--- - name: Install NGINX apt: update_cache: true name: - nginx - 'python3-cryptography' state: latest register: apt_result retries: 3 until: apt_result is succeeded - name: Copy snippets template: src: "snippets/{{ item }}" dest: "/etc/nginx/snippets/{{ item }}" loop: - connection_upgrade.conf # fix some nginx bug - name: Ensure the cert directory exists file: path: /var/www/well-known/acme-challenge/.well-known/acme-challenge state: directory - name: Ensure the cert directory exists file: path: /etc/nginx/certs state: directory - name: check if dummy cert exist stat: path: /etc/nginx/certs/dummy.pem register: dummy_cert - name: Create a dummy cert block: - name: Generate private key openssl_privatekey: path: /etc/nginx/certs/dummy.key mode: u=rw,g=,o= size: 4096 - name: Generate the signing request openssl_csr: path: /etc/nginx/certs/dummy.req privatekey_path: /etc/nginx/certs/dummy.key common_name: dummy - name: Sign Cert openssl_certificate: path: /etc/nginx/certs/dummy.pem privatekey_path: /etc/nginx/certs/dummy.key csr_path: /etc/nginx/certs/dummy.req provider: selfsigned when: dummy_cert.stat.exists == False - name: Add wasm to mime type lineinfile: path: /etc/nginx/mime.types regexp: '\s*application/wasm\s+wasm;$' line: ' application/wasm wasm;' owner: root group: root mode: '0644' insertbefore: '}' - name: Copy NGINX conf template: src: nginx.conf dest: /etc/nginx/nginx.conf notify: Reload nginx # Manage each http site - name: Copy HTTP Servers template: src: http_server.j2 dest: "/etc/nginx/sites-available/{{ item.key }}" loop: "{{ http_sites | dict2items}}" notify: Reload nginx - name: Use the dummy certificate file: src: /etc/nginx/certs/dummy.pem dest: "/etc/nginx/certs/{{ item.key }}.crt" state: link force: no loop: "{{ http_sites | dict2items}}" - name: Use the dummy key file: src: /etc/nginx/certs/dummy.key dest: "/etc/nginx/certs/{{ item.key }}.key" state: link force: no loop: "{{ http_sites | dict2items}}" - name: Activate sites file: src: "/etc/nginx/sites-available/{{ item.key }}" dest: "/etc/nginx/sites-enabled/{{ item.key }}" state: link force: yes loop: "{{ http_sites | dict2items}}" notify: Reload nginx # Add HTTP proxy to allow ACME challenges between LE and the SSL endpoints of proxy streams - name: Copy HTTP Servers allowing ACME challenges with proxy stream template: src: http_proxy_acme.j2 dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}" loop: "{{ ssl_reverse_proxy_upstream | dict2items}}" notify: Reload nginx