--- # Install and configure Nginx - name: Install htpasswd dependencies apt: name: python3-passlib state: present - name: Install SSL dependencies apt: name: ssl-cert state: present - name: Install Nginx apt: name: nginx-full state: present - name: Create Nginx configuration directories file: path: "{{ config_dir }}" state: directory owner: root group: www-data mode: "755" loop: - "{{ nginx_config_dir }}" - "{{ nginx_ssl_dir }}" loop_control: loop_var: config_dir - name: Generate Diffie-Hellman parameters # This can take a long time... So we are doing it in async mode openssl_dhparam: path: "{{ nginx_ssl_dir }}/dhparam.pem" size: "{{ nginx_dhparam_size }}" owner: root group: www-data mode: "640" async: 3600 poll: 0 changed_when: no register: _nginx_dhparam - name: Use snakoil cert key as Nginx's default private key file: src: "/etc/ssl/private/ssl-cert-snakeoil.key" path: "{{ nginx_ssl_dir }}/nginx.key" state: link owner: root group: www-data mode: "750" force: yes - name: Use snakoil cert as Nginx's default certificate file: src: "/etc/ssl/certs/ssl-cert-snakeoil.pem" path: "{{ nginx_ssl_dir }}/nginx.crt" state: link owner: root group: www-data mode: "755" force: yes - name: Copy default Nginx config template: src: nginx/default.conf.j2 dest: /etc/nginx/sites-available/default owner: root group: www-data mode: "755" notify: reload nginx - name: Enable default Nginx config file: src: /etc/nginx/sites-available/default path: /etc/nginx/sites-enabled/default owner: root group: www-data mode: "755" state: link notify: reload nginx - name: Allow default Nginx ports ufw: rule: allow name: "Nginx Full" - name: Waiting for Diffie-Hellman task to complete… async_status: jid: "{{ _nginx_dhparam.ansible_job_id }}" register: _nginx_dhparam_job retries: 60 delay: 30 # will retry every 30s for 30min (60 retries) until: _nginx_dhparam_job.finished notify: reload nginx - name: Start Nginx server service: name: nginx state: started enabled: yes register: nginx_started - name: "Trigger Nginx handlers" meta: flush_handlers