--- - debug: msg: "Nginx minimal mode has been removed, falling back to normal mode." when: not nginx_minimal | bool - debug: msg: "Nginx minimal mode has been set, using minimal mode." when: nginx_minimal | bool - include: packages.yml - include: server_status_read.yml tags: - nginx # TODO: find a way to override the main configuration # without touching the main file - name: customize worker_connections lineinfile: dest: /etc/nginx/nginx.conf regexp: '^(\s*worker_connections)\s+.+;' line: ' worker_connections 1024;' insertafter: 'events \{' tags: - nginx - name: use epoll lineinfile: dest: /etc/nginx/nginx.conf regexp: '^(\s*use)\s+.+;' line: ' use epoll;' insertafter: 'events \{' tags: - nginx - name: Install Nginx http configuration copy: src: nginx/evolinux-defaults.conf dest: /etc/nginx/conf.d/z-evolinux-defaults.conf mode: "0640" # force: yes notify: reload nginx tags: - nginx # TODO: verify that those permissions are correct : # not too strict for ipaddr_whitelist # and not too loose for private_htpasswd - name: Copy ipaddr_whitelist copy: src: nginx/snippets/ipaddr_whitelist dest: /etc/nginx/snippets/ipaddr_whitelist owner: www-data group: www-data directory_mode: "0640" mode: "0640" force: no notify: reload nginx tags: - nginx - ips - name: Include IP address whitelist task include: ip_whitelist.yml - name: Copy private_htpasswd copy: src: nginx/snippets/private_htpasswd dest: /etc/nginx/snippets/private_htpasswd owner: www-data group: www-data directory_mode: "0640" mode: "0640" force: no notify: reload nginx tags: - nginx - name: add user:pwd to private htpasswd lineinfile: dest: /etc/nginx/snippets/private_htpasswd line: "{{ item }}" state: present loop: "{{ nginx_private_htpasswd_present }}" notify: reload nginx tags: - nginx - name: remove user:pwd from private htpasswd lineinfile: dest: /etc/nginx/snippets/private_htpasswd line: "{{ item }}" state: absent loop: "{{ nginx_private_htpasswd_absent }}" notify: reload nginx tags: - nginx - name: nginx vhost is installed template: src: "{{ nginx_default_template_regular }}" dest: /etc/nginx/sites-available/evolinux-default.conf mode: "0640" force: "{{ nginx_force_default_template | default(False) }}" notify: reload nginx tags: - nginx - name: default vhost is enabled file: src: /etc/nginx/sites-available/evolinux-default.conf dest: /etc/nginx/sites-enabled/default state: link force: yes notify: reload nginx when: nginx_evolinux_default_enabled | bool tags: - nginx - include: server_status_write.yml tags: - nginx - name: Verify that the service is enabled and started service: name: nginx enabled: yes state: started tags: - nginx - name: Check if Munin is installed stat: path: /etc/munin/plugin-conf.d/munin-node check_mode: no register: stat_munin_node tags: - nginx - munin - include: munin_vhost.yml when: stat_munin_node.stat.exists tags: - nginx - munin - include: munin_graphs.yml when: stat_munin_node.stat.exists tags: - nginx - munin - include: logrotate.yml