reqwizz/coursework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add ssl

Browse Source
This commit is contained in:
reqwizz 2024-11-04 21:18:43 +03:00
parent bfad48fff1
commit 91445e4c60
1 changed files with 31 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
ansible/playbook.yml
View File

@ -2,10 +2,6 @@
become: true
tasks:
- name: Refresh repositories
command: 'zypper refresh'
ignore_errors: yes
- name: Install Nginx
zypper:
name: nginx
@ -82,10 +78,6 @@
become: true
tasks:
- name: Refresh repositories
command: 'zypper refresh'
ignore_errors: yes
- name: Install Nginx
zypper:
name: nginx
@ -162,10 +154,6 @@
become: true
tasks:
- name: Refresh repositories
command: 'zypper refresh'
ignore_errors: yes
- name: Install Nginx
zypper:
name: nginx
@ -173,7 +161,27 @@
force: yes
update_cache: yes
- name: Configure Nginx as proxy
- name: Set hostname to vlad4
hostname:
name: vlad4
- name: Create SSL directory
file:
path: /etc/nginx/ssl
state: directory
mode: '0700'
- name: Generate self-signed SSL certificate
openssl_certificate:
path: /etc/nginx/ssl/vlad4.crt
privatekey_path: /etc/nginx/ssl/vlad4.key
common_name: "vlad4"
owner: root
group: root
mode: '0600'
provider: selfsigned
- name: Configure Nginx as HTTPS proxy
copy:
content: |
upstream backend_servers {
@ -183,6 +191,16 @@
server {
listen 80;
server_name vlad4;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name vlad4;
ssl_certificate /etc/nginx/ssl/vlad4.crt;
ssl_certificate_key /etc/nginx/ssl/vlad4.key;
location / {
proxy_pass http://backend_servers;
@ -205,13 +223,6 @@
state: started
enabled: true
- name: Open port 80 for HTTP
ansible.builtin.firewalld:
port: 80/tcp
permanent: true
state: enabled
immediate: yes
- name: Open port 443 for HTTPS
ansible.builtin.firewalld:
port: 443/tcp