blob: 2c9f3cc964ea297f6ff40bb8e648f2298c1fdce2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
---
# Target: alpine3.11
- name: Install Nginx and Certbot
hosts: nginx
vars:
user: nginx
home: "/etc/{{ user }}"
nginx_key: https://nginx.org/keys/nginx_signing.key
nginx_version: 1.16.1
nginx_headers_version: 552e216a0da95c685d9db4f43e209c3f2a803e49
brotli_version: e505dce68acc190cc5a1e780a3b0275e39f160ca
quiche_version: 3c75701c6fa5b29a9076d9f82251f5aeee2c7f79
tasks:
- name: Ensuring group exists
group:
name: "{{ user }}"
state: present
- name: Creating user and making home directory
user:
system: yes
state: present
name: "{{ user }}"
groups: "{{ user }}"
home: "{{ home }}"
- name: Installing the required nginx dependencies
apk:
state: present
update_cache: yes
name:
- gcc
- libc-dev
- make
- openssl-dev
- pcre-dev
- zlib-dev
- linux-headers
- curl
- gnupg
- libxslt-dev
- gd-dev
- geoip-dev
- perl-dev
- name: Installing the required brotli dependencies
apk:
state: present
update_cache: yes
name:
- autoconf
- libtool
- automake
- git
- g++
- cmake
- go
- perl
- rust
- cargo
- name: Cloning repositories
git:
repo: "{{ item.repo }}"
dest: "{{ item.dest }}"
version: "{{ item.version }}"
with_items:
-
repo: https://github.com/google/ngx_brotli.git
dest: /opt/nginx/brotli
version: "{{ brotli_version }}"
-
repo: https://github.com/openresty/headers-more-nginx-module.git
dest: /opt/nginx/nginx-headers
version: "{{ nginx_headers_version }}"
-
repo: https://github.com/cloudflare/quiche
dest: /opt/nginx/quiche
version: "{{ quiche_version }}"
- name: Downloading nginx
get_url:
url: "{{ item.url }}"
dest: "{{ item.dest }}"
with_items:
-
url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz
dest: /opt/nginx
-
url: https://nginx.org/download/nginx-{{ nginx_version }}.tar.gz.asc
dest: /opt/nginx
- name: Importing keys
shell: |
curl -sSL "{{ nginx_key }}" | gpg --import -
touch .nginx-key-imported
args:
chdir: /opt/nginx
creates: .nginx-key-imported
- name: Verifying application
shell: |
gpg --batch --verify nginx-"{{ nginx_version }}"-tar.gz nginx-"{{ nginx_version }}".tar.gz.asc
touch .nginx-"{{ nginx_version }}"-verified
args:
chdir: /opt/nginx
creates: .nginx-"{{ nginx_version }}"-verified
|