45 lines
1.1 KiB
YAML
45 lines
1.1 KiB
YAML
---
|
|
- name: Add Nginx GPG apt Key
|
|
apt_key:
|
|
url: https://nginx.org/keys/nginx_signing.key
|
|
keyring: /usr/share/keyrings/nginx-archive-keyring.gpg
|
|
state: present
|
|
|
|
- name: Add Nginx Mainline Repository
|
|
apt_repository:
|
|
repo: "deb [arch={{ deb_architecture }} signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
|
|
http://nginx.org/packages/mainline/ubuntu {{ ansible_distribution_release }} nginx"
|
|
state: present
|
|
update_cache: true
|
|
|
|
- name: Install Nginx
|
|
apt:
|
|
name: nginx
|
|
state: latest
|
|
update_cache: true
|
|
cache_valid_time: 3600
|
|
|
|
- name: Remove default.conf
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/conf.d/default.conf
|
|
state: absent
|
|
|
|
- name: Create global config folder
|
|
file:
|
|
path: "/etc/nginx/global"
|
|
mode: "0755"
|
|
state: directory
|
|
|
|
- name: Copy Nginx SSL Config
|
|
template:
|
|
dest: /etc/nginx/global/ssl.conf
|
|
src: ssl.conf.j2
|
|
mode: "0644"
|
|
notify: Reload nginx
|
|
|
|
- name: Download pre-defined DHE group # as recommended by IETF RFC 7919
|
|
get_url:
|
|
url: https://github.com/internetstandards/dhe_groups/raw/main/ffdhe4096.pem
|
|
dest: "{{ nginx_ssl_dhparam }}"
|
|
notify: Reload nginx
|