--- - name: Uninstall web server packages that may conflict with nginx apt: name: - apache2 - lighttpd state: absent - name: Unhold nginx-related packages for updates dpkg_selections: name: "{{ nginx_pkg_select }}" selection: install loop: - "nginx" - "nginx-common" - "nginx-extras" loop_control: loop_var: nginx_pkg_select - name: Remove any older nginx apt: name: - nginx - nginx-common - nginx-extras state: absent purge: true - name: Install nginx apt: name: - nginx - nginx-common - libnginx-mod-nchan - name: Remove default nginx site symlink file: path: "/etc/nginx/sites-enabled/default" state: absent - name: Add nginx global config template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf force: true backup: true mode: 0644 - name: Add app-specific nginx site template: src: default.j2 dest: /etc/nginx/sites-available/00-azuracast force: true mode: 0644 - name: Link app-specific nginx site file: path: "/etc/nginx/sites-enabled/00-azuracast" state: link src: "/etc/nginx/sites-available/00-azuracast" - name: Turn sendfile off on nginx for local development replace: dest: /etc/nginx/nginx.conf regexp: 'sendfile on;' replace: 'sendfile off;' when: app_env == "development" - name: Create self-signed SSL cert command: >- openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=${ansible_fqdn}" -days 3650 -keyout {{ app_base }}/acme/default.key -out {{ app_base }}/acme/default.crt -extensions v3_ca args: creates: "{{ app_base }}/acme/default.crt" - name: Link self-signed SSL key if applicable. file: path: "{{ app_base }}/acme/ssl.key" state: link src: "{{ app_base }}/acme/default.key" - name: Link self-signed SSL cert if applicable. file: path: "{{ app_base }}/acme/ssl.crt" state: link src: "{{ app_base }}/acme/default.crt" - name: Install Nginx Supervisord conf template: src: supervisor.conf.j2 dest: /etc/supervisor/conf.d/nginx.conf force: true mode: 0644 - name: Disable Nginx service service: name: "nginx" enabled: false state: stopped ignore_errors: true