add ssl
This commit is contained in:
parent
bfad48fff1
commit
91445e4c60
@ -2,10 +2,6 @@
|
|||||||
become: true
|
become: true
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Refresh repositories
|
|
||||||
command: 'zypper refresh'
|
|
||||||
ignore_errors: yes
|
|
||||||
|
|
||||||
- name: Install Nginx
|
- name: Install Nginx
|
||||||
zypper:
|
zypper:
|
||||||
name: nginx
|
name: nginx
|
||||||
@ -82,10 +78,6 @@
|
|||||||
become: true
|
become: true
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Refresh repositories
|
|
||||||
command: 'zypper refresh'
|
|
||||||
ignore_errors: yes
|
|
||||||
|
|
||||||
- name: Install Nginx
|
- name: Install Nginx
|
||||||
zypper:
|
zypper:
|
||||||
name: nginx
|
name: nginx
|
||||||
@ -162,10 +154,6 @@
|
|||||||
become: true
|
become: true
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Refresh repositories
|
|
||||||
command: 'zypper refresh'
|
|
||||||
ignore_errors: yes
|
|
||||||
|
|
||||||
- name: Install Nginx
|
- name: Install Nginx
|
||||||
zypper:
|
zypper:
|
||||||
name: nginx
|
name: nginx
|
||||||
@ -173,7 +161,27 @@
|
|||||||
force: yes
|
force: yes
|
||||||
update_cache: yes
|
update_cache: yes
|
||||||
|
|
||||||
- name: Configure Nginx as proxy
|
- name: Set hostname to vlad4
|
||||||
|
hostname:
|
||||||
|
name: vlad4
|
||||||
|
|
||||||
|
- name: Create SSL directory
|
||||||
|
file:
|
||||||
|
path: /etc/nginx/ssl
|
||||||
|
state: directory
|
||||||
|
mode: '0700'
|
||||||
|
|
||||||
|
- name: Generate self-signed SSL certificate
|
||||||
|
openssl_certificate:
|
||||||
|
path: /etc/nginx/ssl/vlad4.crt
|
||||||
|
privatekey_path: /etc/nginx/ssl/vlad4.key
|
||||||
|
common_name: "vlad4"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0600'
|
||||||
|
provider: selfsigned
|
||||||
|
|
||||||
|
- name: Configure Nginx as HTTPS proxy
|
||||||
copy:
|
copy:
|
||||||
content: |
|
content: |
|
||||||
upstream backend_servers {
|
upstream backend_servers {
|
||||||
@ -183,6 +191,16 @@
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
server_name vlad4;
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
server_name vlad4;
|
||||||
|
|
||||||
|
ssl_certificate /etc/nginx/ssl/vlad4.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/ssl/vlad4.key;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://backend_servers;
|
proxy_pass http://backend_servers;
|
||||||
@ -205,13 +223,6 @@
|
|||||||
state: started
|
state: started
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
||||||
- name: Open port 80 for HTTP
|
|
||||||
ansible.builtin.firewalld:
|
|
||||||
port: 80/tcp
|
|
||||||
permanent: true
|
|
||||||
state: enabled
|
|
||||||
immediate: yes
|
|
||||||
|
|
||||||
- name: Open port 443 for HTTPS
|
- name: Open port 443 for HTTPS
|
||||||
ansible.builtin.firewalld:
|
ansible.builtin.firewalld:
|
||||||
port: 443/tcp
|
port: 443/tcp
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user