Daniele Tricoli
b7706355bf
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
66 lines
2 KiB
YAML
66 lines
2 KiB
YAML
---
|
|
- block:
|
|
- name: install {{ nginx_default_package }}
|
|
ansible.builtin.apt:
|
|
name:
|
|
- "{{ nginx_default_package }}"
|
|
- logrotate
|
|
state: present
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
|
|
- name: remove the default site
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
with_items:
|
|
- /etc/nginx/sites-enabled/default
|
|
- /etc/nginx/sites-available/default
|
|
- /var/www/html
|
|
notify: systemctl reload nginx
|
|
|
|
- name: add default server for clients who not send correct Host header
|
|
ansible.builtin.copy:
|
|
src: etc/nginx/sites-enabled/_.conf
|
|
dest: /etc/nginx/sites-enabled/_.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
notify: systemctl reload nginx
|
|
|
|
- name: set ssl_protocols to TLSv1.2 TLSv1.3
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/nginx/nginx.conf
|
|
regexp: "^(.*)ssl_protocols"
|
|
line: "\tssl_protocols TLSv1.2 TLSv1.3;"
|
|
notify: systemctl reload nginx
|
|
|
|
- name: gzip compression
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/nginx/nginx.conf
|
|
regexp: "{{ item.regexp }}"
|
|
line: "{{ item.line }}"
|
|
state: present
|
|
with_items:
|
|
- regexp: "^(.*)gzip_comp_level"
|
|
line: "\tgzip_comp_level 5;"
|
|
- regexp: "^(.*)gzip_types"
|
|
# yamllint disable-line rule:line-length
|
|
line: "\tgzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;"
|
|
notify: systemctl reload nginx
|
|
|
|
- name: add geoip2 config
|
|
ansible.builtin.copy:
|
|
src: etc/nginx/conf.d/geoip2.conf
|
|
dest: /etc/nginx/conf.d/geoip2.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0640
|
|
when: nginx_enable_geoip2
|
|
notify: systemctl reload nginx
|
|
|
|
- import_tasks: create-vhosts.yml
|
|
|
|
become: "{{ nginx_become }}"
|
|
become_user: "{{ nginx_become_user }}"
|