summaryrefslogtreecommitdiffstats
path: root/roles/nginx/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/nginx/tasks/main.yml')
-rw-r--r--roles/nginx/tasks/main.yml59
1 files changed, 59 insertions, 0 deletions
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
new file mode 100644
index 0000000..da86af6
--- /dev/null
+++ b/roles/nginx/tasks/main.yml
@@ -0,0 +1,59 @@
+---
+
+- name: Install nginx
+ apt:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - nginx
+
+- name: Generate dhparams
+ command: openssl dhparam -out /etc/ssl/dh4096.pem 4096
+ args:
+ creates: /etc/ssl/dh4096.pem
+
+- name: Fix dhparams privileges
+ file:
+ path: /etc/ssl/dh4096.pem
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Deploy snippets
+ template:
+ src: "snippets/{{ item }}.j2"
+ dest: "/etc/nginx/snippets/{{ item }}"
+ owner: root
+ group: root
+ mode: 0644
+ with_items:
+ - common.conf
+ - ssl-common.conf
+
+- name: Check nginx default page
+ stat:
+ path: /etc/nginx/sites-enabled/default
+ register: stat_default
+
+- name: Delete nginx default page
+ file:
+ path: /etc/nginx/sites-enabled/default
+ state: absent
+ notify:
+ - restart nginx
+ when: stat_default.stat.islnk == True
+
+- name: Deploy temporary default page (with our snippets etc)
+ copy:
+ src: default
+ ## Do not deploy it as symlik
+ ## This method keeps default config available, provides necessary definitions (.well-known)
+ ## and the particular server ussually deletes /etc/nginx/sites-enabled/default
+ dest: /etc/nginx/sites-enabled/default
+ owner: root
+ group: root
+ mode: 0644
+ notify:
+ - restart nginx
+
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-22 23:10:15 +0100