diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg index 8d90872..a76aa31 100644 --- a/ansible/ansible.cfg +++ b/ansible/ansible.cfg @@ -1,4 +1,4 @@ [defaults] inventory = inventory.yml -roles_path = ./ansible/roles +roles_path = ./roles host_key_checking = False \ No newline at end of file diff --git a/ansible/playbooks/playbook.yml b/ansible/playbook.yml similarity index 67% rename from ansible/playbooks/playbook.yml rename to ansible/playbook.yml index 3a28656..4f4f23c 100644 --- a/ansible/playbooks/playbook.yml +++ b/ansible/playbook.yml @@ -1,3 +1,4 @@ - hosts: all + become: true roles: - site_setup \ No newline at end of file diff --git a/ansible/roles/site_setup/tasks/firewall.yml b/ansible/roles/site_setup/tasks/configure_firewall.yml similarity index 91% rename from ansible/roles/site_setup/tasks/firewall.yml rename to ansible/roles/site_setup/tasks/configure_firewall.yml index ffc5548..2cbb0a5 100644 --- a/ansible/roles/site_setup/tasks/firewall.yml +++ b/ansible/roles/site_setup/tasks/configure_firewall.yml @@ -1,4 +1,3 @@ ---- - name: Start and enable firewalld service: name: firewalld @@ -26,4 +25,4 @@ ansible.builtin.service: name: firewalld state: reloaded - tags: firewall + tags: firewall \ No newline at end of file diff --git a/ansible/roles/site_setup/tasks/configure_proxy.yml b/ansible/roles/site_setup/tasks/configure_proxy.yml new file mode 100644 index 0000000..3e349b3 --- /dev/null +++ b/ansible/roles/site_setup/tasks/configure_proxy.yml @@ -0,0 +1,11 @@ +- name: Configure Nginx as HTTPS proxy + template: + src: proxy.conf.j2 + dest: /etc/nginx/conf.d/proxy.conf + tags: proxy + +- name: Restart Nginx + service: + name: nginx + state: restarted + tags: proxy \ No newline at end of file diff --git a/ansible/roles/site_setup/tasks/configure.yml b/ansible/roles/site_setup/tasks/configure_site.yml similarity index 64% rename from ansible/roles/site_setup/tasks/configure.yml rename to ansible/roles/site_setup/tasks/configure_site.yml index c26c5ea..1d62aa2 100644 --- a/ansible/roles/site_setup/tasks/configure.yml +++ b/ansible/roles/site_setup/tasks/configure_site.yml @@ -1,25 +1,24 @@ ---- - name: Create site directories file: - path: "/var/www/html/{{ site_name }}" + path: "/var/www/{{ site_name }}" state: directory mode: '0755' - tags: configure + tags: configure_site - name: Deploy site content template: src: site_index.html.j2 - dest: "/var/www/html/{{ site_name }}/index.html" - tags: configure + dest: "/var/www/{{ site_name }}/index.html" + tags: configure_site - name: Configure Nginx for {{ site_name }} template: src: nginx_site.conf.j2 dest: "/etc/nginx/conf.d/{{ site_name }}.conf" - tags: configure + tags: configure_site - name: Restart Nginx service: name: nginx state: restarted - tags: configure + tags: configure_site \ No newline at end of file diff --git a/ansible/roles/site_setup/tasks/generate_ssl.yml b/ansible/roles/site_setup/tasks/generate_ssl.yml index aa0548b..fc96e72 100644 --- a/ansible/roles/site_setup/tasks/generate_ssl.yml +++ b/ansible/roles/site_setup/tasks/generate_ssl.yml @@ -1,24 +1,26 @@ ---- - name: Ensure SSL directory exists file: path: /etc/nginx/ssl state: directory - mode: '0755' + mode: '0700' + tags: ssl + +- name: Generate private key + openssl_privatekey: + path: /etc/nginx/ssl/{{ proxy_name }}.key + size: 2048 + type: RSA + mode: '0600' + owner: root + group: root tags: ssl - name: Generate self-signed SSL certificate openssl_certificate: path: /etc/nginx/ssl/{{ proxy_name }}.crt privatekey_path: /etc/nginx/ssl/{{ proxy_name }}.key - common_name: "{{ proxy_name }}" - state: present - selfsigned: yes owner: root group: root - mode: '0644' - subject: - - organizationName: "Example Company" - - organizationalUnitName: "IT" - - localityName: "City" - - countryName: "US" - tags: ssl + mode: '0600' + provider: selfsigned + tags: ssl \ No newline at end of file diff --git