roles/nginx/main.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112

---
# Target: alpine3.11
- name: Install Nginx and Certbot
  hosts: nginx

  vars:
    user: nginx
    home: "/etc/{{ user }}"
    nginx_key: https://nginx.org/keys/nginx_signing.key
    nginx_version: 1.16.1
    nginx_headers_version: 552e216a0da95c685d9db4f43e209c3f2a803e49
    brotli_version: e505dce68acc190cc5a1e780a3b0275e39f160ca
    quiche_version: 3c75701c6fa5b29a9076d9f82251f5aeee2c7f79

  tasks:

    - name: Ensuring group exists
      group:
        name: "{{ user }}"
        state: present

    - name: Creating user and making home directory
      user:
        system: yes
        state: present
        name: "{{ user }}"
        groups: "{{ user }}"
        home: "{{ home }}"

    - name: Installing the required nginx dependencies
      apk:
        state: present
        update_cache: yes
        name:
          - gcc
          - libc-dev
          - make
          - openssl-dev
          - pcre-dev
          - zlib-dev
          - linux-headers
          - curl
          - gnupg
          - libxslt-dev
          - gd-dev
          - geoip-dev
          - perl-dev

    - name: Installing the required brotli dependencies
      apk:
        state: present
        update_cache: yes
        name:
          - autoconf
          - libtool
          - automake
          - git
          - g++
          - cmake
          - go
          - perl
          - rust
          - cargo

    - name: Cloning repositories
      git:
        repo: "{{ item.repo }}"
        dest: "{{ item.dest }}"
        version: "{{ item.version }}"
      with_items:
        -
          repo: https://github.com/google/ngx_brotli.git
          dest: /opt/nginx/brotli
          version: "{{ brotli_version }}"
        -
          repo: https://github.com/openresty/headers-more-nginx-module.git
          dest: /opt/nginx/nginx-headers
          version: "{{ nginx_headers_version }}"
        -
          repo: https://github.com/cloudflare/quiche
          dest: /opt/nginx/quiche
          version: "{{ quiche_version }}"

    - name: Downloading nginx
      get_url:
        url: "{{ item.url }}"
        dest: "{{ item.dest }}"
      with_items:
        -
          url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz
          dest: /opt/nginx
        -
          url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz.asc
          dest: /opt/nginx

    - name: Importing keys
      shell: |
       curl -sSL "{{ nginx_key }}" | gpg --import -
       touch .nginx-key-imported
      args:
       chdir: /opt/nginx
       creates: .nginx-key-imported

    - name: Verifying application
      shell: |
       gpg --batch --verify nginx-"{{ nginx_version }}"-tar.gz nginx-"{{ nginx_version }}".tar.gz.asc
       touch .nginx-"{{ nginx_version }}"-verified
      args:
       chdir: /opt/nginx
       creates: .nginx-"{{ nginx_version }}"-verified