refactoring
This commit is contained in:
parent
2958937a7b
commit
058e44e57c
@ -1,4 +1,6 @@
|
|||||||
---
|
---
|
||||||
|
nginx_user: nginx
|
||||||
|
nginx_group: nginx
|
||||||
nginx_open_ports:
|
nginx_open_ports:
|
||||||
- 80
|
- 80
|
||||||
- 443
|
- 443
|
||||||
@ -9,3 +11,6 @@ nginx_tls_intermediate_ca: ""
|
|||||||
nginx_pfs_enabled: False
|
nginx_pfs_enabled: False
|
||||||
nginx_dhparam_size: '4069'
|
nginx_dhparam_size: '4069'
|
||||||
nginx_dhparam_file: '/etc/pki/tls/certs/dhparam-{{ nginx_dhparam_size }}.pem'
|
nginx_dhparam_file: '/etc/pki/tls/certs/dhparam-{{ nginx_dhparam_size }}.pem'
|
||||||
|
nginx_tls_cert_file: "/etc/pki/tls/certs/my-chained.crt"
|
||||||
|
nginx_tls_intermediate_ca_file: "/etc/pki/tls/certs/my-intermediate.crt"
|
||||||
|
nginx_tls_private_key_file: "/etc/pki/tls/private/my-private.key"
|
||||||
|
@ -14,6 +14,20 @@
|
|||||||
name: nginx
|
name: nginx
|
||||||
state: installed
|
state: installed
|
||||||
|
|
||||||
|
- name: Create group '{{ nginx_group }}'
|
||||||
|
group:
|
||||||
|
name: "{{ nginx_group }}"
|
||||||
|
state: present
|
||||||
|
when: nginx_group != "nginx"
|
||||||
|
|
||||||
|
- name: Create user '{{ nginx_user }}'
|
||||||
|
user:
|
||||||
|
name: "{{ nginx_user }}"
|
||||||
|
group: "{{ nginx_group }}"
|
||||||
|
createhome: no
|
||||||
|
shell: /sbin/nologin
|
||||||
|
when: nginx_user != "nginx"
|
||||||
|
|
||||||
- name: Prepare vhost directories
|
- name: Prepare vhost directories
|
||||||
file:
|
file:
|
||||||
path: '{{ item }}'
|
path: '{{ item }}'
|
||||||
@ -95,8 +109,8 @@
|
|||||||
- block:
|
- block:
|
||||||
- name: Copy tls certificate
|
- name: Copy tls certificate
|
||||||
copy:
|
copy:
|
||||||
content: '{{ nginx_tls_cert }}'
|
content: "{{ nginx_tls_cert }}"
|
||||||
dest: /etc/pki/tls/certs/my-chained.crt
|
dest: "{{ nginx_tls_cert_file }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
@ -105,8 +119,8 @@
|
|||||||
|
|
||||||
- name: Copy ssl intermediate cert
|
- name: Copy ssl intermediate cert
|
||||||
copy:
|
copy:
|
||||||
content: '{{ nginx_tls_intermediate_ca }}'
|
content: "{{ nginx_tls_intermediate_ca }}"
|
||||||
dest: /etc/pki/tls/certs/my-intermediate.crt
|
dest: "{{ nginx_tls_intermediate_ca_file }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0644
|
mode: 0644
|
||||||
@ -115,8 +129,8 @@
|
|||||||
|
|
||||||
- name: Copy tls private key
|
- name: Copy tls private key
|
||||||
copy:
|
copy:
|
||||||
content: '{{ nginx_tls_private_key }}'
|
content: "{{ nginx_tls_private_key }}"
|
||||||
dest: /etc/pki/tls/private/my-private.key
|
dest: "{{ nginx_tls_private_key_file }}"
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
mode: 0600
|
mode: 0600
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
user nginx;
|
user {{ nginx_user }} {{ nginx_group }};
|
||||||
worker_processes 1;
|
worker_processes 1;
|
||||||
|
|
||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
|
Loading…
Reference in New Issue
Block a user