2023-03-11 18:18:27 +01:00
|
|
|
---
|
2023-03-11 18:23:26 +01:00
|
|
|
- name: "Configuration | Generate DH Parameters"
|
|
|
|
|
community.crypto.openssl_dhparam:
|
|
|
|
|
path: "{{ dhparam_path }}"
|
|
|
|
|
size: "{{ dhparam_size | default(4096) }}"
|
|
|
|
|
|
2023-03-11 20:20:42 +01:00
|
|
|
- name: "Configuration | Get bad user agents"
|
|
|
|
|
ansible.builtin.shell: "curl {{ bad_user_agents_url }}"
|
|
|
|
|
register: bad_user_agents
|
|
|
|
|
|
2023-03-11 18:18:27 +01:00
|
|
|
- name: "Configuration | Copy main configuration"
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: nginx.conf.j2
|
|
|
|
|
dest: /etc/nginx/nginx.conf
|
|
|
|
|
mode: 0644
|
|
|
|
|
notify: reload nginx
|
|
|
|
|
|
|
|
|
|
- name: "Configuration | Copy configuration snippets"
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: "{{ item }}"
|
|
|
|
|
dest: "/etc/nginx/snippets/{{ item }}"
|
|
|
|
|
mode: 0644
|
|
|
|
|
loop:
|
|
|
|
|
- add_headers.conf
|
2023-03-11 18:30:29 +01:00
|
|
|
- letsencrypt.conf
|
2023-03-11 18:18:27 +01:00
|
|
|
notify: reload nginx
|
|
|
|
|
|
|
|
|
|
- name: "Configuration | Copy configuration templates"
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: "{{ item }}.j2"
|
|
|
|
|
dest: "/etc/nginx/conf.d/{{ item }}"
|
|
|
|
|
mode: 0644
|
|
|
|
|
loop:
|
|
|
|
|
- bad_clients.conf
|
2023-03-11 20:20:42 +01:00
|
|
|
- bad_bots.conf
|
2023-03-11 18:18:27 +01:00
|
|
|
- reverse_proxy.conf
|
|
|
|
|
- ssl.conf
|
|
|
|
|
notify: reload nginx
|
2023-03-11 18:30:29 +01:00
|
|
|
when: nginx_type == 'gateway' or nginx_type == 'standalone'
|
2023-03-11 18:18:27 +01:00
|
|
|
|
|
|
|
|
- name: "Configuration | Copy request limit configuration"
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: request_limits.conf
|
|
|
|
|
dest: /etc/nginx/conf.d/
|
|
|
|
|
mode: 0644
|
|
|
|
|
notify: reload nginx
|
2023-03-11 18:30:29 +01:00
|
|
|
when: nginx_type == 'gateway' or nginx_type == 'standalone'
|
