60 lines
1.5 KiB
YAML
60 lines
1.5 KiB
YAML
---
|
|
# Tasks to be run inside the Nginx proxy container
|
|
|
|
- set_fact:
|
|
container: '{{ nombre | urlencode | lower | regex_replace("_", "-") }}'
|
|
|
|
- name: Create basic Nginx config for new container
|
|
template:
|
|
src: newsite.conf.j2
|
|
dest: '/etc/nginx/sites-available/{{ container }}.{{ dominio }}'
|
|
|
|
- name: Enable Nginx config for new container
|
|
file:
|
|
state: link
|
|
src: '/etc/nginx/sites-available/{{ container }}.{{ dominio }}'
|
|
dest: '/etc/nginx/sites-enabled/{{ container }}.{{ dominio }}'
|
|
|
|
- name: Create folder for Let's Encrypt files
|
|
file:
|
|
path: '/var/www/{{ container }}'
|
|
state: directory
|
|
owner: www-data
|
|
group: www-data
|
|
mode: '0755'
|
|
|
|
- name: Restart Nginx
|
|
systemd:
|
|
name: nginx
|
|
state: restarted
|
|
|
|
- name: Install Let's Encrypt certbot
|
|
apt:
|
|
name: certbot
|
|
state: latest
|
|
|
|
- name: Request Let's Encrypt certificate
|
|
command:
|
|
cmd: 'certbot --redirect --agree-tos -m {{ email }} --hsts --nginx -n -d {{ container }}.{{ dominio }}'
|
|
|
|
# Certbot doesn't add proxy_protocol.
|
|
# (https://github.com/certbot/certbot/issues/8057)
|
|
|
|
- name: Use Proxy protocol in port 443
|
|
lineinfile:
|
|
path: '/etc/nginx/sites-available/{{ container }}.{{ dominio }}'
|
|
line: ' listen 443 ssl proxy_protocol;'
|
|
regexp: '^ listen 443'
|
|
|
|
- name: Use Proxy protocol in port 443 IPv6
|
|
lineinfile:
|
|
path: '/etc/nginx/sites-available/{{ container }}.{{ dominio }}'
|
|
line: ' listen [::]:443 ssl proxy_protocol;'
|
|
regexp: '^ listen .....443'
|
|
|
|
- name: Restart Nginx again
|
|
systemd:
|
|
name: nginx
|
|
state: restarted
|
|
|