_type "text/plain";
-        try_files $uri =404;
-    }
-
-    location {{annotations_api_url}}/ {
-        uwsgi_pass  annotation-api;
-        include /etc/nginx/uwsgi_params;
-    }
-
-    location {{discussions_url}}/ {
-        uwsgi_pass  discussion-api;
-        include /etc/nginx/uwsgi_params;
-    }
-
-    location / {
-        # First attempt to serve request as file, then
-        # as directory, then fall back to displaying a 404.
-        try_files $uri $uri/ /index.html;
-        # Uncomment to enable naxsi on this location
-        # include /etc/nginx/naxsi.rules
-    }
-}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/templates/nginx.static.conf.j2	Sat Sep 15 01:24:07 2018 +0200
@@ -0,0 +1,42 @@
+upstream annotation-api {
+    server {{annotations_api_host}}:{{annotations_api_port}};
+    server 127.0.0.1 backup;
+}
+
+upstream discussion-api {
+    server {{discussions_host}}:{{discussions_port}};
+    server 127.0.0.1 backup;
+}
+
+
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{static_server_name}};
+
+    access_log /var/log/nginx/{{static_server_name}}-access.log;
+    error_log /var/log/nginx/{{static_server_name}}-error.log;
+
+    root {{remote_static_path}}/;
+    index index.html index.htm;
+
+
+    location {{annotations_api_url}}/ {
+        uwsgi_pass  annotation-api;
+        include /etc/nginx/uwsgi_params;
+    }
+
+    location {{discussions_url}}/ {
+        uwsgi_pass  discussion-api;
+        include /etc/nginx/uwsgi_params;
+    }
+
+    location / {
+        # First attempt to serve request as file, then
+        # as directory, then fall back to displaying a 404.
+        try_files $uri $uri/ /index.html;
+        # Uncomment to enable naxsi on this location
+        # include /etc/nginx/naxsi.rules
+    }
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/deploy/templates/nginx.static.ssl.conf.j2	Sat Sep 15 01:24:07 2018 +0200
@@ -0,0 +1,63 @@
+upstream annotation-api {
+    server {{annotations_api_host}}:{{annotations_api_port}};
+    server 127.0.0.1 backup;
+}
+
+upstream discussion-api {
+    server {{discussions_host}}:{{discussions_port}};
+    server 127.0.0.1 backup;
+}
+
+
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{static_server_name}};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name {{static_server_name}};
+
+    access_log /var/log/nginx/{{static_server_name}}-access.log;
+    error_log /var/log/nginx/{{static_server_name}}-error.log;
+
+    ssl_certificate /etc/letsencrypt/live/{{static_server_name}}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{static_server_name}}/privkey.pem;
+
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+
+
+    root {{remote_static_path}}/;
+    index index.html index.htm;
+
+    location /.well-known/acme-challenge {
+        alias /var/lib/letsencrypt/.well-known/acme-challenge;
+        default_type "text/plain";
+        try_files $uri =404;
+    }
+
+    location {{annotations_api_url}}/ {
+        uwsgi_pass  annotation-api;
+        include /etc/nginx/uwsgi_params;
+    }
+
+    location {{discussions_url}}/ {
+        uwsgi_pass  discussion-api;
+        include /etc/nginx/uwsgi_params;
+    }
+
+    location / {
+        # First attempt to serve request as file, then
+        # as directory, then fall back to displaying a 404.
+        try_files $uri $uri/ /index.html;
+        # Uncomment to enable naxsi on this location
+        # include /etc/nginx/naxsi.rules
+    }
+}

--- a/deploy/test_playbook.yml	Fri Sep 14 22:07:56 2018 +0200
+++ b/deploy/test_playbook.yml	Sat Sep 15 01:24:07 2018 +0200
@@ -7,7 +7,7 @@
   tasks:
     - name: install deps
       apk:
-        name: python-dev,python3-dev,py-virtualenv,nginx,supervisor,shadow,build-base,musl-dev,gcc,linux-headers
+        name: python-dev,python3-dev,py-virtualenv,nginx,supervisor,shadow,build-base,musl-dev,gcc,linux-headers,libffi,libffi-dev
         update_cache: yes
     - name: create etc supervisor.d folder
       file: