Markus Hauschild af56fd8dcd
All checks were successful
continuous-integration/drone/push Build is passing
nginx: support ip anonymization
2020-10-20 15:59:08 +02:00

49 lines
1.3 KiB
YAML

---
- name: Install nginx
apt: name=nginx-light
- name: Create certificate directory
file: path=/etc/nginx/ssl state=directory mode=0750
when: nginx_ssl
- name: Ensure certificates are available
command:
cmd: >
openssl req -x509 -nodes -newkey rsa:2048
-keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key
-out /etc/nginx/ssl/{{ ansible_fqdn }}.crt
-days 730 -subj "/CN={{ ansible_fqdn }}"
creates: /etc/nginx/ssl/{{ ansible_fqdn }}.crt
when: nginx_ssl
notify: Restart nginx
- name: Ensure correct certificate permissions
file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
when: nginx_ssl
notify: Restart nginx
- name: Create DH parameters
command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
when: nginx_ssl
with_items:
- /etc/nginx/dhparam.pem
- name: Configure nginx
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: Restart nginx
- name: Configure default vhost
template: src=default.j2 dest=/etc/nginx/sites-available/default
when: nginx_ssl
notify: Restart nginx
- name: Ensure network and dns are available before nginx
lineinfile:
dest: /lib/systemd/system/nginx.service
line: "After=network-online.target nss-lookup.target"
regexp: "^After="
- name: Start nginx
service: name=nginx state=started enabled=yes