ansible/xoxys.nginx
1
0
Fork 0
Code Issues Pull Requests Releases Activity

add generic iptables task
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2019-07-19 20:56:09 +02:00
parent fc57cb72bd
commit 93f7018f5c
2 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
defaults/main.yml
View File

@ -43,9 +43,12 @@ nginx_gzip_types:
- application/xml - application/xml
nginx_iptables_enabled: False nginx_iptables_enabled: False
nginx_open_ports: nginx_iptables_rules_default:
- 80 - name: allow_nginx_ports
- 443 rules: |
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
state: present
nginx_iptables_rules_extra: []
nginx_tls_enabled: False nginx_tls_enabled: False
nginx_tls_versions: nginx_tls_versions:

9
tasks/install.yml
View File

@ -78,9 +78,12 @@
- name: Open ports in iptables - name: Open ports in iptables
iptables_raw: iptables_raw:
name: allow_nginx_ports name: "{{ item.name }}"
state: present rules: "{{ item.rules }}"
rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports | join(",") }} -j ACCEPT' state: "{{ item.state }}"
weight: "{{ item.weight | default(omit) }}"
table: "{{ item.table | default(omit) }}"
loop: "{{ nginx_iptables_rules_default + nginx_iptables_rules_extra }}"
when: nginx_iptables_enabled | bool when: nginx_iptables_enabled | bool
- name: Set selinux booleans - name: Set selinux booleans