2021-02-01 17:07:23 +01:00
|
|
|
---
|
|
|
|
|
- name: Install NGINX
|
|
|
|
|
apt:
|
|
|
|
|
update_cache: true
|
|
|
|
|
name: nginx
|
|
|
|
|
register: apt_result
|
|
|
|
|
retries: 3
|
|
|
|
|
until: apt_result is succeeded
|
|
|
|
|
|
2021-02-24 11:41:57 +01:00
|
|
|
- name: Copy proxypass snippets
|
2021-02-01 17:07:23 +01:00
|
|
|
template:
|
2021-02-24 11:41:57 +01:00
|
|
|
src: "nginx/snippets/options-proxypass.conf.j2"
|
|
|
|
|
dest: "/etc/nginx/snippets/options-proxypass.conf"
|
2021-02-01 17:07:23 +01:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
2021-02-24 11:41:57 +01:00
|
|
|
- name: Copy SSL snippets
|
2021-02-01 17:07:23 +01:00
|
|
|
template:
|
2021-02-24 11:41:57 +01:00
|
|
|
src: "nginx/snippets/options-ssl.conf.j2"
|
|
|
|
|
dest: "/etc/nginx/snippets/options-ssl.{{ item.name }}.conf"
|
2021-02-01 17:07:23 +01:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 0644
|
2021-02-24 11:41:57 +01:00
|
|
|
loop: "{{ nginx.ssl }}"
|
2021-02-01 17:07:23 +01:00
|
|
|
|
|
|
|
|
- name: Disable default site
|
|
|
|
|
file:
|
|
|
|
|
dest: "/etc/nginx/sites-enabled/default"
|
|
|
|
|
state: absent
|
|
|
|
|
|
2021-03-01 17:40:05 +01:00
|
|
|
- name: Add 'extended' log format
|
|
|
|
|
template:
|
|
|
|
|
src: nginx/conf.d/extended_log.conf.j2
|
|
|
|
|
dest: /etc/nginx/conf.d/extended_log.conf
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 0644
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Add syslog snippet
|
|
|
|
|
template:
|
|
|
|
|
src: nginx/snippets/syslog.conf.j2
|
|
|
|
|
dest: /etc/nginx/snippets/syslog.conf
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 0644
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
|
2021-02-01 17:07:23 +01:00
|
|
|
- name: Copy reverse proxy sites
|
2021-02-24 11:41:57 +01:00
|
|
|
when: reverseproxy is defined
|
2021-02-01 17:07:23 +01:00
|
|
|
template:
|
|
|
|
|
src: "nginx/sites-available/{{ item }}.j2"
|
|
|
|
|
dest: "/etc/nginx/sites-available/{{ item }}"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 0644
|
|
|
|
|
loop:
|
|
|
|
|
- reverseproxy
|
|
|
|
|
- reverseproxy_redirect_dname
|
|
|
|
|
- redirect
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Activate reverse proxy sites
|
2021-02-24 11:41:57 +01:00
|
|
|
when: reverseproxy is defined
|
2021-02-01 17:07:23 +01:00
|
|
|
file:
|
|
|
|
|
src: "/etc/nginx/sites-available/{{ item }}"
|
|
|
|
|
dest: "/etc/nginx/sites-enabled/{{ item }}"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
state: link
|
|
|
|
|
loop:
|
|
|
|
|
- reverseproxy
|
|
|
|
|
- reverseproxy_redirect_dname
|
|
|
|
|
- redirect
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
ignore_errors: "{{ ansible_check_mode }}"
|
|
|
|
|
|
2021-02-24 11:41:57 +01:00
|
|
|
- name: Copy forward modules
|
|
|
|
|
when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0
|
|
|
|
|
template:
|
|
|
|
|
src: "nginx/modules-available/60-forward.conf.j2"
|
|
|
|
|
dest: "/etc/nginx/modules-available/60-forward.conf"
|
|
|
|
|
mode: 0644
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Activate modules
|
|
|
|
|
when: reverseproxy.redirect_tcp is defined and reverseproxy.redirect_tcp|length > 0
|
|
|
|
|
file:
|
|
|
|
|
src: "/etc/nginx/modules-available/60-forward.conf"
|
|
|
|
|
dest: "/etc/nginx/modules-enabled/60-forward.conf"
|
|
|
|
|
state: link
|
|
|
|
|
mode: 0644
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
ignore_errors: "{{ ansible_check_mode }}"
|
|
|
|
|
|
2021-02-01 17:07:23 +01:00
|
|
|
- name: Copy service nginx configuration
|
|
|
|
|
when: nginx.servers is defined and nginx.servers|length > 0
|
|
|
|
|
template:
|
|
|
|
|
src: "nginx/sites-available/service.j2"
|
|
|
|
|
dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: 0644
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
|
|
|
|
|
- name: Activate local nginx service site
|
|
|
|
|
when: nginx.servers is defined and nginx.servers|length > 0
|
|
|
|
|
file:
|
|
|
|
|
src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
|
|
|
|
|
dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
|
|
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
state: link
|
|
|
|
|
notify: Reload nginx
|
|
|
|
|
ignore_errors: "{{ ansible_check_mode }}"
|
|
|
|
|
|
|
|
|
|
- name: Copy 50x error page
|
|
|
|
|
template:
|
|
|
|
|
src: www/html/50x.html.j2
|
|
|
|
|
dest: /var/www/html/50x.html
|
|
|
|
|
owner: www-data
|
|
|
|
|
group: www-data
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
|
|
- name: Copy robots.txt file
|
|
|
|
|
when: nginx.deploy_robots_file
|
|
|
|
|
template:
|
|
|
|
|
src: www/html/robots.txt.j2
|
|
|
|
|
dest: /var/www/html/robots.txt
|
|
|
|
|
owner: www-data
|
|
|
|
|
group: www-data
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
|
|
- name: Install passwords
|
|
|
|
|
when: nginx.auth_passwd|length > 0
|
|
|
|
|
template:
|
|
|
|
|
src: nginx/passwd.j2
|
|
|
|
|
dest: /etc/nginx/passwd
|
|
|
|
|
mode: 0644
|
|
|
|
|
|
|
|
|
|
- name: Copy 401 error page
|
|
|
|
|
when: nginx.auth_passwd|length > 0
|
|
|
|
|
template:
|
|
|
|
|
src: www/html/401.html.j2
|
|
|
|
|
dest: /var/www/html/401.html
|
|
|
|
|
owner: www-data
|
|
|
|
|
group: www-data
|
|
|
|
|
mode: 0644
|
2021-02-24 11:41:57 +01:00
|
|
|
|
|
|
|
|
- name: Indicate role in motd
|
|
|
|
|
template:
|
|
|
|
|
src: update-motd.d/05-service.j2
|
|
|
|
|
dest: /etc/update-motd.d/05-nginx
|
|
|
|
|
mode: 0755
|
|
|
|
|
|
|
|
|
|
- name: Clean old files
|
|
|
|
|
file:
|
|
|
|
|
path: "{{ item }}"
|
|
|
|
|
state: absent
|
|
|
|
|
loop:
|
|
|
|
|
- "/etc/nginx/snippets/options-ssl.conf"
|
|
|
|
|
- "/var/www/custom_401.html"
|
|
|
|
|
- "/var/www/robots.txt"
|
