|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
- name: Install nginx
|
|
|
|
|
apt:
|
|
|
|
|
state: present
|
|
|
|
|
name:
|
|
|
|
|
- nginx-full
|
|
|
|
|
|
|
|
|
|
- name: Remove unnecessary directories
|
|
|
|
|
file:
|
|
|
|
|
state: absent
|
|
|
|
|
name: "{{ global_nginx_installation_directory }}/{{ item }}"
|
|
|
|
|
with_items: "{{ nginx_unnecessary_files }}"
|
|
|
|
|
|
|
|
|
|
- name: Create directories for nginx
|
|
|
|
|
file:
|
|
|
|
|
state: directory
|
|
|
|
|
name: "{{ item }}"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "u=rwx,g=rx,o=rx"
|
|
|
|
|
with_items:
|
|
|
|
|
- "{{ nginx_upstreams_directory }}"
|
|
|
|
|
- "{{ nginx_sites_directory }}"
|
|
|
|
|
- "{{ nginx_streams_directory }}"
|
|
|
|
|
- "{{ nginx_snippets_directory }}"
|
|
|
|
|
- "{{ global_webservers_directory }}"
|
|
|
|
|
|
|
|
|
|
- name: Upload snippets to nginx
|
|
|
|
|
template:
|
|
|
|
|
src: "{{ item }}.conf"
|
|
|
|
|
dest: "{{ nginx_snippets_directory }}/{{ item }}"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "u=rw,g=r,o=r"
|
|
|
|
|
with_items: "{{ nginx_snippets }}"
|
|
|
|
|
notify: reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Configure dns resolver addresses for nginx
|
|
|
|
|
copy:
|
|
|
|
|
content: |
|
|
|
|
|
resolver {{ ansible_dns.nameservers | ipwrap | join(' ') }};
|
|
|
|
|
dest: "{{ nginx_snippets_directory }}/resolver.conf"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: u=rwx,g=rx,o=rx
|
|
|
|
|
notify: reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Configure validation directory
|
|
|
|
|
file:
|
|
|
|
|
state: directory
|
|
|
|
|
name: "{{ item }}"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "u=rwx,g=rx,o=rx"
|
|
|
|
|
loop:
|
|
|
|
|
- "{{ acme_validation_root_directory }}"
|
|
|
|
|
- "{{ acme_validation_test_file | dirname }}"
|
|
|
|
|
|
|
|
|
|
- name: Configure test file for validation directory
|
|
|
|
|
copy:
|
|
|
|
|
content: "{{ inventory_hostname }}"
|
|
|
|
|
dest: "{{ acme_validation_test_file }}"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: "u=rw,g=r,o=r"
|
|
|
|
|
|
|
|
|
|
- name: Enable nginx service
|
|
|
|
|
systemd:
|
|
|
|
|
enabled: yes
|
|
|
|
|
name: "{{ global_nginx_service_name }}"
|
|
|
|
|
|
|
|
|
|
- name: Configure nginx
|
|
|
|
|
template:
|
|
|
|
|
src: nginx.conf
|
|
|
|
|
dest: "{{ global_nginx_installation_directory }}/nginx.conf"
|
|
|
|
|
validate: /usr/sbin/nginx -t -c %s
|
|
|
|
|
notify: reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Allow ports for http in firewall
|
|
|
|
|
ufw:
|
|
|
|
|
rule: allow
|
|
|
|
|
port: "{{ item }}"
|
|
|
|
|
proto: tcp
|
|
|
|
|
with_items:
|
|
|
|
|
- "80"
|
|
|
|
|
- "443"
|
|
|
|
|
|
|
|
|
|
# TODO Configure global log
|
