--- - name: Install nginx apt: state: present name: - nginx-full - name: Remove unnecessary directories file: state: absent name: "{{ nginx_installation_directory }}/{{ item }}" with_items: "{{ nginx_unnecessary_files }}" - name: Create directories for nginx file: state: directory name: "{{ item }}" owner: root group: root mode: "u=rwx,g=rx,o=rx" with_items: - "{{ nginx_upstreams_directory }}" - "{{ nginx_sites_directory }}" - "{{ nginx_streams_directory }}" - "{{ nginx_snippets_directory }}" - "{{ global_webservers_directory }}" - name: Upload snippets to nginx template: src: "{{ item }}.conf" dest: "{{ nginx_snippets_directory }}/{{ item }}" owner: root group: root mode: "u=rw,g=r,o=r" with_items: "{{ nginx_snippets }}" notify: reload nginx - name: Retrieve dns resolver addresses shell: >- echo resolver $(awk 'BEGIN{ORS=" "} $1=="nameserver" {print $2}' /etc/resolv.conf) ';' > {{ nginx_snippets_directory | quote }}/resolver.conf args: creates: "{{ nginx_snippets_directory }}/resolver.conf" notify: reload nginx - name: Configure validation directory file: state: directory name: "{{ item }}" owner: root group: "{{ acme_system_user }}" mode: "u=rwx,g=rwx,o=rx" loop: - "{{ acme_validation_root_directory }}" - "{{ acme_validation_test_file | dirname }}" - name: Configure test file for validation directory copy: content: "{{ inventory_hostname }}" dest: "{{ acme_validation_test_file }}" owner: root group: root mode: "u=rw,g=r,o=r" - name: Enable nginx service systemd: enabled: yes name: "{{ global_nginx_service_name }}" - name: Configure nginx template: src: nginx.conf dest: "{{ nginx_installation_directory }}/nginx.conf" validate: /usr/sbin/nginx -t -c %s notify: reload nginx - name: Allow ports for http in firewall ufw: rule: allow port: "{{ item }}" proto: tcp with_items: - 80 - 443 # TODO Configure global log