roles: Add nginx (for debian)
This commit is contained in:
parent
2803c0aaea
commit
1bcada7ffe
5 changed files with 52 additions and 0 deletions
2
roles/nginx/defaults/main.yml
Normal file
2
roles/nginx/defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
#nginx_acme_mail: "" # required
|
5
roles/nginx/handlers/main.yml
Normal file
5
roles/nginx/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- name: reload nginx
|
||||||
|
systemd:
|
||||||
|
state: reloaded
|
||||||
|
name: nginx
|
29
roles/nginx/tasks/main.yml
Normal file
29
roles/nginx/tasks/main.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
- name: Install webserver
|
||||||
|
package:
|
||||||
|
state: latest
|
||||||
|
name:
|
||||||
|
- nginx
|
||||||
|
- dehydrated
|
||||||
|
|
||||||
|
- name: acme mail
|
||||||
|
copy:
|
||||||
|
dest: "/etc/dehydrated/conf.d/mail"
|
||||||
|
content: "CONTACT_EMAIL={{ nginx_acme_mail }}"
|
||||||
|
|
||||||
|
- name: get let's encrypt account
|
||||||
|
command: /usr/bin/dehydrated --register --accept-terms
|
||||||
|
args:
|
||||||
|
creates: /var/lib/dehydrated/accounts
|
||||||
|
|
||||||
|
- name: nginx default config
|
||||||
|
notify: reload nginx
|
||||||
|
template:
|
||||||
|
src: default.nginx
|
||||||
|
dest: /etc/nginx/sites-available/default
|
||||||
|
|
||||||
|
- name: nginx snippets for acme
|
||||||
|
notify: reload nginx
|
||||||
|
template:
|
||||||
|
src: snippets-tls.nginx
|
||||||
|
dest: /etc/nginx/snippets/tls-acme.conf
|
12
roles/nginx/templates/default.nginx
Normal file
12
roles/nginx/templates/default.nginx
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
server {
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
include snippets/tls-acme.conf;
|
||||||
|
}
|
4
roles/nginx/templates/snippets-tls.nginx
Normal file
4
roles/nginx/templates/snippets-tls.nginx
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
location /.well-known/acme-challenge {
|
||||||
|
alias /var/lib/dehydrated/acme-challenges;
|
||||||
|
allow all;
|
||||||
|
}
|
Loading…
Reference in a new issue