2022-06-08 20:25:54 +02:00
|
|
|
---
|
|
|
|
- name: Install NGINX
|
|
|
|
apt:
|
|
|
|
update_cache: true
|
2022-06-20 23:06:14 +02:00
|
|
|
name:
|
|
|
|
- nginx
|
|
|
|
- 'python3-cryptography'
|
2022-06-08 20:25:54 +02:00
|
|
|
state: latest
|
|
|
|
register: apt_result
|
|
|
|
retries: 3
|
|
|
|
until: apt_result is succeeded
|
|
|
|
|
2022-06-08 22:34:50 +02:00
|
|
|
- name: Copy snippets
|
|
|
|
template:
|
|
|
|
src: "snippets/{{ item }}"
|
|
|
|
dest: "/etc/nginx/snippets/{{ item }}"
|
|
|
|
loop:
|
|
|
|
- connection_upgrade.conf # fix some nginx bug
|
|
|
|
|
|
|
|
- name: Ensure the cert directory exists
|
|
|
|
file:
|
|
|
|
path: /etc/nginx/certs
|
|
|
|
state: directory
|
|
|
|
|
2022-06-19 22:40:12 +02:00
|
|
|
- name: check if dummy cert exist
|
|
|
|
stat:
|
|
|
|
path: /etc/nginx/certs/dummy.pem
|
|
|
|
register: dummy_cert
|
|
|
|
|
2022-06-08 22:34:50 +02:00
|
|
|
- name: Create a dummy cert
|
|
|
|
block:
|
|
|
|
- name: Generate private key
|
|
|
|
openssl_privatekey:
|
|
|
|
path: /etc/nginx/certs/dummy.key
|
|
|
|
mode: u=rw,g=,o=
|
|
|
|
size: 4096
|
|
|
|
- name: Generate the signing request
|
|
|
|
openssl_csr:
|
|
|
|
path: /etc/nginx/certs/dummy.req
|
|
|
|
privatekey_path: /etc/nginx/certs/dummy.key
|
|
|
|
common_name: dummy
|
|
|
|
- name: Sign Cert
|
|
|
|
openssl_certificate:
|
|
|
|
path: /etc/nginx/certs/dummy.pem
|
|
|
|
privatekey_path: /etc/nginx/certs/dummy.key
|
|
|
|
csr_path: /etc/nginx/certs/dummy.req
|
|
|
|
provider: selfsigned
|
2022-06-19 22:40:12 +02:00
|
|
|
when: dummy_cert.stat.exists == False
|
2022-06-08 22:34:50 +02:00
|
|
|
|
2022-06-08 20:25:54 +02:00
|
|
|
- name: Add wasm to mime type
|
|
|
|
lineinfile:
|
|
|
|
path: /etc/nginx/mime.types
|
|
|
|
regexp: '\s*application/wasm\s+wasm;$'
|
|
|
|
line: ' application/wasm wasm;'
|
|
|
|
owner: root
|
|
|
|
group: root
|
|
|
|
mode: '0644'
|
|
|
|
insertbefore: '}'
|
2022-06-08 22:34:50 +02:00
|
|
|
|
|
|
|
- name: Copy NGINX conf
|
|
|
|
template:
|
|
|
|
src: nginx.conf
|
|
|
|
dest: /etc/nginx/nginx.conf
|
2022-06-20 23:06:14 +02:00
|
|
|
notify: Reload nginx
|
2022-06-08 22:34:50 +02:00
|
|
|
|
2022-06-19 22:40:12 +02:00
|
|
|
# TODO: << Manage reverse proxy >>
|
2022-06-08 22:34:50 +02:00
|
|
|
- name: Create the SSL reverse proxy conf
|
|
|
|
template:
|
|
|
|
src: stream_rp.conf
|
|
|
|
dest: /etc/nginx/stream_rp.conf
|
|
|
|
force: no
|
2022-06-19 22:40:12 +02:00
|
|
|
|
|
|
|
# Manage each http site
|
2022-06-20 23:06:14 +02:00
|
|
|
- name: Copy Http Servers
|
2022-06-19 22:40:12 +02:00
|
|
|
template:
|
|
|
|
src: http_server.j2
|
|
|
|
dest: "/etc/nginx/sites-available/{{ item.key }}"
|
|
|
|
loop: "{{ http_sites | dict2items}}"
|
2022-06-20 23:06:14 +02:00
|
|
|
notify: Reload nginx
|
2022-06-19 22:40:12 +02:00
|
|
|
|
|
|
|
- name: Use the dummy certificate
|
|
|
|
file:
|
|
|
|
src: /etc/nginx/certs/dummy.pem
|
|
|
|
dest: "/etc/nginx/certs/{{ item.key }}.crt"
|
|
|
|
state: link
|
|
|
|
force: no
|
|
|
|
loop: "{{ http_sites | dict2items}}"
|
|
|
|
|
|
|
|
- name: Use the dummy key
|
|
|
|
file:
|
|
|
|
src: /etc/nginx/certs/dummy.key
|
|
|
|
dest: "/etc/nginx/certs/{{ item.key }}.key"
|
|
|
|
state: link
|
|
|
|
force: no
|
|
|
|
loop: "{{ http_sites | dict2items}}"
|
|
|
|
|
|
|
|
- name: Activate sites
|
|
|
|
file:
|
|
|
|
src: "/etc/nginx/sites-available/{{ item.key }}"
|
|
|
|
dest: "/etc/nginx/sites-enabled/{{ item.key }}"
|
|
|
|
state: link
|
|
|
|
force: yes
|
|
|
|
loop: "{{ http_sites | dict2items}}"
|
2022-06-20 23:06:14 +02:00
|
|
|
notify: Reload nginx
|