63 lines
1.5 KiB
YAML
63 lines
1.5 KiB
YAML
---
|
|
# nginx is the proxy server
|
|
# nginx-light contains less modules
|
|
# but also reduces the surface of attack
|
|
- name: Install NGINX server
|
|
apt:
|
|
name: nginx-light
|
|
update_cache: true
|
|
register: apt_result
|
|
retries: 3
|
|
until: apt_result is succeeded
|
|
|
|
# Install proxy snippets
|
|
- name: Configure NGINX proxy snippets
|
|
template:
|
|
src: "nginx/snippets/{{ item }}.j2"
|
|
dest: "/etc/nginx/snippets/{{ item }}"
|
|
mode: 0644
|
|
loop:
|
|
- proxy-common.conf
|
|
- proxy-common-ssl.conf
|
|
notify: Reload NGINX service
|
|
|
|
# Install sites
|
|
- name: Configure NGINX sites
|
|
template:
|
|
src: nginx/nginx-sites-available.j2
|
|
dest: "/etc/nginx/sites-available/{{ item.name }}"
|
|
mode: 0644
|
|
loop: "{{ reversed_proxy_subdomains }}"
|
|
notify: Reload NGINX service
|
|
|
|
# Desactive useless nginx sites
|
|
- name: Deactivate the default NGINX site
|
|
file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|
|
notify: Reload NGINX service
|
|
|
|
# Activate sites
|
|
- name: Activate sites
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{ item.name }}"
|
|
dest: "/etc/nginx/sites-enabled/{{ item.name }}"
|
|
state: link
|
|
loop: "{{ reversed_proxy_subdomains }}"
|
|
notify: Reload NGINX service
|
|
|
|
# Install main site
|
|
- name: Configure NGINX main site
|
|
template:
|
|
src: nginx/nginx-sites-available-main.j2
|
|
dest: /etc/nginx/sites-available/main
|
|
mode: 0644
|
|
notify: Reload NGINX service
|
|
|
|
# Activate main site
|
|
- name: Activate main site
|
|
file:
|
|
src: /etc/nginx/sites-available/main
|
|
dest: /etc/nginx/sites-enabled/main
|
|
state: link
|
|
notify: Reload NGINX service
|