mirror of
https://github.com/schnidrig/openhab-ansible
synced 2026-01-12 00:48:46 +01:00
Upgrade to openhab 2
letsencrypt
This commit is contained in:
Christian Schnidrig
83
roles/openhab2/tasks/nginx.yml
Normal file
83
roles/openhab2/tasks/nginx.yml
Normal file
@@ -0,0 +1,83 @@
|
||||
---
|
||||
|
||||
- name: create nginx config
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
dest: "/etc/nginx/sites-available/openhab.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "u=rwx,g=r,o=r"
|
||||
notify: restart nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- stat: path=/etc/letsencrypt/live/schnidrig.dynv6.net/fullchain.pem
|
||||
register: letsencrypt_cert
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: overwrite nginx config for letsencrypt initialisation
|
||||
template:
|
||||
src: nginx.init.conf.j2
|
||||
dest: "/etc/nginx/sites-available/openhab.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "u=rwx,g=r,o=r"
|
||||
notify: restart nginx
|
||||
when: letsencrypt_cert.stat.exists == false
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: create nginx passwd file
|
||||
htpasswd:
|
||||
name: "{{nginx_user}}"
|
||||
password: "{{nginx_password}}"
|
||||
path: "/etc/nginx/htpasswd"
|
||||
owner: root
|
||||
group: root
|
||||
mode: "u=rw"
|
||||
notify: restart nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: remove default site
|
||||
file:
|
||||
dest: /etc/nginx/sites-enabled/default
|
||||
state: absent
|
||||
notify: restart nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: enable openhab site
|
||||
file:
|
||||
src: /etc/nginx/sites-available/openhab.conf
|
||||
dest: /etc/nginx/sites-enabled/openhab.conf
|
||||
state: link
|
||||
notify: restart nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
|
||||
- name: ssl dir
|
||||
file:
|
||||
dest: /etc/nginx/ssl
|
||||
state: directory
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: create self singed certificate
|
||||
command: 'openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -subj "/C=CH/ST=AG/L=Niederlenz/O=none/OU=none/CN=schnidrig.dynv6.net"'
|
||||
args:
|
||||
creates: "/etc/nginx/ssl/nginx.crt"
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: gen dhparam
|
||||
command: 'openssl dhparam -outform PEM -out /etc/nginx/ssl/dhparam2048.pem 2048'
|
||||
args:
|
||||
creates: "/etc/nginx/ssl/dhparam2048.pem"
|
||||
notify: restart nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
|
||||
Reference in New Issue
Block a user