nginx.yml 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250
  1. - name: 'Install nginx package'
  2. apt:
  3. pkg:
  4. - 'nginx'
  5. state: 'present'
  6. tags:
  7. - 'web'
  8. - 'nginx'
  9. - name: 'Install logrotate configuration for nginx'
  10. template:
  11. src: 'logrotate/nginx.j2'
  12. dest: '/etc/logrotate.d/nginx'
  13. owner: 'root'
  14. group: 'root'
  15. mode: '0644'
  16. tags:
  17. - 'web'
  18. - 'nginx'
  19. - name: 'Install nginx default file configuration'
  20. template:
  21. src: 'nginx/default.j2'
  22. dest: '/etc/default/nginx'
  23. owner: 'root'
  24. group: 'root'
  25. mode: '0644'
  26. notify:
  27. - 'Restart nginx'
  28. tags:
  29. - 'web'
  30. - 'nginx'
  31. - name: 'Install custom mime types for nginx'
  32. template:
  33. src: 'nginx/mime.types.custom.j2'
  34. dest: '/etc/nginx/mime.types.custom'
  35. owner: 'root'
  36. group: 'root'
  37. mode: '0644'
  38. notify:
  39. - 'Restart nginx'
  40. tags:
  41. - 'web'
  42. - 'nginx'
  43. - name: 'Install nginx configuration'
  44. template:
  45. src: 'nginx/nginx.conf.j2'
  46. dest: '/etc/nginx/nginx.conf'
  47. owner: 'root'
  48. group: 'root'
  49. mode: '0644'
  50. notify:
  51. - 'Restart nginx'
  52. tags:
  53. - 'web'
  54. - 'nginx'
  55. - name: 'Install additional nginx configuration params (conf.d/)'
  56. template:
  57. src: 'nginx/conf.d/{{ item }}.conf.j2'
  58. dest: '/etc/nginx/conf.d/{{ item }}.conf'
  59. owner: 'root'
  60. group: 'root'
  61. mode: '0644'
  62. with_items:
  63. - 'status'
  64. notify:
  65. - 'Reload nginx'
  66. tags:
  67. - 'web'
  68. - 'nginx'
  69. - name: 'Install additional nginx configuration params (vhost_*)'
  70. template:
  71. src: 'nginx/vhost_{{ item }}.j2'
  72. dest: '/etc/nginx/vhost_{{ item }}'
  73. owner: 'root'
  74. group: 'root'
  75. mode: '0644'
  76. with_items:
  77. - 'all'
  78. - 'expires'
  79. - 'cache-fd'
  80. - 'protect-files'
  81. - 'security'
  82. notify:
  83. - 'Reload nginx'
  84. tags:
  85. - 'web'
  86. - 'nginx'
  87. - name: 'Install SSL vhost configuration for Nginx'
  88. template:
  89. src: 'nginx/vhost_ssl.j2'
  90. dest: '/etc/nginx/vhost_ssl-{{ item }}'
  91. owner: 'root'
  92. group: 'root'
  93. mode: '0644'
  94. with_items: '{{ ssl_certs }}'
  95. notify:
  96. - 'Reload nginx'
  97. when: ssl_certs|length > 0
  98. tags:
  99. - 'web'
  100. - 'nginx'
  101. - name: 'Install SSL vhost configuration for Nginx (Lets Encrypt certificates)'
  102. template:
  103. src: 'nginx/vhost_ssl_auto.j2'
  104. dest: '/etc/nginx/vhost_ssl_auto-{{ item.split(" ")[0] }}'
  105. owner: 'root'
  106. group: 'root'
  107. mode: '0644'
  108. with_items: '{{ ssl_certs_auto }}'
  109. notify:
  110. - 'Reload nginx'
  111. when: ssl_certs_auto|length > 0
  112. tags:
  113. - 'web'
  114. - 'nginx'
  115. - name: 'Install Let Encrypt configuration for Nginx'
  116. template:
  117. src: 'nginx/letsencrypt.j2'
  118. dest: '/etc/nginx/letsencrypt'
  119. owner: 'root'
  120. group: 'root'
  121. mode: '0644'
  122. notify:
