109 lines
2.5 KiB
YAML
109 lines
2.5 KiB
YAML
---
|
|
- set_fact:
|
|
nginx_certs: "{{ nginx.vhosts|nginx_vhosts_to_certificates }}"
|
|
inventory_certs: "{{ certificates.certs|d({}) }}"
|
|
selfsigned_cert: "{ '{{ inventory_hostname }}': { 'backend': 'selfsigned' }}"
|
|
|
|
- include_role:
|
|
name: certificates
|
|
vars:
|
|
certificates:
|
|
certs: "{{ {}|combine( (selfsigned_cert|from_yaml if nginx.snakeoil_default else {}), nginx_certs, inventory_certs, recursive=True) }}"
|
|
|
|
- debug:
|
|
verbosity: 1
|
|
var: nginx
|
|
|
|
- name: install nginx
|
|
apt:
|
|
pkg:
|
|
- nginx
|
|
- libnginx-mod-http-headers-more-filter
|
|
notify:
|
|
- delete nginx index.nginx-debian.html
|
|
- restart nginx
|
|
|
|
- name: copy configs
|
|
copy:
|
|
src: config/
|
|
dest: /etc/nginx/
|
|
directory_mode: 0755
|
|
group: root
|
|
owner: root
|
|
mode: 0644
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: execute ssl template
|
|
template:
|
|
src: ssl_files.conf.j2
|
|
dest: /etc/nginx/conf.d/ssl_files.conf
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: execute dns template
|
|
template:
|
|
src: dns.conf.j2
|
|
dest: /etc/nginx/conf.d/dns.conf
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: execute upstream template
|
|
template:
|
|
src: upstreams.conf.j2
|
|
dest: /etc/nginx/conf.d/upstreams.conf
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: execute proxy template
|
|
template:
|
|
src: proxy.conf.j2
|
|
dest: /etc/nginx/conf.d/proxy.conf
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: execute maps template
|
|
template:
|
|
src: maps.conf.j2
|
|
dest: /etc/nginx/conf.d/maps.conf
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: create nginx vhosts
|
|
template:
|
|
src: vhost.conf.j2
|
|
dest: "/etc/nginx/sites-available/{{ item.key }}"
|
|
with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}), nginx.vhosts, recursive=True) }}"
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: enable nginx vhosts
|
|
file:
|
|
src: "/etc/nginx/sites-available/{{ item.key }}"
|
|
path: "/etc/nginx/sites-enabled/{{ item.key }}"
|
|
state: link
|
|
with_dict: "{{ {}|combine((nginx_forcessl_vhost if nginx.force_ssl else {}), nginx.vhosts, recursive=True) }}"
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: delete nginx default config
|
|
file: path=/etc/nginx/sites-enabled/default state=absent
|
|
|
|
- name: copy nginx status config
|
|
copy:
|
|
src: monitoring
|
|
dest: /etc/nginx/sites-available/nginx-status
|
|
mode: 0755
|
|
notify:
|
|
- restart nginx
|
|
|
|
- name: activate nginx status config
|
|
file:
|
|
path: /etc/nginx/sites-enabled/nginx-status
|
|
src: /etc/nginx/sites-available/nginx-status
|
|
state: link
|
|
notify:
|
|
- restart nginx
|
|
|
|
- include_tasks: php-fpm.yml
|
|
when: nginx.php
|