2018-03-20 17:04:30 +00:00
|
|
|
- name: set up Passenger YUM repo
|
|
|
|
get_url:
|
2017-12-21 03:47:20 +00:00
|
|
|
url: https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo
|
|
|
|
dest: /etc/yum.repos.d/passenger.repo
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2016-07-15 01:03:20 +00:00
|
|
|
|
2018-03-20 17:04:30 +00:00
|
|
|
- name: install gpg key for Passenger YUM repo
|
|
|
|
rpm_key:
|
2017-12-21 03:47:20 +00:00
|
|
|
key: https://packagecloud.io/gpg.key
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2015-11-12 04:14:03 +00:00
|
|
|
|
|
|
|
# this makecache is mostly because I can not find any other way to fully
|
2016-07-15 01:03:20 +00:00
|
|
|
# import the GPG. key for the Passenger repo. 'rpm_key' is not
|
2015-11-12 04:14:03 +00:00
|
|
|
# sufficient.
|
2016-07-15 01:03:20 +00:00
|
|
|
# The use of /usr/bin/env is a hack to avoid Ansible's "Consider using
|
|
|
|
# yum module..." warnings when it sees 'yum' as the primary command.
|
2018-03-20 17:04:30 +00:00
|
|
|
- name: yum makecache
|
|
|
|
command: /usr/bin/env yum -q makecache -y --disablerepo='*' --enablerepo='passenger*'
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2015-11-12 04:14:03 +00:00
|
|
|
changed_when: False
|
|
|
|
|
2018-03-20 17:04:30 +00:00
|
|
|
- name: install epel-release
|
|
|
|
yum:
|
2017-12-21 03:47:20 +00:00
|
|
|
name: epel-release
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2015-11-12 04:14:03 +00:00
|
|
|
|
2015-11-18 23:02:49 +00:00
|
|
|
- name: install nginx, passenger
|
2017-12-21 03:47:20 +00:00
|
|
|
yum:
|
2020-06-11 15:49:37 +00:00
|
|
|
name: ['nginx', 'passenger', 'nginx-mod-http-passenger']
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2015-11-12 04:14:03 +00:00
|
|
|
|
2018-03-20 17:04:30 +00:00
|
|
|
- name: check for dharam pem file
|
|
|
|
stat:
|
2017-12-21 03:47:20 +00:00
|
|
|
path: '{{ dharam_pem_path }}'
|
2016-04-21 17:57:11 +00:00
|
|
|
register: dharam_pem
|
|
|
|
|
|
|
|
# https://michael.lustfield.net/nginx/getting-a-perfect-ssl-labs-score
|
|
|
|
- name: generate new Diffie-Hellman group
|
|
|
|
command: 'openssl dhparam -out {{ dharam_pem_path }} 2048'
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2016-04-21 17:57:11 +00:00
|
|
|
notify: restart nginx
|
|
|
|
when: dharam_pem.stat.exists == False
|
|
|
|
|
2020-06-11 15:49:37 +00:00
|
|
|
- name: install easyredmine.conf to Nginx
|
2018-03-20 17:04:30 +00:00
|
|
|
template:
|
2017-12-21 03:47:20 +00:00
|
|
|
dest: '/etc/nginx/conf.d/easyredmine.conf'
|
|
|
|
src: easyredmine.conf.j2
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2016-04-21 17:57:11 +00:00
|
|
|
notify: restart nginx
|
|
|
|
|
2018-03-20 17:04:30 +00:00
|
|
|
- name: install nginx.conf to Nginx
|
|
|
|
template:
|
2017-12-21 03:47:20 +00:00
|
|
|
dest: '/etc/nginx/nginx.conf'
|
|
|
|
src: nginx.conf.j2
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2015-11-12 04:14:03 +00:00
|
|
|
notify: restart nginx
|
|
|
|
|
2018-03-20 17:04:30 +00:00
|
|
|
- name: install passenger.conf to Nginx
|
|
|
|
template:
|
2017-12-21 03:47:20 +00:00
|
|
|
dest: /etc/nginx/conf.d/passenger.conf
|
|
|
|
src: passenger.conf.j2
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2015-11-12 04:14:03 +00:00
|
|
|
notify: restart nginx
|
|
|
|
|
2018-03-20 17:04:30 +00:00
|
|
|
- name: install TLS cert
|
|
|
|
copy:
|
2017-12-21 03:47:20 +00:00
|
|
|
dest: '/etc/pki/tls/certs/{{ ansible_fqdn }}.pem'
|
|
|
|
src: '{{ nginx_pem }}'
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|
2015-11-22 02:43:47 +00:00
|
|
|
notify: restart nginx
|
2021-04-20 16:06:22 +00:00
|
|
|
when: not is_production_vm
|
2015-11-22 02:43:47 +00:00
|
|
|
|
2018-03-20 17:04:30 +00:00
|
|
|
- name: manage Nginx service
|
|
|
|
service:
|
2017-12-21 03:47:20 +00:00
|
|
|
name: nginx
|
|
|
|
state: started
|
|
|
|
enabled: yes
|
2016-07-14 03:15:07 +00:00
|
|
|
become: yes
|