  123. - 'Reload nginx'
  124. when: ssl_certs_auto|length > 0
  125. tags:
  126. - 'web'
  127. - 'nginx'
  128. - name: 'Create basic authentication file for admin (Nginx)'
  129. template:
  130. src: 'nginx/auth_admin.j2'
  131. dest: '/etc/nginx/auth_admin'
  132. owner: 'root'
  133. group: 'www-data'
  134. mode: '0640'
  135. when: http_auth_admin_password is defined and http_auth_admin_password
  136. tags:
  137. - 'web'
  138. - 'nginx'
  139. - name: 'Install PHPMyAdmin virtual host for nginx (sites-available)'
  140. template:
  141. src: 'nginx/pma_vhost.j2'
  142. dest: '/etc/nginx/sites-available/pma'
  143. owner: 'root'
  144. group: 'root'
  145. mode: '0644'
  146. notify:
  147. - 'Reload nginx'
  148. when: with_phpmyadmin|bool
  149. tags:
  150. - 'web'
  151. - 'nginx'
  152. - name: 'Install PHPMyAdmin virtual host for nginx (sites-enabled)'
  153. file:
  154. src: '/etc/nginx/sites-available/pma'
  155. path: '/etc/nginx/sites-enabled/pma'
  156. state: 'link'
  157. notify:
  158. - 'Reload nginx'
  159. when: with_phpmyadmin|bool
  160. tags:
  161. - 'web'
  162. - 'nginx'
  163. - name: 'Install PHPPgAdmin virtual host for nginx (sites-available)'
  164. template:
  165. src: 'nginx/pga_vhost.j2'
  166. dest: '/etc/nginx/sites-available/pga'
  167. owner: 'root'
  168. group: 'root'
  169. mode: '0644'
  170. notify:
  171. - 'Reload nginx'
  172. when: with_phppgadmin|bool
  173. tags:
  174. - 'web'
  175. - 'nginx'
  176. - name: 'Install PHPPgAdmin virtual host for nginx (sites-enabled)'
  177. file:
  178. src: '/etc/nginx/sites-available/pga'
  179. path: '/etc/nginx/sites-enabled/pga'
  180. state: 'link'
  181. notify:
  182. - 'Reload nginx'
  183. when: with_phppgadmin|bool
  184. tags:
  185. - 'web'
  186. - 'nginx'
  187. - name: 'Install PHP system checks virtual host for nginx (sites-available)'
  188. template:
  189. src: 'nginx/sys_vhost.j2'
  190. dest: '/etc/nginx/sites-available/sys'
  191. owner: 'root'
  192. group: 'root'
  193. mode: '0644'
  194. notify:
  195. - 'Reload nginx'
  196. when: with_phpsyscheck and with_php|bool
  197. tags:
  198. - 'web'
  199. - 'nginx'
  200. - name: 'Install PHP system checks virtual host for nginx (sites-enabled)'
  201. file:
  202. src: '/etc/nginx/sites-available/sys'
  203. path: '/etc/nginx/sites-enabled/sys'
  204. state: 'link'
  205. notify:
  206. - 'Reload nginx'
  207. when: with_phpsyscheck and with_php|bool
  208. tags:
  209. - 'web'
  210. - 'nginx'
  211. - name: 'Install Cloudflare configuration to set the real ip in logs'
  212. template:
  213. src: 'nginx/cloudflare.conf.j2'
  214. dest: '/etc/nginx/snippets/cloudflare.conf'
  215. owner: 'root'
  216. group: 'root'
  217. mode: '0644'
  218. notify:
  219. - 'Reload nginx'
  220. when: with_cloudflare is defined and with_cloudflare
  221. tags:
  222. - 'web'
  223. - 'nginx'
  224. - name: 'Ensure nginx is running'
  225. service:
  226. name: 'nginx'
  227. state: 'started'
  228. tags:
  229. - 'web'
  230. - 'nginx'
  231. # vim: ft=yaml.ansible