Ivo C.S. Wingelaar
33a9eef0fa
This role installs a distribution-provided nginx and does some basic configuration on it. It acts as a reverse proxy for the containers that does the TLS offloading and provides an optional HTTP basic authentication page for services that aren't ready to be exposed yet.
38 lines
999 B
YAML
38 lines
999 B
YAML
---
|
|
- name: Install nginx
|
|
ansible.builtin.apt:
|
|
name: nginx
|
|
# Debian-ism to prevent auto-start of nginx on installation as
|
|
# we still need to do some configuration.
|
|
policy_rc_d: 101
|
|
|
|
- name: Install passlib (for htpasswd)
|
|
ansible.builtin.apt:
|
|
name: python3-passlib
|
|
|
|
- name: Create password file for HTTP basic authentication
|
|
community.general.htpasswd:
|
|
path: /etc/nginx/passwdfile
|
|
name: admin
|
|
password: "{{ sce_nginx_htpasswd }}"
|
|
owner: root
|
|
group: www-data
|
|
mode: "0640"
|
|
when: sce_nginx_htpasswd is defined
|
|
|
|
- name: Check if the passwdfile exists
|
|
ansible.builtin.stat:
|
|
path: /etc/nginx/passwdfile
|
|
register: htpasswdfile
|
|
|
|
- name: Iterate over configured nginx sites
|
|
ansible.builtin.include_tasks: site.yml
|
|
loop: "{{ sce_nginx_sites }}"
|
|
vars:
|
|
site_name: "{{ item['name'] }}"
|
|
site_port: "{{ item['port'] }}"
|
|
|
|
- name: Disable default nginx site
|
|
ansible.builtin.file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|