roles/nginx/tasks/main.yaml
author Luke Hoersten <luke@hoersten.org>
Thu, 03 Jan 2019 20:46:13 -0600
changeset 69 be979818d483
parent 67 roles/nginx/base/tasks/main.yaml@bd34ae082697
child 75 d8c87a41cc6d
permissions -rw-r--r--
Lots of updates.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
61
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     1
---
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     2
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     3
- name: install nginx packages
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     4
  become: yes
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     5
  apt: name="nginx"
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
     6
69
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
     7
- name: install site
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
     8
  become: yes
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
     9
  template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    10
  notify: restart nginx
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    11
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    12
# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    13
- name: add certbot (letsencrypt) repo
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    14
  become: yes
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    15
  apt_repository: repo="ppa:certbot/certbot"
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    16
  when: nginx_enable_ssl
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    17
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    18
- name: install nginx packages
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    19
  become: yes
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    20
  apt: name="python-certbot-nginx"
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    21
  notify: restart nginx
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    22
  when: nginx_enable_ssl
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    23
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    24
- name: install certbot in nginx
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    25
  become: yes
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    26
  command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    27
  notify: restart nginx
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    28
  when: nginx_enable_ssl
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    29
61
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    30
- name: disable default site
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    31
  become: yes
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    32
  file: path="/etc/nginx/sites-enabled/default" state="absent"
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    33
  notify: restart nginx
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    34
69
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    35
- name: enable site
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    36
  become: yes
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    37
  file:
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    38
    src:  "/etc/nginx/sites-available/{{nginx_conf_dst}}"
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    39
    dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    40
    state: "link"
be979818d483 Lots of updates.
Luke Hoersten <luke@hoersten.org>
parents: 67
diff changeset
    41
  notify: restart nginx
61
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    42
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    43
- name: enable nginx service
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    44
  become: yes
2dd82d9e2103 Added nginx reverse proxy to pleroma.
Luke Hoersten <luke@hoersten.org>
parents:
diff changeset
    45
  systemd: name="nginx" enabled="yes" state="started"