-
-
Notifications
You must be signed in to change notification settings - Fork 142
/
Copy pathnginx.yml
94 lines (82 loc) · 2.55 KB
/
nginx.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
---
- name: Set nginx max upload size
# Required to allow uploading firmware images
set_fact:
openwisp2_nginx_client_max_body_size: "{{ openwisp2_firmware_upgrader_max_file_size }}"
when: openwisp2_firmware_upgrader
- name: Create "{{ openwisp2_path }}/public_html"
file:
path: "{{ openwisp2_path }}/public_html"
state: directory
mode: 0775
- name: Create "{{ openwisp2_path }}/nginx-conf/openwisp2"
file:
path: "{{ openwisp2_path }}/nginx-conf/openwisp2"
state: directory
mode: 0770
- name: Create "{{ openwisp2_path }}/ssl"
file:
path: "{{ openwisp2_path }}/ssl"
state: directory
mode: 0770
- name: Create SSL cert if not exists yet
command: >
openssl req -new -nodes -x509 \
-subj "/C={{ openwisp2_ssl_country }}/ST={{ openwisp2_ssl_state }} \
/L={{ openwisp2_ssl_locality }}/O={{ openwisp2_ssl_organization }} \
/CN={{ openwisp2_ssl_common_name }}" \
-days 3650 \
-keyout {{ openwisp2_ssl_key }} \
-out {{ openwisp2_ssl_cert }} \
-extensions v3_ca creates={{ openwisp2_ssl_cert }}
notify: Restart nginx
- name: Copy SSL cert to be added to trusted Cert (for freeradius)
copy:
src: "{{ openwisp2_ssl_cert }}"
dest: /usr/local/share/ca-certificates/openwisp-ssl-server.crt
remote_src: true
owner: "root"
group: "root"
mode: "0644"
notify: Update-ca-certificates
- name: Disable default nginx configuration
file:
path: "/etc/nginx/sites-enabled/default"
state: absent
- name: Nginx SSL configuration
template:
src: nginx/ssl-conf.j2
dest: "{{ openwisp2_path }}/nginx-conf/openwisp2/ssl.conf"
mode: 0644
notify: Restart nginx
- name: Nginx security configuration
template:
src: nginx/security-conf.j2
dest: "{{ openwisp2_path }}/nginx-conf/openwisp2/security.conf"
mode: 0644
notify: Restart nginx
tags: [nginx_security]
- name: Nginx site available
template:
src: nginx/site-conf.j2
dest: "/etc/nginx/sites-available/{{ inventory_hostname }}"
mode: 0644
notify: Restart nginx
- name: Nginx site enabled
file:
src: "/etc/nginx/sites-available/{{ inventory_hostname }}"
dest: "/etc/nginx/sites-enabled/{{ inventory_hostname }}"
state: link
notify: Restart nginx
- name: Configure nginx log rotation
template:
src: logrotate.d/openwisp-nginx.j2
dest: /etc/logrotate.d/openwisp-nginx
mode: 0644
- name: Disable nginx server tokens
replace:
path: /etc/nginx/nginx.conf
regexp: '#(\s+)server_tokens off'
replace: 'server_tokens off'
backup: true
notify: Restart nginx