webserver without tls
This commit is contained in:
parent
36436a8151
commit
90f601eaa0
|
|
@ -1,3 +1,4 @@
|
|||
---
|
||||
# webserver_dehydrated_email: "" # required
|
||||
webserver_php_enabled: false
|
||||
webserver_php_enabled: False
|
||||
webserver_tls_enabled: True
|
||||
|
|
|
|||
|
|
@ -1,15 +1,12 @@
|
|||
- name: Install
|
||||
package:
|
||||
name:
|
||||
- nginx
|
||||
- dehydrated
|
||||
name: nginx
|
||||
|
||||
- name: create folders
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- /srv/http/.well-known/acme-challenge
|
||||
- /etc/nginx/sites.d
|
||||
- /etc/nginx/local.d
|
||||
- /etc/nginx/snippets
|
||||
|
|
@ -17,60 +14,22 @@
|
|||
- name: templates
|
||||
notify: reload nginx
|
||||
template:
|
||||
src: "{{ item.file }}"
|
||||
dest: "/etc/nginx/{{ item.path }}"
|
||||
with_items:
|
||||
- file: nginx.conf
|
||||
path: nginx.conf
|
||||
- file: letsencrypt.nginx
|
||||
path: snippets/letsencrypt.conf
|
||||
- file: 00-tls-redirect.nginx
|
||||
path: sites.d/00-tls-redirect.act
|
||||
src: "nginx.conf"
|
||||
dest: "/etc/nginx/nginx.conf"
|
||||
|
||||
- name: started
|
||||
systemd:
|
||||
name: nginx
|
||||
state: started
|
||||
|
||||
- name: config dehydrated
|
||||
template:
|
||||
src: dehydrated
|
||||
dest: /etc/dehydrated/config
|
||||
|
||||
- name: get let's encrypt account
|
||||
command: /usr/bin/dehydrated --register --accept-terms
|
||||
args:
|
||||
creates: /etc/dehydrated/accounts
|
||||
|
||||
- name: get inventory_hostname cert
|
||||
notify: dehydrated
|
||||
lineinfile:
|
||||
path: /etc/dehydrated/domains.txt
|
||||
line: "{{ inventory_hostname }}"
|
||||
create: yes
|
||||
|
||||
- name: templates tls
|
||||
notify: reload nginx
|
||||
template:
|
||||
src: "10-tls.nginx"
|
||||
dest: "/etc/nginx/sites.d/10-tls.act"
|
||||
|
||||
- name: templates local.d
|
||||
notify: reload nginx
|
||||
template:
|
||||
src: "10-tls.local.nginx"
|
||||
dest: "/etc/nginx/local.d/10-tls.act"
|
||||
|
||||
- name: enabled dehydrated
|
||||
systemd:
|
||||
name: dehydrated.timer
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: php
|
||||
import_tasks: php.yml
|
||||
when: webserver_php_enabled
|
||||
|
||||
- name: tls
|
||||
import_tasks: tls.yml
|
||||
when: webserver_tls_enabled
|
||||
|
||||
- name: enabled nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
|
|
|
|||
|
|
@ -0,0 +1,48 @@
|
|||
- name: Install
|
||||
package:
|
||||
name: dehydrated
|
||||
|
||||
- name: create folders
|
||||
file:
|
||||
path: "/srv/http/.well-known/acme-challenge"
|
||||
state: directory
|
||||
|
||||
- name: templates
|
||||
notify: reload nginx
|
||||
template:
|
||||
src: "{{ item.file }}"
|
||||
dest: "/etc/nginx/{{ item.path }}"
|
||||
with_items:
|
||||
- file: letsencrypt.nginx
|
||||
path: snippets/letsencrypt.conf
|
||||
- file: 00-tls-redirect.nginx
|
||||
path: sites.d/00-tls-redirect.act
|
||||
|
||||
- name: config dehydrated
|
||||
template:
|
||||
src: dehydrated
|
||||
dest: /etc/dehydrated/config
|
||||
|
||||
- name: get let's encrypt account
|
||||
command: /usr/bin/dehydrated --register --accept-terms
|
||||
args:
|
||||
creates: /etc/dehydrated/accounts
|
||||
|
||||
- name: get inventory_hostname cert
|
||||
notify: dehydrated
|
||||
lineinfile:
|
||||
path: /etc/dehydrated/domains.txt
|
||||
line: "{{ inventory_hostname }}"
|
||||
create: yes
|
||||
|
||||
- name: templates tls
|
||||
notify: reload nginx
|
||||
template:
|
||||
src: "10-tls.nginx"
|
||||
dest: "/etc/nginx/sites.d/10-tls.act"
|
||||
|
||||
- name: templates local.d
|
||||
notify: reload nginx
|
||||
template:
|
||||
src: "10-tls.local.nginx"
|
||||
dest: "/etc/nginx/local.d/10-tls.act"
|
||||
Loading…
Reference in New Issue