- name: become: true block: - name: Install package nginx apt: name: nginx - name: Template nginx.conf to /etc/nginx/nginx.conf template: src: nginx.conf dest: /etc/nginx/nginx.conf owner: root group: root mode: '644' register: nginx_template_nginx_conf_result - name: Template reverse-proxy.conf to /etc/nginx/sites-available/reverse-proxy.conf template: src: reverse-proxy.conf dest: /etc/nginx/sites-available/reverse-proxy.conf owner: root group: root mode: '644' register: nginx_template_reverse_proxy_conf_result - name: Copy ssl-headers.conf to /etc/nginx/conf.d/ssl-headers.conf copy: src: files/ssl-headers.conf dest: /etc/nginx/conf.d/ssl-headers.conf owner: root group: root mode: '644' register: nginx_copy_ssl_headers_conf_result - name: Remove all enabled NGINX sites file: state: "{{ item }}" path: "/etc/nginx/sites-enabled" owner: root group: root mode: '755' loop: - absent - directory - name: Enable reverse-proxy.conf site file: state: link src: /etc/nginx/sites-available/reverse-proxy.conf dest: /etc/nginx/sites-enabled/reverse-proxy.conf - name: Get state of file /etc/nginx/dhparam.txt stat: path: /etc/nginx/dhparam.txt register: nginx_stat_dhparam_result - name: Download dhparam file from Mozilla get_url: url: https://ssl-config.mozilla.org/ffdhe2048.txt dest: /etc/nginx/dhparam.txt when: not nginx_stat_dhparam_result.stat.exists - name: Set correct permissions on certificate directories file: path: "/etc/letsencrypt/{{ item }}/{{ domain }}" state: directory owner: root group: root mode: '750' loop: - live - archive - name: Start/Reload NGINX service service: name: nginx # Reload if conf changed, if not make sure it is started state: "{{ (nginx_template_nginx_conf_result['changed'] or nginx_template_reverse_proxy_conf_result['changed'] or nginx_copy_ssl_headers_conf_result['changed']) | ternary('reloaded', 'started') }}" enabled: yes