ansible-nginx/tasks/ssl/standard.yml

64 lines
2.2 KiB
YAML

---
- name: COMMAND | Generate DH file
command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
args:
creates: "{{ nginx_dh_path }}"
when: nginx_dh is not string
notify: restart nginx
async: 1000
register: dh
- name: COPY | Deploy DH file from vars
copy:
content: "{{ nginx_dh }}"
dest: "{{ nginx_dh_path }}"
when: nginx_dh is string
notify: restart nginx
- name: FILE | Create SSL directories
file:
path: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
state: directory
loop: "{{ nginx_ssl_pairs }}"
when: item.dest_key is not defined or item.dest_cert is not defined
no_log: not nginx_debug_role
- name: COPY | Deploy SSL keys
copy:
content: "{{ item.key }}"
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.key' if item.dest_key is not defined else item.dest_key }}"
mode: 0640
loop: "{{ nginx_ssl_pairs }}"
when: item.key is defined
notify: restart nginx
no_log: not nginx_debug_role
- name: COPY | Deploy SSL certs
copy:
content: "{{ item.cert }}"
dest: "{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
mode: 0644
loop: "{{ nginx_ssl_pairs }}"
when: item.cert is defined
notify: restart nginx
no_log: not nginx_debug_role
- name: COMMAND | Create self-signed certificates
command: "openssl req -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509 -subj '/CN={{ item | nginx_site_name }}' -keyout {{ item | nginx_site_name + '.key' }} -out {{ item | nginx_site_name + '.crt' }}"
args:
chdir: "{{ nginx_ssl_dir + '/' + item | nginx_site_name }}"
creates: "{% if item.force is defined and item.force %}/tmp/dummy{% else %}{{ nginx_ssl_dir + '/' + item | nginx_site_name + '/' + item | nginx_site_name + '.crt' }}{% endif %}"
loop: "{{ nginx_ssl_pairs }}"
when: item.self_signed is defined
notify: restart nginx
no_log: not nginx_debug_role
- name: Check DH command status
async_status:
jid: "{{ dh.ansible_job_id }}"
register: job_result
until: job_result.finished
retries: 30
when: not ansible_check_mode and nginx_dh is not string