2017-03-26 20:12:50 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
- name: Install nginx
|
2017-07-11 17:48:05 +02:00
|
|
|
apt: name=nginx-light
|
2017-03-26 20:12:50 +02:00
|
|
|
|
|
|
|
- name: Create certificate directory
|
|
|
|
file: path=/etc/nginx/ssl state=directory mode=0750
|
2020-06-20 17:23:59 +02:00
|
|
|
when: nginx_ssl
|
2017-03-26 20:12:50 +02:00
|
|
|
|
|
|
|
- name: Ensure certificates are available
|
2020-06-20 22:12:05 +02:00
|
|
|
command:
|
|
|
|
cmd: >
|
|
|
|
openssl req -x509 -nodes -newkey rsa:2048
|
|
|
|
-keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key
|
|
|
|
-out /etc/nginx/ssl/{{ ansible_fqdn }}.crt
|
|
|
|
-days 730 -subj "/CN={{ ansible_fqdn }}"
|
|
|
|
creates: /etc/nginx/ssl/{{ ansible_fqdn }}.crt
|
2020-06-20 17:23:59 +02:00
|
|
|
when: nginx_ssl
|
2017-03-26 20:12:50 +02:00
|
|
|
notify: Restart nginx
|
|
|
|
|
|
|
|
- name: Ensure correct certificate permissions
|
|
|
|
file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
|
2020-06-20 17:23:59 +02:00
|
|
|
when: nginx_ssl
|
2017-03-26 20:12:50 +02:00
|
|
|
notify: Restart nginx
|
|
|
|
|
|
|
|
- name: Create DH parameters
|
|
|
|
command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
|
2020-06-20 17:23:59 +02:00
|
|
|
when: nginx_ssl
|
2017-03-26 20:12:50 +02:00
|
|
|
with_items:
|
|
|
|
- /etc/nginx/dhparam.pem
|
|
|
|
|
|
|
|
- name: Configure nginx
|
2020-10-20 15:59:08 +02:00
|
|
|
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
|
2017-03-26 20:12:50 +02:00
|
|
|
notify: Restart nginx
|
|
|
|
|
|
|
|
- name: Configure default vhost
|
|
|
|
template: src=default.j2 dest=/etc/nginx/sites-available/default
|
2020-06-20 17:23:59 +02:00
|
|
|
when: nginx_ssl
|
2017-03-26 20:12:50 +02:00
|
|
|
notify: Restart nginx
|
|
|
|
|
2018-01-18 14:48:41 +01:00
|
|
|
- name: Ensure network and dns are available before nginx
|
|
|
|
lineinfile:
|
|
|
|
dest: /lib/systemd/system/nginx.service
|
2023-07-04 13:14:37 +02:00
|
|
|
line: "After=network-online.target remote-fs.target nss-lookup.target"
|
2018-01-18 14:48:41 +01:00
|
|
|
regexp: "^After="
|
|
|
|
|
2017-03-26 20:12:50 +02:00
|
|
|
- name: Start nginx
|
|
|
|
service: name=nginx state=started enabled=yes
|