ansible playbook安装nginx https


[root@iZ23nvakegvZ nginx_v2]# tree


├── files

│   ├── nginx.crt

│   ├── nginx.key

├── hosts

├── templates

│   ├── index.html.j2

│   └── test.conf.j2

└── web-tls.yml

2 directories, 8 files

[root@iZ23nvakegvZ nginx_v2]#

查看nginx https playbook

[root@iZ23nvakegvZ nginx_v2]# cat web-tls.yml

- name: Configure webserver with nginx and tls

  hosts: vpnserver

  #hosts: web_test1

  #sudo: True


    key_file: /etc/nginx/ssl/nginx.key

    cert_file: /etc/nginx/ssl/nginx.crt

    conf_file: /etc/nginx/conf.d/test.conf

    server_name: localhost


    - name: Install Nginx server

      yum: name=nginx

    - name: create directories for ssl certificates

      file: path=/etc/nginx/ssl state=directory

    - name: copy TLS key

      copy: src=files/nginx.key dest={{ key_file }} owner=root mode=0600

      notify: restart nginx

    - name: copy TLS certificate

      copy: src=files/nginx.crt dest={{ cert_file }}

      notify: restart nginx

    - name: copy nginx config file

      template: src=templates/test.conf.j2 dest={{ conf_file }}

      notify: restart nginx

    - name: copy index.html

      template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html


    - name: restart nginx

      service: name=nginx state=restarted

[root@iZ23nvakegvZ nginx_v2]#


[root@iZ23nvakegvZ nginx_v2]# cat hosts


web_test01 ansible_ssh_host=

[root@iZ23nvakegvZ nginx_v2]#

查看template 模板文件

[root@iZ23nvakegvZ nginx_v2]# cat templates/index.html.j2



     <title>Welcome to Ansible </title>



  <h1>nginx, configured by Ansible </h1>

  <p>If you can see this, Ansible successfully installed nginx.</p>

  <p>{{ ansible_managed }}</p>



[root@iZ23nvakegvZ nginx_v2]# cat templates/test.conf.j2


        listen 80;

  listen 443;

  server_name {{ server_name }};

  root /usr/share/nginx/html;

  index index.php index.html;

  ssl on;

  ssl_certificate   {{ cert_file }};

        ssl_certificate_key {{ key_file }};

  ssl_session_timeout 5m;SSSS

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers ALL:!ADH:!EXPORT56:-RC4+RSA:+HIGH:+MEDIUM:!EXP;

  ssl_prefer_server_ciphers on;

  access_log  /var/log/nginx/nginxtest.access.log main;

  error_log  /var/log/nginx/nginxtest.error.log warn;

  location ~ /\.ht {

                deny all;



[root@iZ23nvakegvZ nginx_v2]#


[root@iZ23nvakegvZ nginx_v2]# ansible-playbook -i hosts web-tls.yml
OpsNotes wechat