64 lines
1.8 KiB
YAML
64 lines
1.8 KiB
YAML
---
|
|
- name: Install Nginx
|
|
ansible.builtin.apt:
|
|
name: nginx
|
|
state: present
|
|
|
|
- name: Ensure Nginx is enabled and started
|
|
ansible.builtin.service:
|
|
name: nginx
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Create Nginx includes directory
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/conf.d/include
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Create proxy.conf include
|
|
ansible.builtin.copy:
|
|
content: |
|
|
add_header X-Served-By $host;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_pass $forward_scheme://$server:$port$request_uri;
|
|
dest: /etc/nginx/conf.d/include/proxy.conf
|
|
|
|
- name: Create internal.conf include (access rules)
|
|
ansible.builtin.copy:
|
|
content: |
|
|
deny 192.168.5.1;
|
|
allow 192.168.100.0/24;
|
|
allow 10.0.0.1/24;
|
|
deny all;
|
|
satisfy any;
|
|
dest: /etc/nginx/conf.d/include/internal.conf
|
|
|
|
- name: Create upgrade.conf include
|
|
ansible.builtin.copy:
|
|
content: |
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_pass_header X-Transmission-Session-Id;
|
|
dest: /etc/nginx/conf.d/include/upgrade.conf
|
|
|
|
- name: Create ssl-ciphers.conf include
|
|
ansible.builtin.template:
|
|
src: ssl-ciphers.conf
|
|
dest: /etc/nginx/conf.d/include/ssl-ciphers.conf
|
|
|
|
- name: Create ssl-cache.conf include
|
|
ansible.builtin.template:
|
|
src: ssl-cache.conf
|
|
dest: /etc/nginx/conf.d/include/ssl-cache.conf
|
|
|
|
- name: Create force-ssl.conf include
|
|
ansible.builtin.template:
|
|
src: force-ssl.conf
|
|
dest: /etc/nginx/conf.d/include/force-ssl.conf
|
|
|