ansible playbook安装nginx https

查看目录结构

[root@iZ23nvakegvZ nginx_v2]# tree

.

├── files

│   ├── nginx.crt

│   ├── nginx.key

├── hosts

├── templates

│   ├── index.html.j2

│   └── test.conf.j2

└── web-tls.yml



2 directories, 8 files

[root@iZ23nvakegvZ nginx_v2]#

查看nginx https playbook

[root@iZ23nvakegvZ nginx_v2]# cat web-tls.yml

- name: Configure webserver with nginx and tls

  hosts: vpnserver

  #hosts: web_test1

  #sudo: True

  vars:

    key_file: /etc/nginx/ssl/nginx.key

    cert_file: /etc/nginx/ssl/nginx.crt

    conf_file: /etc/nginx/conf.d/test.conf

    server_name: localhost



  tasks:

    - name: Install Nginx server

      yum: name=nginx



    - name: create directories for ssl certificates

      file: path=/etc/nginx/ssl state=directory



    - name: copy TLS key

      copy: src=files/nginx.key dest={{ key_file }} owner=root mode=0600

      notify: restart nginx



    - name: copy TLS certificate

      copy: src=files/nginx.crt dest={{ cert_file }}

      notify: restart nginx



    - name: copy nginx config file

      template: src=templates/test.conf.j2 dest={{ conf_file }}

      notify: restart nginx



    - name: copy index.html

      template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html



  handlers:

    - name: restart nginx

      service: name=nginx state=restarted

[root@iZ23nvakegvZ nginx_v2]#

查看配置文件hosts

[root@iZ23nvakegvZ nginx_v2]# cat hosts

[web_test1]

web_test01 ansible_ssh_host=10.117.54.249

[root@iZ23nvakegvZ nginx_v2]#

查看template 模板文件

[root@iZ23nvakegvZ nginx_v2]# cat templates/index.html.j2

<html>

  <head>

     <title>Welcome to Ansible </title>

  </head>

  <body>

  <h1>nginx, configured by Ansible </h1>

  <p>If you can see this, Ansible successfully installed nginx.</p>

  <p>{{ ansible_managed }}</p>

  </body>

</html>

[root@iZ23nvakegvZ nginx_v2]# cat templates/test.conf.j2

server{

        listen 80;

  listen 443;



  server_name {{ server_name }};

  root /usr/share/nginx/html;

  index index.php index.html;



  ssl on;

  ssl_certificate   {{ cert_file }};

        ssl_certificate_key {{ key_file }};

  ssl_session_timeout 5m;SSSS

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;

  ssl_prefer_server_ciphers on;



  access_log  /var/log/nginx/nginxtest.access.log main;

  error_log  /var/log/nginx/nginxtest.error.log warn;



  location ~ /\.ht {

                deny all;

        }



}

[root@iZ23nvakegvZ nginx_v2]#

执行

[root@iZ23nvakegvZ nginx_v2]# ansible-playbook -i hosts web-tls.yml
OpsNotes wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!