- name: Install nginx package: name: nginx state: latest - name: Install nginx.conf template: src: templates/nginx.conf.j2 dest: /etc/nginx/nginx.conf owner: nginx group: nginx mode: '0644' notify: Restart nginx - name: Install openssl package: name: openssl state: latest when: nginx_ssl_enabled - name: Create nginx ssl directory file: path: /etc/nginx/ssl state: directory mode: '0755' when: nginx_ssl_enabled - name: Generate dhparams command: cmd: openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 creates: /etc/nginx/ssl/dhparam.pem notify: Restart nginx when: nginx_ssl_enabled - name: Copy SSL certificate into place for SSL enabled nginx server copy: src: /root/.lego/certificates/{{ inventory_hostname }}.crt dest: /etc/nginx/ssl/{{ inventory_hostname }}.crt owner: nginx group: nginx mode: 0600 remote_src: true when: nginx_ssl_enabled - name: Copy SSL key into place for SSL enabled nginx server copy: src: /root/.lego/certificates/{{ inventory_hostname }}.key dest: /etc/nginx/ssl/{{ inventory_hostname }}.key owner: nginx group: nginx mode: 0600 remote_src: true when: nginx_ssl_enabled - name: Create web root file: path: /srv/http/{{ inventory_hostname }}/html state: directory owner: nginx group: nginx mode: '0755' - name: Start and enable nginx service: name: nginx state: started enabled: true - name: Permanently enable http service ansible.posix.firewalld: service: http state: enabled permanent: true immediate: true offline: true - name: Permanently enable https service ansible.posix.firewalld: service: https state: enabled permanent: true immediate: true offline: true when: nginx_ssl_enabled - name: Create nginx non-ssl vhost template: src: templates/vhost.conf.j2 dest: /etc/nginx/conf.d/{{ inventory_hostname}}.conf owner: nginx group: nginx mode: '0644' notify: Restart nginx when: not nginx_ssl_enabled - name: Create nginx ssl vhost template: src: templates/vhost_ssl.conf.j2 dest: /etc/nginx/conf.d/{{ inventory_hostname }}.conf owner: nginx group: nginx mode: '0644' notify: Restart nginx when: nginx_ssl_enabled