101 lines
2.2 KiB
YAML
101 lines
2.2 KiB
YAML
---
|
|
- name: Uninstall web server packages that may conflict with nginx
|
|
apt:
|
|
name:
|
|
- apache2
|
|
- lighttpd
|
|
state: absent
|
|
|
|
- name: Unhold nginx-related packages for updates
|
|
dpkg_selections:
|
|
name: "{{ nginx_pkg_select }}"
|
|
selection: install
|
|
loop:
|
|
- "nginx"
|
|
- "nginx-common"
|
|
- "nginx-extras"
|
|
loop_control:
|
|
loop_var: nginx_pkg_select
|
|
|
|
- name: Remove any older nginx
|
|
apt:
|
|
name:
|
|
- nginx
|
|
- nginx-common
|
|
- nginx-extras
|
|
state: absent
|
|
purge: true
|
|
|
|
- name: Install nginx
|
|
apt:
|
|
name:
|
|
- nginx
|
|
- nginx-common
|
|
- libnginx-mod-nchan
|
|
|
|
- name: Remove default nginx site symlink
|
|
file:
|
|
path: "/etc/nginx/sites-enabled/default"
|
|
state: absent
|
|
|
|
- name: Add nginx global config
|
|
template:
|
|
src: nginx.conf.j2
|
|
dest: /etc/nginx/nginx.conf
|
|
force: true
|
|
backup: true
|
|
mode: 0644
|
|
|
|
- name: Add app-specific nginx site
|
|
template:
|
|
src: default.j2
|
|
dest: /etc/nginx/sites-available/00-azuracast
|
|
force: true
|
|
mode: 0644
|
|
|
|
- name: Link app-specific nginx site
|
|
file:
|
|
path: "/etc/nginx/sites-enabled/00-azuracast"
|
|
state: link
|
|
src: "/etc/nginx/sites-available/00-azuracast"
|
|
|
|
- name: Turn sendfile off on nginx for local development
|
|
replace:
|
|
dest: /etc/nginx/nginx.conf
|
|
regexp: 'sendfile on;'
|
|
replace: 'sendfile off;'
|
|
when: app_env == "development"
|
|
|
|
- name: Create self-signed SSL cert
|
|
command: >-
|
|
openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=${ansible_fqdn}" -days 3650
|
|
-keyout {{ app_base }}/acme/default.key -out {{ app_base }}/acme/default.crt -extensions v3_ca
|
|
args:
|
|
creates: "{{ app_base }}/acme/default.crt"
|
|
|
|
- name: Link self-signed SSL key if applicable.
|
|
file:
|
|
path: "{{ app_base }}/acme/ssl.key"
|
|
state: link
|
|
src: "{{ app_base }}/acme/default.key"
|
|
|
|
- name: Link self-signed SSL cert if applicable.
|
|
file:
|
|
path: "{{ app_base }}/acme/ssl.crt"
|
|
state: link
|
|
src: "{{ app_base }}/acme/default.crt"
|
|
|
|
- name: Install Nginx Supervisord conf
|
|
template:
|
|
src: supervisor.conf.j2
|
|
dest: /etc/supervisor/conf.d/nginx.conf
|
|
force: true
|
|
mode: 0644
|
|
|
|
- name: Disable Nginx service
|
|
service:
|
|
name: "nginx"
|
|
enabled: false
|
|
state: stopped
|
|
ignore_errors: true
|