65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
---
|
|
- name: setup configuration directories
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: '/etc/nginx/{{ item }}'
|
|
state: directory
|
|
owner: '{{ nginx_service_user }}'
|
|
group: '{{ nginx_service_group }}'
|
|
mode: '0750'
|
|
loop:
|
|
- conf.d
|
|
- ssl
|
|
- ssl/certificates
|
|
- ssl/keys
|
|
- sites-available
|
|
- sites-enabled
|
|
- streams-available
|
|
- streams-enabled
|
|
|
|
- name: remove default unneeded files
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: '/etc/nginx/conf.d/default.conf'
|
|
state: absent
|
|
|
|
- name: generate dhparams.pem file
|
|
become: true
|
|
ansible.builtin.command:
|
|
cmd: /usr/bin/openssl dhparam -out /etc/nginx/ssl/dhparams.pem 4096
|
|
creates: /etc/nginx/ssl/dhparams.pem
|
|
notify:
|
|
- 'nginx : restart nginx service'
|
|
|
|
- name: setup nginx.conf
|
|
become: true
|
|
block:
|
|
- name: use default configuration
|
|
ansible.builtin.template:
|
|
src: ../templates/nginx.conf.j2
|
|
dest: /etc/nginx/nginx.conf
|
|
owner: '{{ nginx_service_user }}'
|
|
group: '{{ nginx_service_group }}'
|
|
mode: '0640'
|
|
when: nginx_custom_config is falsy
|
|
- name: use custom configuration
|
|
ansible.builtin.copy:
|
|
content: '{{ nginx_custom_config }}'
|
|
dest: /etc/nginx/nginx.conf
|
|
owner: '{{ nginx_service_user }}'
|
|
group: '{{ nginx_service_group }}'
|
|
mode: '0640'
|
|
when: nginx_custom_config is truthy
|
|
notify:
|
|
- 'nginx : restart nginx service'
|
|
|
|
- name: set process limits
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: ../templates/nginx_limits.conf.j2
|
|
dest: /etc/security/limits.d/nginx.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0600'
|
|
notify:
|
|
- 'nginx : restart nginx service'
|