diff --git a/tasks/config.yml b/tasks/config.yml deleted file mode 100644 index ebbd396..0000000 --- a/tasks/config.yml +++ /dev/null @@ -1,133 +0,0 @@ ---- -- name: Prepare vhost directories - file: - path: '{{ item }}' - state: directory - owner: nginx - group: nginx - mode: 0750 - with_items: - - /var/www/vhosts - - /var/www/vhosts/default - -- name: Prepare nginx directories - file: - path: '{{ item }}' - state: directory - owner: root - group: root - mode: 0640 - with_items: - - /etc/nginx/sites-available - - /etc/nginx/sites-enabled - -- name: Add default page - template: - src: 'var/www/vhosts/default/index.html.j2' - dest: '/var/www/vhosts/default/index.html' - owner: nginx - group: nginx - mode: 0750 - -- name: Update nginx.conf - template: - src: 'etc/nginx/nginx.conf.j2' - dest: '/etc/nginx/nginx.conf' - owner: root - group: root - mode: 0640 - notify: - - nginx_reload - -- name: Update conf.d files - template: - src: 'etc/nginx/conf.d/{{ item }}.j2' - dest: '/etc/nginx/conf.d/{{ item }}' - owner: root - group: root - mode: 0640 - with_items: - - header.conf - - tls.conf - notify: - - nginx_reload - -- name: Remove default.conf from conf.d - file: - path: /etc/nginx/conf.d/default.conf - state: absent - -- name: Add default page config - template: - src: 'etc/nginx/sites-available/default.j2' - dest: '/etc/nginx/sites-available/default' - owner: root - group: root - mode: 0640 - notify: - - nginx_reload - -- name: Enable default page - file: - src: /etc/nginx/sites-available/default - dest: /etc/nginx/sites-enabled/default - owner: root - group: root - state: link - notify: - - nginx_reload - -- name: Copy ssl chained certs - copy: - content: '{{ ssl_chained_cert }}' - dest: /etc/pki/tls/certs/my-chained.crt - owner: root - group: root - mode: 0644 - notify: - - nginx_reload - -- name: Copy ssl intermediate cert - copy: - content: '{{ ssl_intermediate_cert }}' - dest: /etc/pki/tls/certs/my-intermediate.crt - owner: root - group: root - mode: 0644 - notify: - - nginx_reload - -- name: Copy ssl private key - copy: - content: '{{ ssl_priv_key }}' - dest: /etc/pki/tls/private/my-private.key - owner: root - group: root - mode: 0600 - notify: - - nginx_reload - -- name: Register dhparam file - stat: - path: "{{ dhparam_file }}" - register: dh_file - -- name: Generate Diffie-Hellman parameter file - shell: "/usr/bin/openssl dhparam -out '{{ dhparam_file }}' {{ dhparam_size }}" - async: 3600 - poll: 60 - when: dh_file.stat.exists == False - notify: - - nginx_reload - -- name: Open ports in iptables - iptables_raw: - name: allow_nginx_ports - state: present - rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports|join(",") }} -j ACCEPT' - -- name: Enable nginx service - service: - name: nginx - enabled: yes - state: started diff --git a/tasks/install.yml b/tasks/install.yml index 8944176..b7b36d9 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -7,3 +7,136 @@ yum: name: nginx state: latest + +- name: Prepare vhost directories + file: + path: '{{ item }}' + state: directory + owner: nginx + group: nginx + mode: 0750 + with_items: + - /var/www/vhosts + - /var/www/vhosts/default + +- name: Prepare nginx directories + file: + path: '{{ item }}' + state: directory + owner: root + group: root + mode: 0640 + with_items: + - /etc/nginx/sites-available + - /etc/nginx/sites-enabled + +- name: Add default page + template: + src: 'var/www/vhosts/default/index.html.j2' + dest: '/var/www/vhosts/default/index.html' + owner: nginx + group: nginx + mode: 0750 + +- name: Update nginx.conf + template: + src: 'etc/nginx/nginx.conf.j2' + dest: '/etc/nginx/nginx.conf' + owner: root + group: root + mode: 0640 + notify: + - nginx_reload + +- name: Update conf.d files + template: + src: 'etc/nginx/conf.d/{{ item }}.j2' + dest: '/etc/nginx/conf.d/{{ item }}' + owner: root + group: root + mode: 0640 + with_items: + - header.conf + - tls.conf + notify: + - nginx_reload + +- name: Remove default.conf from conf.d + file: + path: /etc/nginx/conf.d/default.conf + state: absent + +- name: Add default page config + template: + src: 'etc/nginx/sites-available/default.j2' + dest: '/etc/nginx/sites-available/default' + owner: root + group: root + mode: 0640 + notify: + - nginx_reload + +- name: Enable default page + file: + src: /etc/nginx/sites-available/default + dest: /etc/nginx/sites-enabled/default + owner: root + group: root + state: link + notify: + - nginx_reload + +- name: Copy ssl chained certs + copy: + content: '{{ ssl_chained_cert }}' + dest: /etc/pki/tls/certs/my-chained.crt + owner: root + group: root + mode: 0644 + notify: + - nginx_reload + +- name: Copy ssl intermediate cert + copy: + content: '{{ ssl_intermediate_cert }}' + dest: /etc/pki/tls/certs/my-intermediate.crt + owner: root + group: root + mode: 0644 + notify: + - nginx_reload + +- name: Copy ssl private key + copy: + content: '{{ ssl_priv_key }}' + dest: /etc/pki/tls/private/my-private.key + owner: root + group: root + mode: 0600 + notify: + - nginx_reload + +- name: Register dhparam file + stat: + path: "{{ dhparam_file }}" + register: dh_file + +- name: Generate Diffie-Hellman parameter file + shell: "/usr/bin/openssl dhparam -out '{{ dhparam_file }}' {{ dhparam_size }}" + async: 3600 + poll: 60 + when: dh_file.stat.exists == False + notify: + - nginx_reload + +- name: Open ports in iptables + iptables_raw: + name: allow_nginx_ports + state: present + rules: '-A INPUT -p tcp -m multiport --dports {{ nginx_open_ports|join(",") }} -j ACCEPT' + +- name: Enable nginx service + service: + name: nginx + enabled: yes + state: started diff --git a/tasks/main.yml b/tasks/main.yml index 1869ca1..a48ceb8 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,3 +1,2 @@ --- - include_tasks: install.yml -- include_tasks: config.yml