1
0
forked from infra/ansible
infra/roles/nginx/tasks/main.yml

35 lines
1.2 KiB
YAML
Raw Normal View History

2016-03-09 22:10:14 +01:00
---
- name: Enable backports
apt_repository: repo='deb http://httpredir.debian.org/debian jessie-backports main' state=present
- name: Install nginx
2016-04-05 08:39:47 +02:00
apt: name=nginx default_release=jessie-backports state=latest
2016-03-09 22:10:14 +01:00
- name: Create certificate directory
file: path=/etc/nginx/ssl state=directory mode=0750
- name: Ensure certificates are available
2016-04-01 08:10:00 +02:00
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
2016-03-09 22:10:14 +01:00
notify: Restart nginx
- name: Ensure correct certificate permissions
2016-04-01 08:10:00 +02:00
file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
2016-03-09 22:10:14 +01:00
notify: Restart nginx
- name: Create DH parameters
command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
with_items:
- /etc/nginx/dhparam.pem
2016-04-05 08:39:47 +02:00
- name: Configure default vhost
2016-03-09 22:25:48 +01:00
copy: src=nginx.conf dest=/etc/nginx/nginx.conf
notify: Restart nginx
2016-04-05 08:39:47 +02:00
- name: Enable default vhost
2016-03-09 22:10:14 +01:00
template: src=default.j2 dest=/etc/nginx/sites-available/default
notify: Restart nginx
- name: Start nginx
service: name=nginx state=started enabled=yes