From 91445e4c60dd8f62466bbbf796a93ddbc3822eb6 Mon Sep 17 00:00:00 2001 From: reqwizz Date: Mon, 4 Nov 2024 21:18:43 +0300 Subject: [PATCH] add ssl --- ansible/playbook.yml | 51 +++++++++++++++++++++++++++----------------- 1 file changed, 31 insertions(+), 20 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 949c0bb..e180bd0 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -2,10 +2,6 @@ become: true tasks: - - name: Refresh repositories - command: 'zypper refresh' - ignore_errors: yes - - name: Install Nginx zypper: name: nginx @@ -82,10 +78,6 @@ become: true tasks: - - name: Refresh repositories - command: 'zypper refresh' - ignore_errors: yes - - name: Install Nginx zypper: name: nginx @@ -162,10 +154,6 @@ become: true tasks: - - name: Refresh repositories - command: 'zypper refresh' - ignore_errors: yes - - name: Install Nginx zypper: name: nginx @@ -173,7 +161,27 @@ force: yes update_cache: yes - - name: Configure Nginx as proxy + - name: Set hostname to vlad4 + hostname: + name: vlad4 + + - name: Create SSL directory + file: + path: /etc/nginx/ssl + state: directory + mode: '0700' + + - name: Generate self-signed SSL certificate + openssl_certificate: + path: /etc/nginx/ssl/vlad4.crt + privatekey_path: /etc/nginx/ssl/vlad4.key + common_name: "vlad4" + owner: root + group: root + mode: '0600' + provider: selfsigned + + - name: Configure Nginx as HTTPS proxy copy: content: | upstream backend_servers { @@ -183,6 +191,16 @@ server { listen 80; + server_name vlad4; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl; + server_name vlad4; + + ssl_certificate /etc/nginx/ssl/vlad4.crt; + ssl_certificate_key /etc/nginx/ssl/vlad4.key; location / { proxy_pass http://backend_servers; @@ -205,13 +223,6 @@ state: started enabled: true - - name: Open port 80 for HTTP - ansible.builtin.firewalld: - port: 80/tcp - permanent: true - state: enabled - immediate: yes - - name: Open port 443 for HTTPS ansible.builtin.firewalld: port: 443/tcp