2016-09-30 10:59:00 +02:00
|
|
|
---
|
|
|
|
- name: Ensure Nginx is installed
|
|
|
|
apt:
|
|
|
|
name: nginx-full
|
2017-01-12 17:37:48 +01:00
|
|
|
state: present
|
2016-09-30 10:59:00 +02:00
|
|
|
notify: restart nginx
|
|
|
|
tags:
|
2017-01-03 16:50:46 +01:00
|
|
|
- nginx
|
|
|
|
- packages
|
2016-09-30 10:59:00 +02:00
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
# TODO: find a way to override the main configuration
|
|
|
|
# without touching the main file
|
|
|
|
|
|
|
|
- name: customize worker_connections
|
|
|
|
lineinfile:
|
2016-09-30 10:59:00 +02:00
|
|
|
dest: /etc/nginx/nginx.conf
|
2016-11-07 14:00:57 +01:00
|
|
|
regexp: '^(\s*worker_connections)\s+.+;'
|
|
|
|
line: ' worker_connections 1024;'
|
|
|
|
insertafter: 'events \{'
|
2017-01-03 16:50:46 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: use epoll
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/nginx.conf
|
|
|
|
regexp: '^(\s*use)\s+.+;'
|
|
|
|
line: ' use epoll;'
|
|
|
|
insertafter: 'events \{'
|
2017-01-03 16:50:46 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- name: Install Nginx http configuration
|
|
|
|
copy:
|
|
|
|
src: nginx/evolinux-defaults.conf
|
|
|
|
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
2017-03-23 16:59:43 +01:00
|
|
|
mode: "0640"
|
2016-09-30 10:59:00 +02:00
|
|
|
# force: yes
|
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2017-01-03 16:50:46 +01:00
|
|
|
- nginx
|
2016-09-30 10:59:00 +02:00
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
# TODO: verify that those permissions are correct :
|
2016-11-22 17:01:29 +01:00
|
|
|
# not too strict for private_ipaddr_whitelist
|
|
|
|
# and not too loose for private_htpasswd
|
|
|
|
|
2016-11-23 16:55:02 +01:00
|
|
|
- name: Copy private_ipaddr_whitelist
|
2016-09-30 10:59:00 +02:00
|
|
|
copy:
|
2016-11-23 16:55:02 +01:00
|
|
|
src: nginx/snippets/private_ipaddr_whitelist
|
|
|
|
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
2016-11-22 17:01:29 +01:00
|
|
|
owner: www-data
|
|
|
|
group: www-data
|
2017-03-23 16:59:43 +01:00
|
|
|
directory_mode: "0640"
|
|
|
|
mode: "0640"
|
2016-11-23 16:55:02 +01:00
|
|
|
force: no
|
2016-09-30 10:59:00 +02:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2017-01-03 16:50:46 +01:00
|
|
|
- nginx
|
2016-09-30 10:59:00 +02:00
|
|
|
|
|
|
|
- name: add IP addresses to private IP whitelist
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
|
|
|
line: "allow {{ item }};"
|
|
|
|
state: present
|
|
|
|
with_items: "{{ nginx_private_ipaddr_whitelist_present }}"
|
2016-11-23 16:55:02 +01:00
|
|
|
notify: reload nginx
|
2017-01-03 16:50:46 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
2016-09-30 10:59:00 +02:00
|
|
|
|
|
|
|
- name: remove IP addresses from private IP whitelist
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/snippets/private_ipaddr_whitelist
|
|
|
|
line: "allow {{ item }};"
|
|
|
|
state: absent
|
|
|
|
with_items: "{{ nginx_private_ipaddr_whitelist_absent }}"
|
2016-11-23 16:55:02 +01:00
|
|
|
notify: reload nginx
|
2017-01-03 16:50:46 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
2016-11-23 16:55:02 +01:00
|
|
|
|
|
|
|
- name: Copy private_htpasswd
|
|
|
|
copy:
|
|
|
|
src: nginx/snippets/private_htpasswd
|
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
owner: www-data
|
|
|
|
group: www-data
|
2017-03-23 16:59:43 +01:00
|
|
|
directory_mode: "0640"
|
|
|
|
mode: "0640"
|
2016-11-23 16:55:02 +01:00
|
|
|
force: no
|
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2017-01-03 16:50:46 +01:00
|
|
|
- nginx
|
2016-09-30 10:59:00 +02:00
|
|
|
|
|
|
|
- name: add user:pwd to private htpasswd
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
line: "{{ item }}"
|
|
|
|
state: present
|
|
|
|
with_items: "{{ nginx_private_htpasswd_present }}"
|
2016-11-23 16:55:02 +01:00
|
|
|
notify: reload nginx
|
2017-01-03 16:50:46 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
2016-09-30 10:59:00 +02:00
|
|
|
|
|
|
|
- name: remove user:pwd from private htpasswd
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
line: "{{ item }}"
|
|
|
|
state: absent
|
|
|
|
with_items: "{{ nginx_private_htpasswd_absent }}"
|
2016-11-23 16:55:02 +01:00
|
|
|
notify: reload nginx
|
2017-01-03 16:50:46 +01:00
|
|
|
tags:
|
|
|
|
- nginx
|
2016-09-30 10:59:00 +02:00
|
|
|
|
|
|
|
- name: Verify that the service is enabled and started
|
|
|
|
service:
|
|
|
|
name: nginx
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
tags:
|
2017-01-03 16:50:46 +01:00
|
|
|
- nginx
|
2016-09-30 10:59:00 +02:00
|
|
|
|
|
|
|
- name: Check if Munin is installed
|
|
|
|
stat:
|
|
|
|
path: /etc/munin/plugin-conf.d/munin-node
|
2017-03-24 14:15:09 +01:00
|
|
|
check_mode: no
|
2016-09-30 10:59:00 +02:00
|
|
|
register: stat_munin_node
|
|
|
|
tags:
|
2017-01-03 16:50:46 +01:00
|
|
|
- nginx
|
|
|
|
- munin
|
2016-09-30 10:59:00 +02:00
|
|
|
|
2016-11-07 14:00:57 +01:00
|
|
|
- include: munin_vhost.yml
|
|
|
|
when: stat_munin_node.stat.exists
|
|
|
|
tags:
|
2017-01-03 16:50:46 +01:00
|
|
|
- nginx
|
|
|
|
- munin
|
2016-11-07 14:00:57 +01:00
|
|
|
|
|
|
|
- include: munin_graphs.yml
|
2016-09-30 10:59:00 +02:00
|
|
|
when: stat_munin_node.stat.exists
|
|
|
|
tags:
|
2017-01-03 16:50:46 +01:00
|
|
|
- nginx
|
|
|
|
- munin
|
|
|
|
|
|
|
|
- include: logrotate.yml
|