49 lines
1.3 KiB
YAML
49 lines
1.3 KiB
YAML
---
|
|
# Tasks to be run inside the Nginx proxy container
|
|
|
|
- set_fact:
|
|
container: '{{ nombre | urlencode | lower | regex_replace("_", "-") }}'
|
|
|
|
- name: Create basic Nginx config for new container
|
|
template:
|
|
src: newsite.conf.j2
|
|
dest: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf'
|
|
|
|
- name: Create folder for Let's Encrypt files
|
|
file:
|
|
path: '/var/www/{{ container }}'
|
|
state: directory
|
|
owner: www-data
|
|
group: www-data
|
|
mode: '0755'
|
|
|
|
- name: Restart Nginx
|
|
systemd:
|
|
name: nginx
|
|
state: restarted
|
|
|
|
- name: Request Let's Encrypt certificate
|
|
command:
|
|
cmd: 'certbot --redirect --agree-tos -m {{ email }} --hsts --nginx -n -d {{ container }}.{{ dominio }}'
|
|
|
|
# Certbot doesn't add proxy_protocol.
|
|
# (https://github.com/certbot/certbot/issues/8057)
|
|
|
|
- name: Use Proxy protocol in port 443
|
|
lineinfile:
|
|
path: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf'
|
|
line: ' listen 443 ssl proxy_protocol;'
|
|
regexp: '^ listen 443'
|
|
|
|
- name: Use Proxy protocol in port 443 IPv6
|
|
lineinfile:
|
|
path: '/etc/nginx/conf.d/{{ container }}.{{ dominio }}.conf'
|
|
line: ' listen [::]:443 ssl proxy_protocol;'
|
|
regexp: '^ listen .....443'
|
|
|
|
- name: Restart Nginx again
|
|
systemd:
|
|
name: nginx
|
|
state: restarted
|
|
|