- hosts: SiteA become: true tasks: - name: Install Nginx zypper: name: nginx state: present force: yes update_cache: yes - name: Create site directories file: path: /var/www/SiteA state: directory mode: '0755' - name: Deploy site content copy: content: | SiteA

SiteA

dest: /var/www/SiteA/index.html - name: Configure Nginx for SiteA copy: content: | server { listen 80; server_name SiteA; location / { root /var/www/SiteA; index index.html; } } dest: /etc/nginx/conf.d/SiteA.conf - name: Restart Nginx service: name: nginx state: restarted - name: Start and enable firewalld service: name: firewalld state: started enabled: true - name: Open port 80 for HTTP ansible.builtin.firewalld: port: 80/tcp permanent: true state: enabled immediate: yes - name: Open port 443 for HTTPS ansible.builtin.firewalld: port: 443/tcp permanent: true state: enabled immediate: yes - name: Reload firewalld to apply changes ansible.builtin.service: name: firewalld state: reloaded - hosts: SiteB become: true tasks: - name: Install Nginx zypper: name: nginx state: present force: yes update_cache: yes - name: Create site directories file: path: /var/www/SiteB state: directory mode: '0755' - name: Deploy site content copy: content: | SiteB

SiteB

dest: /var/www/SiteB/index.html - name: Configure Nginx for SiteB copy: content: | server { listen 80; server_name SiteB; location / { root /var/www/SiteB; index index.html; } } dest: /etc/nginx/conf.d/SiteB.conf - name: Restart Nginx service: name: nginx state: restarted - name: Start and enable firewalld service: name: firewalld state: started enabled: true - name: Open port 80 for HTTP ansible.builtin.firewalld: port: 80/tcp permanent: true state: enabled immediate: yes - name: Open port 443 for HTTPS ansible.builtin.firewalld: port: 443/tcp permanent: true state: enabled immediate: yes - name: Reload firewalld to apply changes ansible.builtin.service: name: firewalld state: reloaded - hosts: proxy become: true tasks: - name: Install Nginx zypper: name: nginx state: present force: yes update_cache: yes - name: Set hostname to vlad4 hostname: name: vlad4 - name: Create SSL directory file: path: /etc/nginx/ssl state: directory mode: '0700' - name: Generate self-signed SSL certificate openssl_certificate: path: /etc/nginx/ssl/vlad4.crt privatekey_path: /etc/nginx/ssl/vlad4.key selfsigned_digest: SHA256 owner: root group: root mode: '0600' provider: selfsigned selfsigned_not_before: "20241104T000000Z" selfsigned_not_after: "+365d" - name: Configure Nginx as HTTPS proxy copy: content: | upstream backend_servers { server 192.168.0.61:80; server 192.168.0.62:80; } server { listen 80; server_name vlad4; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name vlad4; ssl_certificate /etc/nginx/ssl/vlad4.crt; ssl_certificate_key /etc/nginx/ssl/vlad4.key; location / { proxy_pass http://backend_servers; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } dest: /etc/nginx/conf.d/proxy.conf - name: Restart Nginx service: name: nginx state: restarted - name: Start and enable firewalld service: name: firewalld state: started enabled: true - name: Open port 443 for HTTPS ansible.builtin.firewalld: port: 443/tcp permanent: true state: enabled immediate: yes - name: Reload firewalld to apply changes ansible.builtin.service: name: firewalld state: reloaded