| Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 1 | --- |
| 2 | # nginx tasks/main.yml |
| 3 | # |
| 4 | # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| 5 | # SPDX-License-Identifier: Apache-2.0 |
| 6 | |
| 7 | - name: include OS-specific vars |
| 8 | include_vars: "{{ ansible_os_family }}.yml" |
| 9 | |
| Hyunsun Moon | ffb66f8 | 2021-12-02 13:51:09 -0800 | [diff] [blame^] | 10 | - name: include OS-specific package repo updates |
| 11 | include_tasks: "{{ ansible_os_family }}-repo.yml" |
| 12 | when: nginx_add_package_repo | bool |
| 13 | |
| Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 14 | - name: include OS-specific tasks |
| 15 | include_tasks: "{{ ansible_os_family }}.yml" |
| 16 | |
| 17 | - name: Create Static Virtualhost root directories |
| 18 | when: > |
| 19 | (item.proxy_pass is not defined or not item.proxy_pass) and |
| 20 | (item.redirect_url is not defined) |
| 21 | file: |
| 22 | state: directory |
| 23 | path: "{{ nginx_static_dir }}/{{ item.name }}" |
| 24 | owner: "{{ item.owner | default('root') }}" |
| 25 | group: "{{ nginx_groupname }}" |
| 26 | mode: 0755 |
| 27 | with_items: "{{ vhosts }}" |
| 28 | |
| 29 | - name: Create directory for ACME challenges files |
| 30 | file: |
| 31 | state: directory |
| 32 | path: "{{ acme_challenge_dir }}" |
| 33 | owner: "{{ acme_username }}" |
| 34 | group: "{{ nginx_groupname }}" |
| 35 | mode: 0755 |
| 36 | |
| 37 | - name: Create directory for auth_basic htpasswd files |
| 38 | file: |
| 39 | state: directory |
| 40 | path: "{{ nginx_auth_basic_dir }}" |
| 41 | owner: root |
| 42 | group: "{{ nginx_groupname }}" |
| 43 | mode: 0750 |
| 44 | |
| 45 | - name: Create auth_basic htpasswd files |
| 46 | htpasswd: |
| 47 | name: "{{ item.1.name }}" |
| 48 | password: "{{ item.1.password }}" |
| 49 | path: "{{ nginx_auth_basic_dir }}/{{ item.0.scope }}.htpasswd" |
| 50 | owner: root |
| 51 | group: "{{ nginx_groupname }}" |
| 52 | mode: 0640 |
| 53 | crypt_scheme: ldap_salted_sha1 |
| 54 | with_subelements: |
| 55 | - "{{ auth_scopes }}" |
| 56 | - users |
| 57 | no_log: true |
| 58 | |
| 59 | # file obtained on 2020-07-05 from https://ssl-config.mozilla.org/ffdhe2048.txt |
| 60 | - name: Copy over Mozilla-supplied dhparam config file |
| 61 | copy: |
| 62 | src: "ffdhe2048.txt" |
| 63 | dest: "{{ nginx_conf_dir }}/dhparam" |
| 64 | owner: root |
| 65 | group: "{{ nginx_groupname }}" |
| 66 | mode: 0644 |
| 67 | |
| Zack Williams | 59e1345 | 2020-10-14 00:24:21 -0700 | [diff] [blame] | 68 | # file from example on nginx wiki: |
| 69 | # https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/ |
| 70 | - name: Copy over fastcgi_params config file |
| 71 | copy: |
| 72 | src: "fastcgi_params" |
| 73 | dest: "{{ nginx_conf_dir }}/fastcgi_params" |
| 74 | owner: root |
| 75 | group: "{{ nginx_groupname }}" |
| 76 | mode: 0644 |
| 77 | |
| Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 78 | - name: Global NGINX configuration from template |
| 79 | template: |
| 80 | src: "nginx.conf.j2" |
| 81 | dest: "{{ nginx_conf_dir }}/nginx.conf" |
| 82 | owner: root |
| 83 | group: "{{ nginx_groupname }}" |
| 84 | mode: 0644 |
| 85 | backup: true |
| Zack Williams | d75a6a1 | 2020-11-23 10:14:32 -0700 | [diff] [blame] | 86 | # validate: "nginx -t -c %s" |
| Zack Williams | b313bae | 2020-04-22 22:00:53 -0700 | [diff] [blame] | 87 | notify: |
| 88 | - test-nginx-config |
| 89 | - reload-nginx |
| 90 | |
| 91 | # this is needed when using the NGINX apt repo, already exists in the |
| 92 | # ubuntu/debian distro version |
| 93 | - name: Create sites-available and sites-enabled directories |
| 94 | file: |
| 95 | state: directory |
| 96 | path: "{{ nginx_conf_dir }}/{{ item }}" |
| 97 | owner: root |
| 98 | group: "{{ nginx_groupname }}" |
| 99 | mode: 0755 |
| 100 | with_items: |
| 101 | - "sites-available" |
| 102 | - "sites-enabled" |
| 103 | |
| 104 | - name: Create VirtualHost configurations from template |
| 105 | template: |
| 106 | src: "vhost.conf.j2" |
| 107 | dest: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf" |
| 108 | owner: root |
| 109 | group: "{{ nginx_groupname }}" |
| 110 | mode: 0644 |
| 111 | backup: true |
| 112 | with_items: "{{ vhosts }}" |
| 113 | notify: |
| 114 | - test-nginx-config |
| 115 | - reload-nginx |
| 116 | |
| 117 | - name: Disable default host |
| 118 | file: |
| 119 | state: absent |
| 120 | path: "{{ nginx_conf_dir }}/sites-enabled/default" |
| 121 | |
| 122 | - name: Enable VirtualHosts via symlink |
| 123 | file: |
| 124 | state: link |
| 125 | src: "{{ nginx_conf_dir }}/sites-available/{{ item.name }}.conf" |
| 126 | dest: "{{ nginx_conf_dir }}/sites-enabled/{{ item.name }}.conf" |
| 127 | owner: root |
| 128 | group: "{{ nginx_groupname }}" |
| 129 | with_items: "{{ vhosts }}" |
| 130 | notify: |
| 131 | - test-nginx-config |
| 132 | - reload-nginx |
| 133 | |
| 134 | - name: Flush handlers to reconfigure before dependent roles run (acme, etc.) |
| 135 | meta: flush_handlers |