88 lines
3.3 KiB
YAML
88 lines
3.3 KiB
YAML
---
|
|
|
|
- name: "[NGINX] - Create local ssl Directory"
|
|
file:
|
|
path: "{{ nginx_ssl_dir }}"
|
|
state: directory
|
|
mode: 0755
|
|
|
|
- name: "[NGINX] - Generate DH file"
|
|
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
|
|
args:
|
|
creates: "{{ nginx_dh_path }}"
|
|
when: nginx_gen_dh == 'true'
|
|
notify:
|
|
- reload nginx
|
|
|
|
- name: "[NGINX] - Deploy DH file from vars"
|
|
copy:
|
|
content: "{{ nginx_dh }}"
|
|
dest: "{{ nginx_dh_path }}"
|
|
when: nginx_dh is defined
|
|
notify:
|
|
- reload nginx
|
|
|
|
- name: "[NGINX] - Create SSL keys subfolder"
|
|
file:
|
|
path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}"
|
|
state: directory
|
|
mode: 0755
|
|
with_items: "{{ nginx_vhosts }}"
|
|
when: item.copy_ssl is defined
|
|
notify: reload nginx
|
|
|
|
- name: "[NGINX] - Deploy SSL keys"
|
|
copy:
|
|
src: "{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem"
|
|
dest: "{{ nginx_ssl_dir}}/{{ item.ssl_name }}/privkey.pem"
|
|
mode: 0700
|
|
with_items: "{{ nginx_vhosts }}"
|
|
when: item.copy_ssl is defined
|
|
notify: reload nginx
|
|
|
|
- name: "[NGINX] - Deploy SSL certs"
|
|
copy:
|
|
src: "{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem"
|
|
dest: "{{ nginx_ssl_dir}}/{{ item.ssl_name }}/fullchain.pem"
|
|
mode: 0644
|
|
with_items: "{{ nginx_vhosts }}"
|
|
when: item.copy_ssl is defined
|
|
notify: reload nginx
|
|
|
|
- name: "[SELFSIGNED] - Create Key folder"
|
|
file:
|
|
path: "{{ nginx_ssl_dir }}/{{ item.ssl_name }}"
|
|
state: directory
|
|
mode: 0755
|
|
with_items: "{{ nginx_vhosts }}"
|
|
when: item.selfsigned is defined and item.selfsigned == 'true'
|
|
notify: reload nginx
|
|
|
|
|
|
- name: '[SELFSIGNED] - Create a self-signed key'
|
|
openssl_privatekey:
|
|
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
|
size: 2048
|
|
type: RSA
|
|
with_items: "{{ nginx_vhosts }}"
|
|
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
|
notify: reload nginx
|
|
|
|
- name: '[SELFSIGNED] - Generate OpenSSL Certificate Signing Request (CSR)'
|
|
openssl_csr:
|
|
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
|
|
privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
|
with_items: "{{ nginx_vhosts }}"
|
|
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
|
notify: reload nginx
|
|
|
|
- name: '[SELFSIGNED] - Create a self-signed certificate'
|
|
openssl_certificate:
|
|
path: '{{ ssl_src_path }}/{{ item.ssl_name }}/fullchain.pem'
|
|
privatekey_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/privkey.pem'
|
|
csr_path: '{{ ssl_src_path }}/{{ item.ssl_name }}/selfsigned.crs'
|
|
provider: selfsigned
|
|
with_items: "{{ nginx_vhosts }}"
|
|
when: item.selfsigned is defined and item.state == 'enable' and item.selfsigned == 'true'
|
|
notify: reload nginx
|