ansible-ffrgb/roles/nginx/tasks/main.yml

49 lines
1.3 KiB
YAML
Raw Normal View History

2017-03-26 20:12:50 +02:00
---
- name: Install nginx
2017-07-11 17:48:05 +02:00
apt: name=nginx-light
2017-03-26 20:12:50 +02:00
- name: Create certificate directory
file: path=/etc/nginx/ssl state=directory mode=0750
2020-06-20 17:23:59 +02:00
when: nginx_ssl
2017-03-26 20:12:50 +02:00
- name: Ensure certificates are available
command:
cmd: >
openssl req -x509 -nodes -newkey rsa:2048
-keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key
-out /etc/nginx/ssl/{{ ansible_fqdn }}.crt
-days 730 -subj "/CN={{ ansible_fqdn }}"
creates: /etc/nginx/ssl/{{ ansible_fqdn }}.crt
2020-06-20 17:23:59 +02:00
when: nginx_ssl
2017-03-26 20:12:50 +02:00
notify: Restart nginx
- name: Ensure correct certificate permissions
file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
2020-06-20 17:23:59 +02:00
when: nginx_ssl
2017-03-26 20:12:50 +02:00
notify: Restart nginx
- name: Create DH parameters
command: openssl dhparam -outform PEM -out {{ item }} 2048 creates={{ item }}
2020-06-20 17:23:59 +02:00
when: nginx_ssl
2017-03-26 20:12:50 +02:00
with_items:
- /etc/nginx/dhparam.pem
- name: Configure nginx
2020-10-20 15:59:08 +02:00
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
2017-03-26 20:12:50 +02:00
notify: Restart nginx
- name: Configure default vhost
template: src=default.j2 dest=/etc/nginx/sites-available/default
2020-06-20 17:23:59 +02:00
when: nginx_ssl
2017-03-26 20:12:50 +02:00
notify: Restart nginx
2018-01-18 14:48:41 +01:00
- name: Ensure network and dns are available before nginx
lineinfile:
dest: /lib/systemd/system/nginx.service
2023-07-04 13:14:37 +02:00
line: "After=network-online.target remote-fs.target nss-lookup.target"
2018-01-18 14:48:41 +01:00
regexp: "^After="
2017-03-26 20:12:50 +02:00
- name: Start nginx
service: name=nginx state=started enabled=yes