Обновить playbook2_web.yml
This commit is contained in:
@@ -1,10 +1,8 @@
|
|||||||
---
|
---
|
||||||
- name: Configure Angie Web Server
|
- name: Configure Angie Web Server (ALT Linux)
|
||||||
hosts: server
|
hosts: server
|
||||||
become: true
|
become: true
|
||||||
vars:
|
vars:
|
||||||
angie_repo_key: "https://angie.software/keys/angie-release-key.gpg"
|
|
||||||
angie_repo: "https://angie.software/packages/debian/dists/stable/main/binary-$(ARCH)/"
|
|
||||||
ssl_cert_path: "/etc/angie/ssl/www.au.team.crt"
|
ssl_cert_path: "/etc/angie/ssl/www.au.team.crt"
|
||||||
ssl_key_path: "/etc/angie/ssl/www.au.team.key"
|
ssl_key_path: "/etc/angie/ssl/www.au.team.key"
|
||||||
server_name: "www.au.team"
|
server_name: "www.au.team"
|
||||||
@@ -12,36 +10,19 @@
|
|||||||
listen_port_https: 443
|
listen_port_https: 443
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Install prerequisites for Angie repo
|
- name: Update package cache (ALT Linux)
|
||||||
ansible.builtin.apt:
|
ansible.builtin.command:
|
||||||
name:
|
cmd: apt-rpm update
|
||||||
- gnupg
|
changed_when: false
|
||||||
- ca-certificates
|
tags:
|
||||||
- curl
|
- angie
|
||||||
- apt-transport-https
|
|
||||||
state: present
|
|
||||||
update_cache: true
|
|
||||||
tags: angie
|
|
||||||
|
|
||||||
- name: Add Angie GPG key
|
- name: Install Angie web server (ALT Linux)
|
||||||
ansible.builtin.apt_key:
|
ansible.builtin.package:
|
||||||
url: "{{ angie_repo_key }}"
|
|
||||||
state: present
|
|
||||||
tags: angie
|
|
||||||
|
|
||||||
- name: Add Angie repository
|
|
||||||
ansible.builtin.apt_repository:
|
|
||||||
repo: "deb [arch=amd64] https://angie.software/packages/debian stable main"
|
|
||||||
state: present
|
|
||||||
filename: angie
|
|
||||||
tags: angie
|
|
||||||
|
|
||||||
- name: Install Angie web server
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: angie
|
name: angie
|
||||||
state: present
|
state: present
|
||||||
update_cache: true
|
tags:
|
||||||
tags: angie
|
- angie
|
||||||
|
|
||||||
- name: Create SSL directory
|
- name: Create SSL directory
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
@@ -50,7 +31,8 @@
|
|||||||
mode: '0755'
|
mode: '0755'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
tags: ssl
|
tags:
|
||||||
|
- ssl
|
||||||
|
|
||||||
- name: Generate self-signed SSL certificate
|
- name: Generate self-signed SSL certificate
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
@@ -61,7 +43,8 @@
|
|||||||
-subj "/C=RU/ST=Moscow/L=Moscow/O=AU Team/CN={{ server_name }}"
|
-subj "/C=RU/ST=Moscow/L=Moscow/O=AU Team/CN={{ server_name }}"
|
||||||
creates: "{{ ssl_cert_path }}"
|
creates: "{{ ssl_cert_path }}"
|
||||||
notify: Reload angie
|
notify: Reload angie
|
||||||
tags: ssl
|
tags:
|
||||||
|
- ssl
|
||||||
|
|
||||||
- name: Set proper permissions for SSL key
|
- name: Set proper permissions for SSL key
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
@@ -69,19 +52,21 @@
|
|||||||
mode: '0600'
|
mode: '0600'
|
||||||
owner: root
|
owner: root
|
||||||
group: root
|
group: root
|
||||||
tags: ssl
|
tags:
|
||||||
|
- ssl
|
||||||
|
|
||||||
- name: Create index.html with server name
|
- name: Create index.html with server name
|
||||||
ansible.builtin.copy:
|
ansible.builtin.copy:
|
||||||
content: "{{ inventory_hostname }} by Angie!\n"
|
content: "{{ inventory_hostname }} by Angie!\n"
|
||||||
dest: /var/www/html/index.html
|
dest: /var/www/html/index.html
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
owner: www-data
|
owner: root
|
||||||
group: www-data
|
group: root
|
||||||
tags: web
|
tags:
|
||||||
|
- web
|
||||||
|
|
||||||
- name: Configure Angie vhost with HTTPS and HTTP redirect
|
- name: Configure Angie vhost with HTTPS and HTTP redirect
|
||||||
ansible.builtin.template:
|
ansible.builtin.copy:
|
||||||
content: |
|
content: |
|
||||||
# HTTP server - redirect to HTTPS
|
# HTTP server - redirect to HTTPS
|
||||||
server {
|
server {
|
||||||
@@ -110,49 +95,25 @@
|
|||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
|
||||||
# Add HSTS header
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
}
|
}
|
||||||
dest: /etc/angie/sites-available/www.au.team.conf
|
dest: /etc/angie/conf.d/www.au.team.conf
|
||||||
mode: '0644'
|
mode: '0644'
|
||||||
backup: true
|
backup: true
|
||||||
notify: Reload angie
|
notify: Reload angie
|
||||||
tags: web
|
tags:
|
||||||
|
- web
|
||||||
- name: Enable site configuration
|
|
||||||
ansible.builtin.file:
|
|
||||||
src: /etc/angie/sites-available/www.au.team.conf
|
|
||||||
dest: /etc/angie/sites-enabled/www.au.team.conf
|
|
||||||
state: link
|
|
||||||
notify: Reload angie
|
|
||||||
tags: web
|
|
||||||
|
|
||||||
- name: Disable default site if exists
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /etc/angie/sites-enabled/default
|
|
||||||
state: absent
|
|
||||||
notify: Reload angie
|
|
||||||
tags: web
|
|
||||||
|
|
||||||
- name: Add www.au.team to /etc/hosts for local resolution
|
|
||||||
ansible.builtin.lineinfile:
|
|
||||||
path: /etc/hosts
|
|
||||||
regexp: '^127\.0\.1\.1\s+www\.au\.team'
|
|
||||||
line: "127.0.1.1 {{ server_name }}"
|
|
||||||
state: present
|
|
||||||
tags: dns
|
|
||||||
|
|
||||||
- name: Enable and start Angie service
|
- name: Enable and start Angie service
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: angie
|
name: angie
|
||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
daemon_reload: true
|
tags:
|
||||||
tags: angie
|
- angie
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
- name: Reload angie
|
- name: Reload angie
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: angie
|
name: angie
|
||||||
state: reloaded
|
state: reloaded
|
||||||
daemon_reload: true
|
|
||||||
Reference in New Issue
Block a user