ansible-hessnet/roles/nginx_server/tasks/nginx.yml

57 lines
1.4 KiB
YAML
Raw Normal View History

2020-04-21 06:21:08 +00:00
---
- name: "Install nginx"
pacman:
name: "nginx"
state: "present"
- name: "Enable and start nginx service"
service:
name: "nginx"
enabled: "yes"
state: "started"
- name: "Create nginx config directory"
file:
path: "/etc/nginx/conf.d"
state: "directory"
- name: "Create nginx vhost directory"
file:
path: "/etc/nginx/sites"
state: "directory"
- name: "Create certbot directory"
file:
path: "/usr/share/nginx/letsencrypt"
state: "directory"
- name: "Copy base nginx.conf"
template:
src: "nginx.conf.j2"
dest: "/etc/nginx/nginx.conf"
notify: "reload nginx"
- name: "Install nginx site for letsencrypt requests"
template:
src: "nginx-http.j2"
dest: "/etc/nginx/sites/http"
notify: "reload nginx"
- name: "Force all notified nginx handlers to enable letsencrypt"
meta: "flush_handlers"
- name: "Create letsencrypt certificate"
shell: "certbot certonly -n --webroot -w /usr/share/nginx/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ domain_name }}"
args:
creates: "/etc/letsencrypt/live/{{ domain_name }}"
- name: "Generate dhparams"
shell: "openssl dhparam -out /etc/nginx/dhparams.pem 2048"
args:
creates: "/etc/nginx/dhparams.pem"
- name: "Install nginx site config"
template:
src: templates/nginx-https.j2
dest: /etc/nginx/sites/https
notify: "reload nginx"