| --- |
| # nginx tasks/main.yml |
| # |
| # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| - name: include OS-specific vars |
| include_vars: "{{ ansible_os_family }}.yml" |
| |
| - name: include OS-specific tasks |
| include_tasks: "{{ ansible_os_family }}.yml" |
| |
| - name: Create Static Virtualhost root directories |
| when: > |
| (item.proxy_pass is not defined or not item.proxy_pass) and |
| (item.redirect_url is not defined) |
| file: |
| state: directory |
| path: "{{ nginx_static_dir }}/{{ item.name }}" |
| owner: "{{ item.owner | default('root') }}" |
| group: "{{ nginx_groupname }}" |
| mode: 0755 |
| with_items: "{{ vhosts }}" |
| |
| - name: Create directory for ACME challenges files |
| file: |
| state: directory |
| path: "{{ acme_challenge_dir }}" |
| owner: "{{ acme_username }}" |
| group: "{{ nginx_groupname }}" |
| mode: 0755 |
| |
| - name: Create directory for auth_basic htpasswd files |
| file: |
| state: directory |
| path: "{{ nginx_auth_basic_dir }}" |
| owner: root |
| group: "{{ nginx_groupname }}" |
| mode: 0750 |
| |
| - name: Create auth_basic htpasswd files |
| htpasswd: |
| name: "{{ item.1.name }}" |
| password: "{{ item.1.password }}" |
| path: "{{ nginx_auth_basic_dir }}/{{ item.0.scope }}.htpasswd" |
| owner: root |
| group: "{{ nginx_groupname }}" |
| mode: 0640 |
| crypt_scheme: ldap_salted_sha1 |
| with_subelements: |
| - "{{ auth_scopes }}" |
| - users |
| no_log: true |
| |
| # file obtained on 2020-07-05 from https://ssl-config.mozilla.org/ffdhe2048.txt |
| - name: Copy over Mozilla-supplied dhparam config file |
| copy: |
| src: "ffdhe2048.txt" |
| dest: "{{ nginx_conf_dir }}/dhparam" |
| owner: root |
| group: "{{ nginx_groupname }}" |
| mode: 0644 |
| |
| - name: Global NGINX configuration from template |
| template: |
| src: "nginx.conf.j2" |
| dest: "{{ nginx_conf_dir }}/nginx.conf" |
| owner: root |
| group: "{{ nginx_groupname }}" |
| mode: 0644 |
| backup: true |
| validate: "nginx -t -c %s" |
| notify: |
| - test-nginx-config |
| - reload-nginx |
| |
| # this is needed when using the NGINX apt repo, already exists in the |
| # ubuntu/debian distro version |
| - name: Create sites-available and sites-enabled directories |
| file: |
| state: directory |
| path: "{{ nginx_conf_dir }}/{{ item }}" |
| owner: root |
| group: "{{ nginx_groupname }}" |
| mode: 0755 |
| with_items: |
| - "sites-available" |
| - "sites-enabled" |
| |
| - name: Create VirtualHost configurations from template |
| template: |
| src: "vhost.conf.j2" |
| dest: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf" |
| owner: root |
| group: "{{ nginx_groupname }}" |
| mode: 0644 |
| backup: true |
| with_items: "{{ vhosts }}" |
| notify: |
| - test-nginx-config |
| - reload-nginx |
| |
| - name: Disable default host |
| file: |
| state: absent |
| path: "{{ nginx_conf_dir }}/sites-enabled/default" |
| |
| - name: Enable VirtualHosts via symlink |
| file: |
| state: link |
| src: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf" |
| dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item.name }}.conf" |
| owner: root |
| group: "{{ nginx_groupname }}" |
| with_items: "{{ vhosts }}" |
| notify: |
| - test-nginx-config |
| - reload-nginx |
| |
| - name: Flush handlers to reconfigure before dependent roles run (acme, etc.) |
| meta: flush_handlers |