forked from infra/ansible
Prepare nginx to be used without SSL.
This commit is contained in:
parent
89c9e8031c
commit
b83b2f02f1
@ -2,4 +2,4 @@
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- { role: certmgr }
|
- { role: certmgr }
|
||||||
- { role: nginx }
|
- { role: nginx, nginx_ssl: True }
|
||||||
|
@ -2,4 +2,4 @@
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- { role: certmgr }
|
- { role: certmgr }
|
||||||
- { role: nginx }
|
- { role: nginx, nginx_ssl: True }
|
||||||
|
@ -8,13 +8,16 @@
|
|||||||
|
|
||||||
- name: Create certificate directory
|
- name: Create certificate directory
|
||||||
file: path=/etc/nginx/ssl state=directory mode=0750
|
file: path=/etc/nginx/ssl state=directory mode=0750
|
||||||
|
when: nginx_ssl == True
|
||||||
|
|
||||||
- name: Ensure certificates are available
|
- name: Ensure certificates are available
|
||||||
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
|
command: openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/nginx/ssl/{{ ansible_fqdn }}.key -out /etc/nginx/ssl/{{ ansible_fqdn }}.crt -days 730 -subj "/CN={{ ansible_fqdn }}" creates=/etc/nginx/ssl/{{ ansible_fqdn }}.crt
|
||||||
|
when: nginx_ssl == True
|
||||||
notify: Restart nginx
|
notify: Restart nginx
|
||||||
|
|
||||||
- name: Ensure correct certificate permissions
|
- name: Ensure correct certificate permissions
|
||||||
file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
|
file: path=/etc/nginx/ssl/{{ ansible_fqdn }}.key owner=root mode=0400
|
||||||
|
when: nginx_ssl == True
|
||||||
notify: Restart nginx
|
notify: Restart nginx
|
||||||
|
|
||||||
- name: Create DH parameters
|
- name: Create DH parameters
|
||||||
@ -22,12 +25,13 @@
|
|||||||
with_items:
|
with_items:
|
||||||
- /etc/nginx/dhparam.pem
|
- /etc/nginx/dhparam.pem
|
||||||
|
|
||||||
- name: Configure default vhost
|
- name: Configure nginx
|
||||||
copy: src=nginx.conf dest=/etc/nginx/nginx.conf
|
copy: src=nginx.conf dest=/etc/nginx/nginx.conf
|
||||||
notify: Restart nginx
|
notify: Restart nginx
|
||||||
|
|
||||||
- name: Enable default vhost
|
- name: Configure default vhost
|
||||||
template: src=default.j2 dest=/etc/nginx/sites-available/default
|
template: src=default.j2 dest=/etc/nginx/sites-available/default
|
||||||
|
when: nginx_ssl == True
|
||||||
notify: Restart nginx
|
notify: Restart nginx
|
||||||
|
|
||||||
- name: Start nginx
|
- name: Start nginx
|
||||||
|
@ -2,4 +2,4 @@
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- { role: certmgr }
|
- { role: certmgr }
|
||||||
- { role: nginx }
|
- { role: nginx, nginx_ssl: True }
|
||||||
|
@ -2,4 +2,4 @@
|
|||||||
|
|
||||||
dependencies:
|
dependencies:
|
||||||
- { role: certmgr }
|
- { role: certmgr }
|
||||||
- { role: nginx }
|
- { role: nginx, nginx_ssl: True }
|
||||||
|
Loading…
Reference in New Issue
Block a user