forked from ccchb/ansible
roles: Add nginx (for debian)
This commit is contained in:
parent
2803c0aaea
commit
1bcada7ffe
5 changed files with 52 additions and 0 deletions
2
roles/nginx/defaults/main.yml
Normal file
2
roles/nginx/defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
#nginx_acme_mail: "" # required
|
5
roles/nginx/handlers/main.yml
Normal file
5
roles/nginx/handlers/main.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- name: reload nginx
|
||||
systemd:
|
||||
state: reloaded
|
||||
name: nginx
|
29
roles/nginx/tasks/main.yml
Normal file
29
roles/nginx/tasks/main.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
- name: Install webserver
|
||||
package:
|
||||
state: latest
|
||||
name:
|
||||
- nginx
|
||||
- dehydrated
|
||||
|
||||
- name: acme mail
|
||||
copy:
|
||||
dest: "/etc/dehydrated/conf.d/mail"
|
||||
content: "CONTACT_EMAIL={{ nginx_acme_mail }}"
|
||||
|
||||
- name: get let's encrypt account
|
||||
command: /usr/bin/dehydrated --register --accept-terms
|
||||
args:
|
||||
creates: /var/lib/dehydrated/accounts
|
||||
|
||||
- name: nginx default config
|
||||
notify: reload nginx
|
||||
template:
|
||||
src: default.nginx
|
||||
dest: /etc/nginx/sites-available/default
|
||||
|
||||
- name: nginx snippets for acme
|
||||
notify: reload nginx
|
||||
template:
|
||||
src: snippets-tls.nginx
|
||||
dest: /etc/nginx/snippets/tls-acme.conf
|
12
roles/nginx/templates/default.nginx
Normal file
12
roles/nginx/templates/default.nginx
Normal file
|
@ -0,0 +1,12 @@
|
|||
server {
|
||||
listen [::]:80;
|
||||
listen 80;
|
||||
|
||||
server_name _;
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
include snippets/tls-acme.conf;
|
||||
}
|
4
roles/nginx/templates/snippets-tls.nginx
Normal file
4
roles/nginx/templates/snippets-tls.nginx
Normal file
|
@ -0,0 +1,4 @@
|
|||
location /.well-known/acme-challenge {
|
||||
alias /var/lib/dehydrated/acme-challenges;
|
||||
allow all;
|
||||
}
|
Loading…
Reference in a new issue