diff options
| author | Luke Hoersten <[email protected]> | 2018-08-20 10:22:45 -0500 |
|---|---|---|
| committer | Luke Hoersten <[email protected]> | 2018-08-20 10:22:45 -0500 |
| commit | 90136b7be49f974d624dac4ee638d6176bf0d80b (patch) | |
| tree | c8322b10ffbc0fe450493ac6969c4b001c5b40bc /roles/nginx | |
| parent | 608c3aa2dd6a35d8fe434d60822314cc23bd4314 (diff) | |
Added nginx reverse proxy to pleroma.
Diffstat (limited to 'roles/nginx')
| -rw-r--r-- | roles/nginx/defaults/main.yaml | 6 | ||||
| -rw-r--r-- | roles/nginx/handlers/main.yaml | 4 | ||||
| -rw-r--r-- | roles/nginx/tasks/certbot.yaml | 17 | ||||
| -rw-r--r-- | roles/nginx/tasks/main.yaml | 38 |
4 files changed, 65 insertions, 0 deletions
diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml new file mode 100644 index 0000000..895ce1d --- /dev/null +++ b/roles/nginx/defaults/main.yaml @@ -0,0 +1,6 @@ +--- + +nginx_enable_ssl: No +nginx_port: 80 +nginx_ssl_port: 443 +nginx_server_name: "{{ansible_host}}" diff --git a/roles/nginx/handlers/main.yaml b/roles/nginx/handlers/main.yaml new file mode 100644 index 0000000..ce43c17 --- /dev/null +++ b/roles/nginx/handlers/main.yaml @@ -0,0 +1,4 @@ +--- +- name: restart nginx + become: yes + systemd: name="nginx" state="restarted" daemon_reload="yes" diff --git a/roles/nginx/tasks/certbot.yaml b/roles/nginx/tasks/certbot.yaml new file mode 100644 index 0000000..b7fbe8d --- /dev/null +++ b/roles/nginx/tasks/certbot.yaml @@ -0,0 +1,17 @@ +--- + +# https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx + +- name: add certbot (letsencrypt) repo + become: yes + apt_repository: repo="ppa:certbot/certbot" + +- name: install nginx packages + become: yes + apt: name="python-certbot-nginx" + notify: restart nginx + +- name: install certbot in nginx + become: yes + command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}" + notify: restart nginx diff --git a/roles/nginx/tasks/main.yaml b/roles/nginx/tasks/main.yaml new file mode 100644 index 0000000..77448ff --- /dev/null +++ b/roles/nginx/tasks/main.yaml @@ -0,0 +1,38 @@ +--- + +- name: set hostname in OS + become: yes + hostname: name="{{inventory_hostname}}" + +- name: change timezone to UTC + become: yes + timezone: name="UTC" + +- name: install nginx packages + become: yes + apt: name="nginx" + +- name: disable default site + become: yes + file: path="/etc/nginx/sites-enabled/default" state="absent" + notify: restart nginx + +- name: install site + become: yes + template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}" + notify: restart nginx + +- import_tasks: certbot.yaml + when: nginx_enable_ssl + +- name: enable site + become: yes + file: + src: "/etc/nginx/sites-available/{{nginx_conf_dst}}" + dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}" + state: "link" + notify: restart nginx + +- name: enable nginx service + become: yes + systemd: name="nginx" enabled="yes" state="started" |