Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / nginx / 7aa0caf03faf585962cadf068c2cab5e2b532515 / . / tasks / main.yml
blob: b9d7f7bb8099fad0e56fe2d20109a7430e9667ec [file] [log] [blame]
Zack Williamsb313bae2020-04-22 22:00:53 -0700[diff] [blame]1---
2# nginx tasks/main.yml
3#
4# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
5# SPDX-License-Identifier: Apache-2.0
6
7- name: include OS-specific vars
8 include_vars: "{{ ansible_os_family }}.yml"
9
10- name: include OS-specific tasks
11 include_tasks: "{{ ansible_os_family }}.yml"
12
13- name: Create Static Virtualhost root directories
14 when: >
15 (item.proxy_pass is not defined or not item.proxy_pass) and
16 (item.redirect_url is not defined)
17 file:
18 state: directory
19 path: "{{ nginx_static_dir }}/{{ item.name }}"
20 owner: "{{ item.owner | default('root') }}"
21 group: "{{ nginx_groupname }}"
22 mode: 0755
23 with_items: "{{ vhosts }}"
24
25- name: Create directory for ACME challenges files
26 file:
27 state: directory
28 path: "{{ acme_challenge_dir }}"
29 owner: "{{ acme_username }}"
30 group: "{{ nginx_groupname }}"
31 mode: 0755
32
33- name: Create directory for auth_basic htpasswd files
34 file:
35 state: directory
36 path: "{{ nginx_auth_basic_dir }}"
37 owner: root
38 group: "{{ nginx_groupname }}"
39 mode: 0750
40
41- name: Create auth_basic htpasswd files
42 htpasswd:
43 name: "{{ item.1.name }}"
44 password: "{{ item.1.password }}"
45 path: "{{ nginx_auth_basic_dir }}/{{ item.0.scope }}.htpasswd"
46 owner: root
47 group: "{{ nginx_groupname }}"
48 mode: 0640
49 crypt_scheme: ldap_salted_sha1
50 with_subelements:
51 - "{{ auth_scopes }}"
52 - users
53 no_log: true
54
55# file obtained on 2020-07-05 from https://ssl-config.mozilla.org/ffdhe2048.txt
56- name: Copy over Mozilla-supplied dhparam config file
57 copy:
58 src: "ffdhe2048.txt"
59 dest: "{{ nginx_conf_dir }}/dhparam"
60 owner: root
61 group: "{{ nginx_groupname }}"
62 mode: 0644
63
Zack Williams59e13452020-10-14 00:24:21 -0700[diff] [blame]64# file from example on nginx wiki:
65# https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/
66- name: Copy over fastcgi_params config file
67 copy:
68 src: "fastcgi_params"
69 dest: "{{ nginx_conf_dir }}/fastcgi_params"
70 owner: root
71 group: "{{ nginx_groupname }}"
72 mode: 0644
73
Zack Williamsb313bae2020-04-22 22:00:53 -0700[diff] [blame]74- name: Global NGINX configuration from template
75 template:
76 src: "nginx.conf.j2"
77 dest: "{{ nginx_conf_dir }}/nginx.conf"
78 owner: root
79 group: "{{ nginx_groupname }}"
80 mode: 0644
81 backup: true
Zack Williamsd75a6a12020-11-23 10:14:32 -0700[diff] [blame]82 # validate: "nginx -t -c %s"
Zack Williamsb313bae2020-04-22 22:00:53 -0700[diff] [blame]83 notify:
84 - test-nginx-config
85 - reload-nginx
86
87# this is needed when using the NGINX apt repo, already exists in the
88# ubuntu/debian distro version
89- name: Create sites-available and sites-enabled directories
90 file:
91 state: directory
92 path: "{{ nginx_conf_dir }}/{{ item }}"
93 owner: root
94 group: "{{ nginx_groupname }}"
95 mode: 0755
96 with_items:
97 - "sites-available"
98 - "sites-enabled"
99
100- name: Create VirtualHost configurations from template
101 template:
102 src: "vhost.conf.j2"
103 dest: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
104 owner: root
105 group: "{{ nginx_groupname }}"
106 mode: 0644
107 backup: true
108 with_items: "{{ vhosts }}"
109 notify:
110 - test-nginx-config
111 - reload-nginx
112
113- name: Disable default host
114 file:
115 state: absent
116 path: "{{ nginx_conf_dir }}/sites-enabled/default"
117
118- name: Enable VirtualHosts via symlink
119 file:
120 state: link
121 src: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf"
122 dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item.name }}.conf"
123 owner: root
124 group: "{{ nginx_groupname }}"
125 with_items: "{{ vhosts }}"
126 notify:
127 - test-nginx-config
128 - reload-nginx
129
130- name: Flush handlers to reconfigure before dependent roles run (acme, etc.)
131 meta: flush_handlers