2022-07-11 14:03:55 +08:00
|
|
|
- name: Install this role on {{ansible_os_family}}
|
|
|
|
include: "{{ansible_os_family}}.yml"
|
|
|
|
|
|
|
|
# install Certbot for Nginx
|
|
|
|
- name: Install certbot
|
|
|
|
shell: |
|
|
|
|
snap install --classic certbot
|
|
|
|
ln -sf /snap/bin/certbot /usr/bin/certbot
|
|
|
|
when: nginx_certbot
|
|
|
|
|
2023-05-08 14:50:23 +08:00
|
|
|
- name: Configure Nginx
|
|
|
|
copy:
|
|
|
|
src: nginx.conf
|
|
|
|
dest: /etc/nginx/
|
|
|
|
|
|
|
|
- name: Check system architecture
|
|
|
|
shell: uname -m
|
|
|
|
register: system_architecture
|
2023-05-08 14:50:37 +08:00
|
|
|
|
2023-05-08 14:50:23 +08:00
|
|
|
- name: Print system architecture
|
|
|
|
debug:
|
|
|
|
var: system_architecture.stdout
|
2023-05-08 14:50:47 +08:00
|
|
|
|
2023-05-08 14:50:23 +08:00
|
|
|
- name: Change user on ubuntu arm
|
|
|
|
lineinfile:
|
2023-05-08 15:09:09 +08:00
|
|
|
path: /etc/nginx/nginx.conf
|
2023-05-08 15:35:11 +08:00
|
|
|
regexp: "user nginx;"
|
2023-05-08 14:50:23 +08:00
|
|
|
line: "user www-data;"
|
|
|
|
when: system_architecture.stdout == "aarch64" and ansible_os_family == "Debian"
|
|
|
|
|
2022-07-11 14:03:55 +08:00
|
|
|
- name: Create a Nginx Log symbolic link
|
|
|
|
file:
|
|
|
|
src: '{{item.src}}'
|
|
|
|
dest: '{{item.dest}}'
|
|
|
|
state: link
|
|
|
|
with_items:
|
|
|
|
- {src: /etc/nginx/conf.d,dest: /data/config/nginx}
|
|
|
|
- {src: /var/log/nginx,dest: /data/logs/nginx}
|
|
|
|
|
|
|
|
- name: Set Reverse proxy
|
|
|
|
template:
|
|
|
|
src: default.jinja2
|
|
|
|
dest: /etc/nginx/conf.d/default.conf
|
|
|
|
|
|
|
|
- name: create nginx's Directory
|
|
|
|
file:
|
|
|
|
path: "{{item}}"
|
|
|
|
state: directory
|
|
|
|
recurse: true
|
|
|
|
loop:
|
|
|
|
- /etc/nginx/extra
|
|
|
|
|
|
|
|
- block:
|
|
|
|
- name: Copy rewrite file
|
|
|
|
copy:
|
|
|
|
src: rewrite
|
|
|
|
dest: /etc/nginx/conf.d/
|
|
|
|
|
|
|
|
- name: Create nginx_appname.conf in /etc/nginx/conf.d/rewrite
|
|
|
|
shell: if [ ! $( ls | grep "{{nginx_appname}}") ]; then touch {{nginx_appname}}.conf ; fi
|
|
|
|
args:
|
|
|
|
chdir: /etc/nginx/conf.d/rewrite
|
|
|
|
|
|
|
|
# add new user and password on nginx
|
|
|
|
- block:
|
|
|
|
- name: Insert ngnix service password authority segment
|
|
|
|
blockinfile:
|
|
|
|
path: /etc/nginx/conf.d/default.conf
|
|
|
|
insertbefore: "}"
|
|
|
|
block: |
|
|
|
|
auth_basic "Restricted Content";
|
|
|
|
auth_basic_user_file /etc/nginx/.htpasswd;
|
|
|
|
- name: Init nginx password
|
|
|
|
shell: |
|
|
|
|
htpasswd -bc /etc/nginx/.htpasswd {{nginx_login_account[0]}} {{nginx_login_account[1]}}
|
|
|
|
when: nginx_login_account is defined and nginx_login_account != none
|
|
|
|
|
|
|
|
- name: Start Nginx
|
|
|
|
service:
|
|
|
|
name: nginx
|
|
|
|
state: restarted
|
|
|
|
enabled: yes
|
|
|
|
|
|
|
|
# display version and service state of components
|
|
|
|
- name: Get Nginx version
|
|
|
|
shell: sudo sh -c "nginx -v 2>> /data/logs/install_version.txt"
|
|
|
|
|
|
|
|
- name: Check Nginx Service
|
|
|
|
shell: systemctl status nginx | grep Active*
|
|
|
|
register: check_nginx_service
|
|
|
|
notify: check_nginx_service
|