--- - block: - name: Add nginx repository yum_repository: name: nginx file: nginx description: NGINX High Performance Web Server baseurl: "https://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/" gpgkey: https://nginx.org/keys/nginx_signing.key gpgcheck: yes when: nginx_official_repo_enabled | bool - name: Installing nginx package: name: nginx state: present - name: Create group '{{ nginx_group }}' group: name: "{{ nginx_group }}" state: present when: nginx_group != "nginx" - name: Create user '{{ nginx_user }}' user: name: "{{ nginx_user }}" group: "{{ nginx_group }}" createhome: no shell: /sbin/nologin when: nginx_user != "nginx" - name: Prepare vhost directories file: path: "{{ item }}" state: directory owner: "{{ nginx_user }}" group: "{{ nginx_group }}" mode: 0750 loop: - "{{ nginx_vhosts_dir }}" - "{{ nginx_vhosts_dir }}/default" - name: Prepare nginx directories file: path: "{{ item }}" state: directory owner: root group: root mode: 0640 loop: - /etc/nginx/sites-available - /etc/nginx/sites-enabled - name: Update nginx.conf template: src: etc/nginx/nginx.conf.j2 dest: "/etc/nginx/nginx.conf" owner: root group: root mode: 0640 validate: /sbin/nginx -t -c %s notify: __nginx_reload - name: Remove default.conf from conf.d file: path: /etc/nginx/conf.d/default.conf state: absent - name: Update header.conf template: src: etc/nginx/conf.d/header.conf.j2 dest: /etc/nginx/conf.d/header.conf owner: root group: root mode: 0640 validate: /bin/bash -c 'nginx -t -c /dev/stdin <<< "events {worker_connections 10;} http { include %s; }"' notify: __nginx_reload - name: Open ports in iptables iptables_raw: name: "{{ item.name }}" rules: "{{ item.rules }}" state: "{{ item.state }}" weight: "{{ item.weight | default(omit) }}" table: "{{ item.table | default(omit) }}" loop: "{{ nginx_iptables_rules_default + nginx_iptables_rules_extra }}" when: nginx_iptables_enabled | bool - name: Set selinux booleans seboolean: name: "{{ item.name }}" state: "{{ item.state }}" persistent: "{{ item.persistent }}" loop: "{{ nginx_set_sebooleans }}" when: nginx_set_sebooleans is defined - name: Fix selinux file context mappaing for pid file sefcontext: target: '/var/run/nginx(/.*)?' setype: httpd_var_run_t state: present - name: Apply new SELinux file context to filesystem command: restorecon -irv /var/run changed_when: False become: True become_user: root - block: - name: Add default page template: src: var/www/vhosts/default/index.html.j2 dest: /var/www/vhosts/default/index.html owner: "{{ nginx_user }}" group: "{{ nginx_group }}" mode: 0750 become: True become_user: "{{ nginx_user }}" - block: - name: Add vhost configurations template: src: etc/nginx/sites-available/vhost.j2 dest: "/etc/nginx/sites-available/{{ item.file }}" owner: root group: root mode: 0640 validate: /bin/bash -c 'nginx -t -c /dev/stdin <<< "events {worker_connections 10;} http { include %s; }"' loop: "{{ nginx_vhosts_default + nginx_vhosts_extra }}" loop_control: label: "{{ item.file }}" notify: __nginx_reload - name: Enable vhosts file: src: "/etc/nginx/sites-available/{{ item.file }}" dest: "/etc/nginx/sites-enabled/{{ item.file }}" state: "{{ 'link' if item.enabled | default(True) | bool else 'absent' }}" loop: "{{ nginx_vhosts_default + nginx_vhosts_extra }}" loop_control: label: "{{ item.file }}" notify: __nginx_reload become: True become_user: root