Ansible
/
nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nginx/tasks/install-Debian.yml

238 lines
6.2 KiB
YAML
Raw Permalink Blame History

---
- name: Nginx already installed ?
shell: dpkg-query -W 'nginx-full'
ignore_errors: true
register: nginx
tags:
- install
- reconfigure
- name: update apt-cache
apt: update_cache=yes
when: nginx is failed
tags:
- install
- reconfigure
- name: Update repositories cache and install package
apt: pkg=apt-transport-https state=latest update_cache=yes
tags:
- install
- reconfigure
- name: Install Nginx and dependencies
apt:
pkg: "{{item}}"
state: latest
update_cache: yes
with_items:
- nginx-full
- libnginx-mod-http-headers-more-filter
- libnginx-mod-http-cache-purge
- libnginx-mod-http-uploadprogress
- libnginx-mod-stream
- python3
- python3-dev
- gcc
- dialog
- libaugeas0
- augeas-lenses
- libssl-dev
- libffi-dev
- ca-certificates
- python3-pip
- python3-virtualenv
- git
- libpython3-dev
- zlib1g-dev
tags:
- install
- reconfigure
- name: Install Nginx brotli and dependencies
apt:
pkg: "{{item}}"
state: latest
update_cache: yes
with_items:
- libnginx-mod-http-brotli-static
- libnginx-mod-http-brotli-filter
when: nginx_brotli is defined
tags:
- install
- reconfigure
- name: Install Nginx modsecurity and dependencies
apt:
pkg: "{{item}}"
state: latest
update_cache: yes
with_items:
- libmodsecurity3
- libnginx-mod-http-modsecurity
- modsecurity-crs
when: nginx_modsecurity is defined
tags:
- install
- reconfigure
- name: Creates directory
file:
path: /etc/nginx/ssl/private
state: directory
when: nginx is failed
tags:
- install
- reconfigure
- name: Generate dhparam 4096
openssl_dhparam:
path: /etc/nginx/ssl/private/dhparam.pem
size: 4096
when:
- nginx is failed
- not nginx_disable_ssl is defined or nginx_disable_ssl is false
tags:
- install
- reconfigure
- name: Create folder
file:
path: "{{ item }}"
state: directory
loop:
- /var/www/letsencrypt
- /var/log/archive-nginx
- /etc/nginx/conf
- /etc/nginx/html
- /etc/nginx/ssl
- /etc/nginx/modules-available
- /etc/nginx/modules-enabled
- /etc/nginx/ssl/private/
- /var/www/html/
- /var/www/html/errors
tags:
- install
- reconfigure
- name: Remove official default configuration
file:
path: "{{ item }}"
state: absent
loop:
- /etc/logrotate.d/nginx
- /etc/nginx/sites-available/default
- /etc/nginx/fastcgi.conf
- /etc/nginx/koi-utf
- /etc/nginx/koi-win
- /etc/nginx/mime.types
- /etc/nginx/nginx.conf
- /etc/nginx/proxy_params
- /etc/nginx/scgi_params
- /etc/nginx/snippets
- /etc/nginx/uwsgi_params
- /etc/nginx/win-utf
tags:
- install
- reconfigure
- name: "Add Dryusdan's configuration"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: '0640'
loop:
- { 'src': 'etc/logrotate.d/nginx', 'dest':'/etc/logrotate.d/nginx' }
- { 'src': 'etc/nginx/html/index.html', 'dest': '/etc/nginx/html/index.html' }
- { 'src': 'etc/nginx/html/50x.html', 'dest': '/etc/nginx/html/50x.html' }
- { 'src': 'etc/nginx/conf.d/blacklist', 'dest': '/etc/nginx/conf.d/blacklist' }
- { 'src': 'etc/nginx/conf.d/headers.conf', 'dest': '/etc/nginx/conf.d/headers.conf' }
- { 'src': 'etc/nginx/conf.d/hsts.conf', 'dest': '/etc/nginx/conf.d/hsts.conf' }
- { 'src': 'etc/nginx/conf.d/proxy.conf', 'dest': '/etc/nginx/conf.d/proxy.conf' }
- { 'src': 'etc/nginx/conf.d/ssl.conf', 'dest': '/etc/nginx/conf.d/ssl.conf' }
- { 'src': 'etc/nginx/conf/fastcgi.conf', 'dest': '/etc/nginx/conf/fastcgi.conf' }
- { 'src': 'etc/nginx/conf/fastcgi_params', 'dest': '/etc/nginx/conf/fastcgi_params' }
- { 'src': 'etc/nginx/conf/koi-utf', 'dest': '/etc/nginx/conf/koi-utf' }
- { 'src': 'etc/nginx/conf/koi-win', 'dest': '/etc/nginx/conf/koi-win' }
- { 'src': 'etc/nginx/conf/mime.types', 'dest': '/etc/nginx/conf/mime.types' }
- { 'src': 'etc/nginx/conf/scgi_params', 'dest': '/etc/nginx/conf/scgi_params' }
- { 'src': 'etc/nginx/conf/scgi_params', 'dest': '/etc/nginx/conf/scgi_vars' }
- { 'src': 'etc/nginx/conf/uwsgi_params', 'dest': '/etc/nginx/conf/uwsgi_params' }
- { 'src': 'etc/nginx/conf/win-utf', 'dest': '/etc/nginx/conf/win-utf' }
- { 'src': 'html/index.html', 'dest': '/var/www/html/index.html' }
tags:
- install
- reconfigure
- name: "Remove legacy Dryusdan's configuration"
ansible.builtin.file:
path: "{{ item }}"
owner: root
group: root
mode: '0640'
state: absent
loop:
- /etc/systemd/system/nginx.service
- /etc/nginx/conf/nginx.conf
tags:
- install
- reconfigure
- name: Add templated configuration
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0640
owner: root
group: root
loop:
- { 'src': 'default.j2', 'dest': '/etc/nginx/sites-available/default' }
- { 'src': 'ocsp.conf.j2', 'dest': '/etc/nginx/conf.d/ocsp.conf' }
- { 'src': 'nginx.conf.j2', 'dest': '/etc/nginx/nginx.conf' }
tags:
- install
- reconfigure
- name: Add modsecs templated configuration
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0640
owner: root
group: root
loop:
- { 'src': 'modsecurity.conf.j2', 'dest': '/etc/nginx/modsecurity.conf' }
- { 'src': 'modsecurity_includes.conf.j2', 'dest': '/etc/nginx/modsecurity_includes.conf' }
- { 'src': 'owasp-crs.load.j2', 'dest': '/usr/share/modsecurity-crs/owasp-crs.load' }
when: nginx_modsecurity is defined
tags:
- install
- reconfigure
- name: "Add errors html file"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: www-data
group: www-data
mode: '0640'
loop:
- { 'src': 'html/errors/401.html', 'dest': '/var/www/html/errors/401.html' }
- { 'src': 'html/errors/403.html', 'dest': '/var/www/html/errors/403.html' }
- { 'src': 'html/errors/502.html', 'dest': '/var/www/html/errors/502.html' }
- { 'src': 'html/errors/503.html', 'dest': '/var/www/html/errors/503.html' }
tags:
- install
- reconfigure
- name: reload systemd
systemd:
daemon_reload: yes
tags:
- install
- reconfigure
Reference in New Issue View Git Blame Copy Permalink