Implement configure-webproxy for setting up basic nginx server
Fix init playbook Add nginx config Fix networkd install on fedora
This commit is contained in:
parent
1e1d4d75a0
commit
ae0be16dd6
@ -1,37 +1,28 @@
|
|||||||
---
|
---
|
||||||
# TBW
|
- import_playbook: initialize.yml
|
||||||
|
|
||||||
# - name: Install Nginx
|
|
||||||
# hosts: jupiter
|
- name: Install Nginx
|
||||||
# handlers:
|
hosts: jupiter
|
||||||
# - name: restart_nginx
|
handlers:
|
||||||
# become: true
|
- name: restart-nginx
|
||||||
# systemd:
|
import_tasks: tasks/nginx/services.yml
|
||||||
# name: nginx
|
tasks:
|
||||||
# state: restarted
|
- import_tasks: tasks/nginx/install.yml
|
||||||
# tasks:
|
|
||||||
# - name: Install nginx and certbot
|
- name: Install configuration
|
||||||
# become: true
|
become: true
|
||||||
# dnf:
|
copy:
|
||||||
# name:
|
src: nginx.conf
|
||||||
# - nginx
|
dest: /etc/nginx/nginx.conf
|
||||||
# - certbot
|
notify:
|
||||||
# - python3-certbot-nginx
|
- restart-nginx
|
||||||
# state: present
|
|
||||||
#
|
- name: Set required SELinux options
|
||||||
# - name: Enable and start nginx
|
become: true
|
||||||
# become: true
|
seboolean:
|
||||||
# systemd:
|
name: httpd_can_network_connect
|
||||||
# name: nginx
|
persistent: true
|
||||||
# state: started
|
state: true
|
||||||
# enabled: true
|
notify:
|
||||||
#
|
- restart-nginx
|
||||||
# - name: Install configuration
|
|
||||||
# become: true
|
|
||||||
# copy:
|
|
||||||
# src: nginx.conf
|
|
||||||
# dest: /etc/nginx/nginx.conf
|
|
||||||
# notify:
|
|
||||||
# - restart_nginx
|
|
||||||
#
|
|
||||||
# # sudo setsebool -P httpd_can_network_connect on
|
|
||||||
|
@ -1,7 +1,6 @@
|
|||||||
---
|
---
|
||||||
- name: Bootstrap remote ansible environment
|
- name: Bootstrap remote ansible environment
|
||||||
hosts: all
|
hosts: all
|
||||||
|
|
||||||
tags:
|
tags:
|
||||||
- always
|
- always
|
||||||
vars:
|
vars:
|
||||||
@ -39,16 +38,6 @@
|
|||||||
cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages"
|
cmd: "{{ ansible_python_interpreter }} -m venv {{ omni_ansible_venv }} --system-site-packages"
|
||||||
creates: "{{ omni_ansible_venv }}/bin/python"
|
creates: "{{ omni_ansible_venv }}/bin/python"
|
||||||
|
|
||||||
# - name: Assign ownership of the virtualenv to ansible
|
|
||||||
# become: true
|
|
||||||
# file:
|
|
||||||
# path: "{{ omni_ansible_venv }}"
|
|
||||||
# state: directory
|
|
||||||
# owner: "{{ ansible_user }}"
|
|
||||||
# group: "{{ ansible_user }}"
|
|
||||||
# mode: 0755
|
|
||||||
# follow: false
|
|
||||||
|
|
||||||
- name: Generate remote requirements file locally
|
- name: Generate remote requirements file locally
|
||||||
delegate_to: 127.0.0.1
|
delegate_to: 127.0.0.1
|
||||||
command:
|
command:
|
||||||
|
37
resources/nginx.conf
Normal file
37
resources/nginx.conf
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
# Ansible managed file
|
||||||
|
# DO NOT MANUALLY EDIT
|
||||||
|
#
|
||||||
|
user nginx;
|
||||||
|
worker_processes auto;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
pid /run/nginx.pid;
|
||||||
|
|
||||||
|
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
|
||||||
|
include /usr/share/nginx/modules/*.conf;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
log_format main '$time_local $remote_addr[$status] - $remote_addr($remote_user) - $body_bytes_sent - "$request" "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
# Load modular configuration files from the /etc/nginx/conf.d directory.
|
||||||
|
# See http://nginx.org/en/docs/ngx_core_module.html#include
|
||||||
|
# for more information.
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
|
}
|
||||||
|
#
|
||||||
|
# EOF
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
- name: Install systemd-networkd on Fedora
|
- name: Install systemd-networkd on Fedora
|
||||||
when: ansible_distribution == "Fedora" and ansible_distribution_major_version == "8"
|
when: ansible_distribution == "Fedora"
|
||||||
become: true
|
become: true
|
||||||
dnf:
|
dnf:
|
||||||
state: "{{ _runtime_update_state }}"
|
state: "{{ _runtime_update_state }}"
|
||||||
|
36
tasks/nginx/install.yml
Normal file
36
tasks/nginx/install.yml
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
---
|
||||||
|
- name: Install Nginx and CertBot on CentOS 8 and Fedora
|
||||||
|
when: >-
|
||||||
|
(ansible_distribution == "CentOS" and ansible_distribution_major_version == "8")
|
||||||
|
or
|
||||||
|
ansible_distribution == "Fedora"
|
||||||
|
become: true
|
||||||
|
dnf:
|
||||||
|
state: "{{ _runtime_update_state }}"
|
||||||
|
name:
|
||||||
|
- nginx
|
||||||
|
- certbot
|
||||||
|
- python3-certbot-nginx
|
||||||
|
notify:
|
||||||
|
- restart-nginx
|
||||||
|
|
||||||
|
- name: Install Nginx and CertBot on CentOS 7
|
||||||
|
when: ansible_distribution == "CentOS" and ansible_distribution_major_version == "7"
|
||||||
|
become: true
|
||||||
|
yum:
|
||||||
|
state: "{{ _runtime_update_state }}"
|
||||||
|
name:
|
||||||
|
- nginx
|
||||||
|
- certbot
|
||||||
|
- python-certbot-nginx
|
||||||
|
notify:
|
||||||
|
- restart-nginx
|
||||||
|
|
||||||
|
#
|
||||||
|
# - name: Install configuration
|
||||||
|
# become: true
|
||||||
|
# copy:
|
||||||
|
# src: nginx.conf
|
||||||
|
# dest: /etc/nginx/nginx.conf
|
||||||
|
# notify:
|
||||||
|
# - restart_nginx
|
7
tasks/nginx/services.yml
Normal file
7
tasks/nginx/services.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
- name: Restart nginx
|
||||||
|
become: true
|
||||||
|
systemd:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
enabled: true
|
Reference in New Issue
Block a user