1
0
Fork 0
ansible-collection-kit/roles/nginx/tasks/main.yml

57 lines
1.5 KiB
YAML

---
- block:
- name: install {{ nginx_default_package }}
apt:
name:
- "{{ nginx_default_package }}"
- logrotate
state: present
update_cache: true
cache_valid_time: 3600
- name: remove the default site
file:
path: "{{ item }}"
state: absent
with_items:
- /etc/nginx/sites-enabled/default
- /etc/nginx/sites-available/default
- /var/www/html
notify: systemctl reload nginx
- name: add default server to reply to client who not send correct Host header
copy:
src: etc/nginx/sites-enabled/_.conf
dest: /etc/nginx/sites-enabled/_.conf
owner: root
group: root
mode: 0640
notify: systemctl reload nginx
- name: set ssl_protocols to TLSv1.2 TLSv1.3
lineinfile:
path: /etc/nginx/nginx.conf
regexp: "^(.*)ssl_protocols"
line: "\tssl_protocols TLSv1.2 TLSv1.3;"
notify: systemctl reload nginx
- name: gzip compression
lineinfile:
path: /etc/nginx/nginx.conf
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items:
- regexp: "^(.*)gzip_comp_level"
line: "\tgzip_comp_level 5;"
- regexp: "^(.*)gzip_types"
line: "\tgzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;"
notify: systemctl reload nginx
- import_tasks: create-vhosts.yml
become: "{{ nginx_become }}"
become_user: "{{ nginx_become_user }}"