127 lines
3.5 KiB
YAML
127 lines
3.5 KiB
YAML
---
|
||
- name: Ensure nginx is started
|
||
service:
|
||
name: nginx
|
||
state: started
|
||
enabled: true
|
||
ignore_errors: true
|
||
register: nginx_started
|
||
tags:
|
||
- vhost
|
||
|
||
- name: Nginx started failed | Delete file for repair nginx
|
||
file:
|
||
state: absent
|
||
path: "/etc/nginx/sites-enabled/"
|
||
when: nginx_started is failed
|
||
tags:
|
||
- vhost
|
||
|
||
- name: Nginx started failed | recreate folder for repair nginx
|
||
file:
|
||
state: directory
|
||
path: "/etc/nginx/sites-enabled/"
|
||
when: nginx_started is failed
|
||
tags:
|
||
- vhost
|
||
|
||
- name: Nginx started failed | create default link for repair nginx
|
||
file:
|
||
src: "/etc/nginx/sites-available/default"
|
||
dest: "/etc/nginx/sites-enabled/default"
|
||
state: link
|
||
when: nginx_started is failed
|
||
tags:
|
||
- vhost
|
||
|
||
- name: Nginx started failed | Restart Nginx
|
||
service:
|
||
name: nginx
|
||
state: started
|
||
when: nginx_started is failed
|
||
tags:
|
||
- vhost
|
||
|
||
- name: "Add Vhost"
|
||
template:
|
||
src: "vhosts/{{ item.template }}.j2"
|
||
dest: "/etc/nginx/sites-available/{{ item.name }}"
|
||
when:
|
||
- item.state == "present" or item.state is not defined
|
||
notify:
|
||
- Reload Nginx
|
||
loop: "{{ nginx_vhost }}"
|
||
tags:
|
||
- vhost
|
||
register: vhost_changed
|
||
|
||
- name: "Create certificate"
|
||
shell: "certbot certonly --non-interactive --webroot --email {{ nginx_letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt {% for domain in item.server_name %} -d {{ domain }} {% endfor %} --expand --rsa-key-size 4096;"
|
||
when:
|
||
- item.ssl
|
||
- item.letsencrypt is defined
|
||
|
||
- name: "Create certificate"
|
||
shell: "certbot certonly --non-interactive --webroot --email {{ nginx_letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt {% for domain in item.server_name %} -d {{ domain }} {% endfor %} --expand --rsa-key-size 4096;"
|
||
when:
|
||
- item.ssl
|
||
- item.letsencrypt is defined
|
||
- item.state == "present" or item.state is not defined
|
||
- vhost_changed.changed
|
||
- item.letsencrypt_key is defined and item.letsencrypt_key == "rsa"
|
||
loop: "{{ nginx_vhost }}"
|
||
tags:
|
||
- vhost
|
||
|
||
- name: "Create certificate"
|
||
shell: "certbot certonly --non-interactive --webroot --email {{ nginx_letsencrypt_email }} --agree-tos --webroot-path=/var/www/letsencrypt {% for domain in item.server_name %} -d {{ domain }} {% endfor %} --expand --key-type ecdsa --elliptic-curve secp384r1;"
|
||
when:
|
||
- item.ssl
|
||
- item.letsencrypt is defined
|
||
- item.state == "present" or item.state is not defined
|
||
- vhost_changed.changed
|
||
- item.letsencrypt_key is not defined
|
||
loop: "{{ nginx_vhost }}"
|
||
tags:
|
||
- vhost
|
||
|
||
- name: "Create robots.txt's folder"
|
||
file:
|
||
path: "/var/www/nginx/robots.txt/{{ item.server_name[0] }}"
|
||
state: directory
|
||
recurse: yes
|
||
owner: www-data
|
||
group: www-data
|
||
loop: "{{ nginx_vhost }}"
|
||
when:
|
||
- item.state == "present" or item.state is not defined
|
||
- item.robotstxt is defined and item.robotstxt == true
|
||
tags:
|
||
- vhost
|
||
|
||
- name: "Add robots.txt"
|
||
template:
|
||
src: "robots.txt/robots.txt.j2"
|
||
dest: "/var/www/nginx/robots.txt/{{ item.server_name[0] }}/robots.txt"
|
||
when:
|
||
- item.robotstxt is defined and item.robotstxt == true
|
||
- item.state == "present" or item.state is not defined
|
||
loop: "{{ nginx_vhost }}"
|
||
tags:
|
||
- vhost
|
||
|
||
- name: "Enable vhost"
|
||
file:
|
||
src: "/etc/nginx/sites-available/{{ item.name }}"
|
||
dest: "/etc/nginx/sites-enabled/{{ item.name }}"
|
||
state: link
|
||
when:
|
||
- item.state == "present" or item.state is not defined
|
||
notify:
|
||
- Reload Nginx
|
||
loop: "{{ nginx_vhost }}"
|
||
tags:
|
||
- vhost
|
||
when: vhost_changed.changed
|
||
|