a/ansible/roles/site_setup/tasks/install.yml b/ansible/roles/site_setup/tasks/install.yml index 416ed21..f3d2079 100644 --- a/ansible/roles/site_setup/tasks/install.yml +++ b/ansible/roles/site_setup/tasks/install.yml @@ -1,8 +1,7 @@ ---- - name: Install Nginx zypper: name: nginx state: present force: yes update_cache: yes - tags: install + tags: install \ No newline at end of file diff --git a/ansible/roles/site_setup/tasks/main.yml b/ansible/roles/site_setup/tasks/main.yml index 8920323..eb61aeb 100644 --- a/ansible/roles/site_setup/tasks/main.yml +++ b/ansible/roles/site_setup/tasks/main.yml @@ -1,12 +1,14 @@ ---- - import_tasks: install.yml tags: install -- import_tasks: configure.yml - tags: configure +- import_tasks: configure_site.yml + tags: configure_site -- import_tasks: proxy.yml - tags: proxy - -- import_tasks: firewall.yml +- import_tasks: configure_firewall.yml tags: firewall + +- import_tasks: generate_ssl.yml + tags: ssl + +- import_tasks: configure_proxy.yml + tags: proxy \ No newline at end of file diff --git a/ansible/roles/site_setup/tasks/proxy.yml b/ansible/roles/site_setup/tasks/proxy.yml deleted file mode 100644 index a9d390e..0000000 --- a/ansible/roles/site_setup/tasks/proxy.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -- name: Configure Nginx load balancer with SSL - template: - src: nginx_proxy_ssl.conf.j2 - dest: "/etc/nginx/conf.d/proxy.conf" - tags: proxy - -- name: Ensure SSL directory exists - file: - path: /etc/nginx/ssl - state: directory - mode: '0755' - tags: proxy - -- name: Copy Diffie-Hellman parameters - copy: - src: dhparam.pem - dest: /etc/nginx/ssl/dhparam.pem - mode: '0600' - tags: proxy - -- name: Restart Nginx after configuration - service: - name: nginx - state: restarted - tags: proxy diff --git a/ansible/roles/site_setup/templates/nginx_site.conf.j2 b/ansible/roles/site_setup/templates/nginx_site.conf.j2 index e18b1e4..26834d7 100644 --- a/ansible/roles/site_setup/templates/nginx_site.conf.j2 +++ b/ansible/roles/site_setup/templates/nginx_site.conf.j2 @@ -3,7 +3,7 @@ server { server_name {{ site_name }}; location / { - root /var/www/html/{{ site_name }}; + root /var/www/{{ site_name }}; index index.html; } -} +} \ No newline at end of file diff --git a/ansible/roles/site_setup/templates/nginx_proxy.conf.j2 b/ansible/roles/site_setup/templates/proxy.conf.j2 similarity index 74% rename from ansible/roles/site_setup/templates/nginx_proxy.conf.j2 rename to ansible/roles/site_setup/templates/proxy.conf.j2 index 472be35..ae1d028 100644 --- a/ansible/roles/site_setup/templates/nginx_proxy.conf.j2 +++ b/ansible/roles/site_setup/templates/proxy.conf.j2 @@ -15,11 +15,6 @@ server { ssl_certificate /etc/nginx/ssl/{{ proxy_name }}.crt; ssl_certificate_key /etc/nginx/ssl/{{ proxy_name }}.key; - ssl_dhparam /etc/nginx/ssl/dhparam.pem; - - ssl_protocols TLSv1.2 TLSv1.3; - ssl_prefer_server_ciphers on; - ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"; location / { proxy_pass http://backend_servers; @@ -28,4 +23,4 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } -} +} \ No newline at end of file diff --git a/ansible/roles/site_setup/templates/site_index.html.j2 b/ansible/roles/site_setup/templates/site_index.html.j2 index d66b1f0..3afe96f 100644 --- a/ansible/roles/site_setup/templates/site_index.html.j2 +++ b/ansible/roles/site_setup/templates/site_index.html.j2 @@ -7,4 +7,4 @@

{{ site_name }}

{{ additional_content }}

- + \ No newline at end of file diff --git a/ansible/roles/site_setup/vars/main.yml b/ansible/roles/site_setup/vars/main.yml index ebc4ca7..f8b1677 100644 --- a/ansible/roles/site_setup/vars/main.yml +++ b/ansible/roles/site_setup/vars/main.yml @@ -1,6 +1,5 @@ ---- site_name: "example_site" proxy_name: "proxy_server" backend_ip_1: "192.168.0.61" backend_ip_2: "192.168.0.62" -additional_content: "Welcome to {{ site_name }}" +additional_content: "Welcome to {{ site_name }}" \ No newline at end of file