2016-01-12 00:20:42 +07:00
|
|
|
---
|
|
|
|
|
2016-01-12 17:16:41 +07:00
|
|
|
- name: COMMAND | Generate DH file
|
2016-01-12 00:20:42 +07:00
|
|
|
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
|
|
|
|
args:
|
|
|
|
creates: "{{ nginx_dh_path }}"
|
2016-01-12 17:16:41 +07:00
|
|
|
when: nginx_dh is not string
|
2017-11-03 16:30:24 +07:00
|
|
|
notify: restart nginx
|
2016-12-07 13:48:32 +07:00
|
|
|
async: 1000
|
|
|
|
register: dh
|
2016-01-12 17:16:41 +07:00
|
|
|
|
|
|
|
- name: COPY | Deploy DH file from vars
|
2017-07-27 17:21:10 +07:00
|
|
|
copy:
|
|
|
|
content: "{{ nginx_dh }}"
|
|
|
|
dest: "{{ nginx_dh_path }}"
|
2016-01-12 17:16:41 +07:00
|
|
|
when: nginx_dh is string
|
2017-11-03 16:30:24 +07:00
|
|
|
notify: restart nginx
|
2016-01-12 00:20:42 +07:00
|
|
|
|
|
|
|
- name: FILE | Create SSL directories
|
2017-07-27 17:21:10 +07:00
|
|
|
file:
|
2018-03-22 23:47:53 +07:00
|
|
|
path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
|
2017-07-27 17:21:10 +07:00
|
|
|
state: directory
|
2019-02-05 03:25:25 +07:00
|
|
|
loop: "{{ nginx_ssl_pairs }}"
|
2016-01-12 23:26:30 +07:00
|
|
|
when: item.dest_key is not defined or item.dest_cert is not defined
|
2018-03-15 22:10:37 +07:00
|
|
|
no_log: not nginx_debug_role
|
2016-01-12 00:20:42 +07:00
|
|
|
|
|
|
|
- name: COPY | Deploy SSL keys
|
2017-07-27 17:21:10 +07:00
|
|
|
copy:
|
|
|
|
content: "{{ item.key }}"
|
2018-03-22 23:47:53 +07:00
|
|
|
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}"
|
2017-07-27 17:21:10 +07:00
|
|
|
mode: 0640
|
2019-02-05 03:25:25 +07:00
|
|
|
loop: "{{ nginx_ssl_pairs }}"
|
2016-01-12 23:26:30 +07:00
|
|
|
when: item.key is defined
|
2017-11-03 16:30:24 +07:00
|
|
|
notify: restart nginx
|
2018-03-15 22:10:37 +07:00
|
|
|
no_log: not nginx_debug_role
|
2016-01-12 00:20:42 +07:00
|
|
|
|
|
|
|
- name: COPY | Deploy SSL certs
|
2017-07-27 17:21:10 +07:00
|
|
|
copy:
|
|
|
|
content: "{{ item.cert }}"
|
2018-03-22 23:47:53 +07:00
|
|
|
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
|
2017-07-27 17:21:10 +07:00
|
|
|
mode: 0644
|
2019-02-05 03:25:25 +07:00
|
|
|
loop: "{{ nginx_ssl_pairs }}"
|
2016-01-12 23:26:30 +07:00
|
|
|
when: item.cert is defined
|
2017-11-03 16:30:24 +07:00
|
|
|
notify: restart nginx
|
2018-03-15 22:10:37 +07:00
|
|
|
no_log: not nginx_debug_role
|
2016-01-12 00:20:42 +07:00
|
|
|
|
2018-04-20 14:32:46 +07:00
|
|
|
- name: COMMAND | Create self-signed certificates
|
|
|
|
command: "openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj '/CN={{ item | nginx_site_name }}' -keyout {{ item | nginx_site_name + '.key' }} -out {{ item | nginx_site_name + '.crt' }}"
|
|
|
|
args:
|
|
|
|
chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
|
|
|
|
creates: "{% if item.force is defined and item.force %}/tmp/dummy{% else %}{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}{% endif %}"
|
2019-02-05 03:25:25 +07:00
|
|
|
loop: "{{ nginx_ssl_pairs }}"
|
2018-04-20 14:32:46 +07:00
|
|
|
when: item.self_signed is defined
|
|
|
|
notify: restart nginx
|
|
|
|
no_log: not nginx_debug_role
|
|
|
|
|
2016-12-07 13:48:32 +07:00
|
|
|
- name: Check DH command status
|
2017-07-27 17:21:10 +07:00
|
|
|
async_status:
|
|
|
|
jid: "{{ dh.ansible_job_id }}"
|
2016-12-07 13:48:32 +07:00
|
|
|
register: job_result
|
|
|
|
until: job_result.finished
|
|
|
|
retries: 30
|
2017-06-01 16:38:22 +07:00
|
|
|
when: not ansible_check_mode and nginx_dh is not string
|