vps/roles/reverse-proxy/tasks/main.yml

- name:
  become: true
  block:
    - name: Install package nginx
      apt:
        name: nginx
  
    - name: Template nginx.conf to /etc/nginx/nginx.conf
      template:
        src: nginx.conf
        dest: /etc/nginx/nginx.conf
        owner: root
        group: root
        mode: '644' 
      register: nginx_template_nginx_conf_result

    - name: Template reverse-proxy.conf to /etc/nginx/sites-available/reverse-proxy.conf
      template:
        src: reverse-proxy.conf
        dest: /etc/nginx/sites-available/reverse-proxy.conf
        owner: root
        group: root
        mode: '644'
      register: nginx_template_reverse_proxy_conf_result
 
    - name: Copy ssl-headers.conf to /etc/nginx/conf.d/ssl-headers.conf
      copy:
        src: files/ssl-headers.conf
        dest: /etc/nginx/conf.d/ssl-headers.conf
        owner: root
        group: root
        mode: '644'
      register: nginx_copy_ssl_headers_conf_result

    - name: Remove all enabled NGINX sites
      file:
        state: "{{ item }}"
        path: "/etc/nginx/sites-enabled"
        owner: root
        group: root
        mode: '755'
      loop:
        - absent
        - directory

    - name: Enable reverse-proxy.conf site
      file:
        state: link
        src: /etc/nginx/sites-available/reverse-proxy.conf
        dest: /etc/nginx/sites-enabled/reverse-proxy.conf

    - name: Get state of file /etc/nginx/dhparam.txt
      stat:
        path: /etc/nginx/dhparam.txt
      register: nginx_stat_dhparam_result

    - name: Download dhparam file from Mozilla
      get_url:
        url: https://ssl-config.mozilla.org/ffdhe2048.txt
        dest: /etc/nginx/dhparam.txt
      when: not nginx_stat_dhparam_result.stat.exists

    - name: Set correct permissions on certificate directories
      file:
        path: "/etc/letsencrypt/{{ item }}/{{ domain }}"
        state: directory
        owner: root
        group: root
        mode: '750'
      loop:
        - live
        - archive

    - name: Start/Reload NGINX service
      service:
        name: nginx
        # Reload if conf changed, if not make sure it is started
        state: "{{ (nginx_template_nginx_conf_result['changed'] or nginx_template_reverse_proxy_conf_result['changed'] or nginx_copy_ssl_headers_conf_result['changed']) | ternary('reloaded', 'started') }}"
        enabled: yes
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`- name:`
			`become: true`
			`block:`
			`- name: Install package nginx`
			`apt:`
			`name: nginx`

			`- name: Template nginx.conf to /etc/nginx/nginx.conf`
			`template:`
			`src: nginx.conf`
			`dest: /etc/nginx/nginx.conf`
			`owner: root`
			`group: root`
			`mode: '644'`
			`register: nginx_template_nginx_conf_result`

			`- name: Template reverse-proxy.conf to /etc/nginx/sites-available/reverse-proxy.conf`
			`template:`
			`src: reverse-proxy.conf`
			`dest: /etc/nginx/sites-available/reverse-proxy.conf`
			`owner: root`
			`group: root`
			`mode: '644'`
			`register: nginx_template_reverse_proxy_conf_result`
Update reverse proxy. 2024-03-02 11:57:21 +01:00
			`- name: Copy ssl-headers.conf to /etc/nginx/conf.d/ssl-headers.conf`
			`copy:`
			`src: files/ssl-headers.conf`
			`dest: /etc/nginx/conf.d/ssl-headers.conf`
			`owner: root`
			`group: root`
			`mode: '644'`
			`register: nginx_copy_ssl_headers_conf_result`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00
			`- name: Remove all enabled NGINX sites`
			`file:`
			`state: "{{ item }}"`
			`path: "/etc/nginx/sites-enabled"`
			`owner: root`
			`group: root`
			`mode: '755'`
			`loop:`
			`- absent`
			`- directory`

			`- name: Enable reverse-proxy.conf site`
			`file:`
			`state: link`
			`src: /etc/nginx/sites-available/reverse-proxy.conf`
			`dest: /etc/nginx/sites-enabled/reverse-proxy.conf`

			`- name: Get state of file /etc/nginx/dhparam.txt`
			`stat:`
			`path: /etc/nginx/dhparam.txt`
			`register: nginx_stat_dhparam_result`

			`- name: Download dhparam file from Mozilla`
			`get_url:`
			`url: https://ssl-config.mozilla.org/ffdhe2048.txt`
			`dest: /etc/nginx/dhparam.txt`
			`when: not nginx_stat_dhparam_result.stat.exists`

			`- name: Set correct permissions on certificate directories`
			`file:`
			`path: "/etc/letsencrypt/{{ item }}/{{ domain }}"`
			`state: directory`
			`owner: root`
			`group: root`
			`mode: '750'`
			`loop:`
			`- live`
			`- archive`

			`- name: Start/Reload NGINX service`
			`service:`
			`name: nginx`
			`# Reload if conf changed, if not make sure it is started`
Update reverse proxy. 2024-03-02 11:57:21 +01:00			`state: "{{ (nginx_template_nginx_conf_result['changed'] or nginx_template_reverse_proxy_conf_result['changed'] or nginx_copy_ssl_headers_conf_result['changed']) \| ternary('reloaded', 'started') }}"`
The Great Ansible Update. 2024-02-17 19:01:04 +01:00			`enabled: yes`