ansible-nginx/tasks/ssl.yml

---

- name: COMMAND | Generate DH file
  command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
  args:
    creates: "{{ nginx_dh_path }}"
  when: nginx_dh is not string
  notify: reload nginx

- name: COPY | Deploy DH file from vars
  copy: >
    content="{{ nginx_dh }}"
    dest="{{ nginx_dh_path }}"
  when: nginx_dh is string
  notify: reload nginx

- name: FILE | Create SSL directories
  file: >
    path="{{ nginx_ssl_dir + '/' + item.name }}"
    state=directory
  with_items: nginx_ssl_pairs

- name: COPY | Deploy SSL keys
  copy: >
    content="{{ item.key }}"
    dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' }}"
  with_items: nginx_ssl_pairs
  notify: reload nginx

- name: COPY | Deploy SSL certs
  copy: >
    content="{{ item.cert }}"
    dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' }}"
  with_items: nginx_ssl_pairs
  notify: reload nginx
Refactoring + SSL support 2016-01-12 00:20:42 +07:00			`---`

Better dh management 2016-01-12 17:16:41 +07:00			`- name: COMMAND \| Generate DH file`
Refactoring + SSL support 2016-01-12 00:20:42 +07:00			`command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}`
			`args:`
			`creates: "{{ nginx_dh_path }}"`
Better dh management 2016-01-12 17:16:41 +07:00			`when: nginx_dh is not string`
			`notify: reload nginx`

			`- name: COPY \| Deploy DH file from vars`
			`copy: >`
			`content="{{ nginx_dh }}"`
			`dest="{{ nginx_dh_path }}"`
			`when: nginx_dh is string`
			`notify: reload nginx`
Refactoring + SSL support 2016-01-12 00:20:42 +07:00
			`- name: FILE \| Create SSL directories`
			`file: >`
			`path="{{ nginx_ssl_dir + '/' + item.name }}"`
			`state=directory`
			`with_items: nginx_ssl_pairs`

			`- name: COPY \| Deploy SSL keys`
			`copy: >`
			`content="{{ item.key }}"`
			`dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' }}"`
			`with_items: nginx_ssl_pairs`
			`notify: reload nginx`

			`- name: COPY \| Deploy SSL certs`
			`copy: >`
			`content="{{ item.cert }}"`
			`dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' }}"`
			`with_items: nginx_ssl_pairs`
			`notify: reload nginx`