summaryrefslogtreecommitdiff
path: root/playbooks/http.yaml
blob: 3c43e2f0acc0a7bbe5f5ae367d53efafe1a69c2e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81

- name: Web server
  hosts: hollyhock
  become: true
  tasks:
    - name: Install nginx
      ansible.builtin.apt:
        name: nginx
        state: present
        update_cache: true

    - name: Start and enable nginx
      ansible.builtin.systemd:
        name: nginx
        state: started
        enabled: true

    - name: Configure nginx
      ansible.builtin.copy:
        src: nginx.conf
        dest: /etc/nginx/nginx.conf
        mode: "0644"
        backup: true
      notify: Test and restart nginx

    - name: Create log directories
      ansible.builtin.file:
        path: "/var/log/nginx/{{ item.name }}"
        state: directory
        owner: "{{ nginx_user }}"
        group: "{{ nginx_log_group }}"
        mode: "0755"
      loop: "{{ sites }}"

    - name: Copy initial http-only sites
      ansible.builtin.template:
        src: nginx/http.conf.j2
        dest: "/etc/nginx/sites-available/{{ item.name }}-http"
        mode: "0644"
      loop: "{{ sites }}"
      notify: Test and restart nginx

    - name: Check if initial https sites have been enabled
      ansible.builtin.stat:
        path: "/etc/nginx/sites-enabled/{{ item.name }}-https"
      register: https_sites
      loop: "{{ sites }}"

    - name: Check if final sites have been enabled
      ansible.builtin.stat:
        path: "/etc/nginx/sites-enabled/{{ item.name }}"
      register: final_sites
      loop: "{{ sites }}"

    - name: Enable initial http-only sites
      ansible.builtin.file:
        src: "/etc/nginx/sites-available/{{ item.name }}-http"
        dest: "/etc/nginx/sites-enabled/{{ item.name }}-http"
        state: link
      loop: "{{ sites }}"
      loop_control:
        index_var: index
      when:
        - not https_sites.results[index].stat.exists
        - not final_sites.results[index].stat.exists
      notify: Test and restart nginx

    - name: Disable default nginx site
      ansible.builtin.file:
        path: /etc/nginx/sites-enabled/default
        state: absent
      notify: Test and restart nginx

    - name: Allow http traffic through firewall
      community.general.ufw:
        rule: allow
        port: 80
        proto: tcp

  handlers:
    - name: Test and restart nginx
      ansible.builtin.include_tasks: tasks/test_and_restart_nginx.yaml
generated by cgit v1.2.3 (git 2.39.1) at 2026-05-26 17:08:19 +0000