admin/ansiblerazvert
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1328760ea22f6ab78e4cb3d5c22e8605d8cdd141
ansiblerazvert/playbook2_web.yml

158 lines
4.4 KiB
YAML
Raw Blame History

---
- name: Configure Angie Web Server
hosts: server
become: true
vars:
angie_repo_key: "https://angie.software/keys/angie-release-key.gpg"
angie_repo: "https://angie.software/packages/debian/dists/stable/main/binary-$(ARCH)/"
ssl_cert_path: "/etc/angie/ssl/www.au.team.crt"
ssl_key_path: "/etc/angie/ssl/www.au.team.key"
server_name: "www.au.team"
listen_port_http: 80
listen_port_https: 443
tasks:
- name: Install prerequisites for Angie repo
ansible.builtin.apt:
name:
- gnupg
- ca-certificates
- curl
- apt-transport-https
state: present
update_cache: true
tags: angie
- name: Add Angie GPG key
ansible.builtin.apt_key:
url: "{{ angie_repo_key }}"
state: present
tags: angie
- name: Add Angie repository
ansible.builtin.apt_repository:
repo: "deb [arch=amd64] https://angie.software/packages/debian stable main"
state: present
filename: angie
tags: angie
- name: Install Angie web server
ansible.builtin.apt:
name: angie
state: present
update_cache: true
tags: angie
- name: Create SSL directory
ansible.builtin.file:
path: /etc/angie/ssl
state: directory
mode: '0755'
owner: root
group: root
tags: ssl
- name: Generate self-signed SSL certificate
ansible.builtin.command:
cmd: >
openssl req -x509 -nodes -days 3650 -newkey rsa:2048
-keyout {{ ssl_key_path }}
-out {{ ssl_cert_path }}
-subj "/C=RU/ST=Moscow/L=Moscow/O=AU Team/CN={{ server_name }}"
creates: "{{ ssl_cert_path }}"
notify: Reload angie
tags: ssl
- name: Set proper permissions for SSL key
ansible.builtin.file:
path: "{{ ssl_key_path }}"
mode: '0600'
owner: root
group: root
tags: ssl
- name: Create index.html with server name
ansible.builtin.copy:
content: "{{ inventory_hostname }} by Angie!\n"
dest: /var/www/html/index.html
mode: '0644'
owner: www-data
group: www-data
tags: web
- name: Configure Angie vhost with HTTPS and HTTP redirect
ansible.builtin.template:
content: |
# HTTP server - redirect to HTTPS
server {
listen {{ listen_port_http }};
listen [::]:{{ listen_port_http }};
server_name {{ server_name }};
return 301 https://$host$request_uri;
}
# HTTPS server
server {
listen {{ listen_port_https }} ssl;
listen [::]:{{ listen_port_https }} ssl;
server_name {{ server_name }};
ssl_certificate {{ ssl_cert_path }};
ssl_certificate_key {{ ssl_key_path }};
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /var/www/html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
# Add HSTS header
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
dest: /etc/angie/sites-available/www.au.team.conf
mode: '0644'
backup: true
notify: Reload angie
tags: web
- name: Enable site configuration
ansible.builtin.file:
src: /etc/angie/sites-available/www.au.team.conf
dest: /etc/angie/sites-enabled/www.au.team.conf
state: link
notify: Reload angie
tags: web
- name: Disable default site if exists
ansible.builtin.file:
path: /etc/angie/sites-enabled/default
state: absent
notify: Reload angie
tags: web
- name: Add www.au.team to /etc/hosts for local resolution
ansible.builtin.lineinfile:
path: /etc/hosts
regexp: '^127\.0\.1\.1\s+www\.au\.team'
line: "127.0.1.1 {{ server_name }}"
state: present
tags: dns
- name: Enable and start Angie service
ansible.builtin.systemd:
name: angie
enabled: true
state: started
daemon_reload: true
tags: angie
handlers:
- name: Reload angie
ansible.builtin.systemd:
name: angie
state: reloaded
daemon_reload: true
Reference in New Issue View Git Blame Copy Permalink