73 lines
1.9 KiB
YAML
73 lines
1.9 KiB
YAML
|
---
|
||
|
- name: ensure nginx is at the latest version
|
||
|
apt:
|
||
|
name: nginx-full
|
||
|
state: latest
|
||
|
|
||
|
- name: ensure default nginx site is disabled
|
||
|
file:
|
||
|
path: /etc/nginx/sites-enabled/default
|
||
|
state: absent
|
||
|
|
||
|
# - name: start nginx
|
||
|
# systemd:
|
||
|
# name: nginx.service
|
||
|
# state: started
|
||
|
# enabled: true
|
||
|
|
||
|
- name: copy custom configuration
|
||
|
template:
|
||
|
src: "{{ item.src }}"
|
||
|
dest: /etc/nginx
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
with_filetree: templates/nginx/custom_configs/
|
||
|
when: item.state == "file"
|
||
|
notify: reload_nginx
|
||
|
|
||
|
- name: add per-domain ssl configuration
|
||
|
template:
|
||
|
src: templates/nginx/ssl.conf.j2
|
||
|
dest: "/etc/nginx/ssl_{{ item.domain_name }}.conf"
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
vars:
|
||
|
domain_name: "{{ item.domain_name }}"
|
||
|
with_items: "{{ gateway.proxied_services }}"
|
||
|
|
||
|
- name: add password file for sites that are password-protected
|
||
|
htpasswd:
|
||
|
path: "{{ item.password_file }}"
|
||
|
name: "{{ item.username }}"
|
||
|
password: "{{ item.password }}"
|
||
|
owner: "{{ item.owner|default('root') }}"
|
||
|
group: "{{ item.group|default('www-data') }}"
|
||
|
mode: 0640
|
||
|
when: item.password_protect|default(false)
|
||
|
loop: "{{ gateway.proxied_services }}"
|
||
|
|
||
|
- name: add nginx configuration (only http)
|
||
|
template:
|
||
|
src: templates/nginx/sites.conf.j2
|
||
|
dest: "/etc/nginx/sites-available/{{ item.domain_name }}.conf"
|
||
|
owner: root
|
||
|
group: root
|
||
|
mode: '0644'
|
||
|
vars:
|
||
|
service: "{{ item }}"
|
||
|
with_items: "{{ gateway.proxied_services }}"
|
||
|
notify: reload_nginx
|
||
|
|
||
|
- name: enable nginx http configuration
|
||
|
file:
|
||
|
src: "/etc/nginx/sites-available/{{ item.domain_name }}.conf"
|
||
|
dest: "/etc/nginx/sites-enabled/{{ item.domain_name }}.conf"
|
||
|
state: link
|
||
|
with_items: "{{ gateway.proxied_services }}"
|
||
|
notify: reload_nginx
|
||
|
|
||
|
- name: Force all notified handlers to run at this point, not waiting for normal sync points
|
||
|
meta: flush_handlers
|