# # # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. # --- - name: apt-get update apt: update_cache: yes cache_valid_time: 86400 become: yes - name: install nginx apt: name: nginx state: latest become: yes - name: allow OpenSSH ufw: rule: allow name: "OpenSSH" state: enabled become: yes # It is recommended to enable the most restrictive profile # that will still allow the traffic you’ve configured. # Right now, we will only need to allow traffic on port 80. - name: allow traffic on port 80 ufw: rule: allow name: "Nginx HTTP" state: enabled # enable the ufw rule become: yes - name: create www directory at "/var/www/{{ ansible_host }}" file: path: /var/www/{{ ansible_host }} state: directory mode: '0775' owner: "{{ user }}" group: "{{ group }}" become: yes - name: copy sample index.html from {{ inventory_hostname }} to /var/www/{{ ansible_host }}/html template: > src={{ inventory_hostname }}/index.html.j2 dest="/var/www/{{ ansible_host }}/index.html" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" become: yes - name: delete default nginx config file: path: /etc/nginx/sites-enabled/default state: absent become: yes - name: copy nginx site.conf template: src: "{{ inventory_hostname }}/site.conf.j2" dest: /etc/nginx/sites-available/{{ ansible_host }} owner: root group: root mode: '0644' become: yes - name: link sample html to sites-enabled directory file: src: /etc/nginx/sites-available/{{ ansible_host }} dest: /etc/nginx/sites-enabled/{{ ansible_host }} state: link become: yes - name: adjust server_names_hash_bucket_size template: > src={{ inventory_hostname }}/nginx.conf.j2 dest="/etc/nginx/nginx.conf" owner="{{ user }}" group="{{ group }}" mode="u=rw,g=r,o=r" become: yes - name: allow HTTPS traffic ufw: rule: allow name: "Nginx Full" state: enabled # enable the ufw rule become: yes - name: delete redundant Nginx HTTP ufw: rule: allow name: "Nginx HTTP" delete: yes state: enabled # enable the ufw rule become: yes - name: Restart nginx service: name: nginx state: restarted become: yes - name: install certbot apt: name: - certbot - python3-certbot-nginx state: latest become: yes - name: Create certs directory ansible.builtin.file: path: "{{ user_home }}/certs" state: directory mode: '0755' become: yes