Implement nginx role

2026-02-11 18:16:24 +05:00 · 2023-06-28 10:35:06 -04:00
parent af1262e3c1
commit 91fa6675e4
3 changed files with 80 additions and 0 deletions
--- a/data/ansible/roles/nginx/defaults/main.yaml
+++ b/data/ansible/roles/nginx/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+nginx_server_name: apt.cgrates.org
--- a/data/ansible/roles/nginx/tasks/main.yaml
+++ b/data/ansible/roles/nginx/tasks/main.yaml
@@ -0,0 +1,37 @@
+---
+- name: Add apt.cgrates.vhost in nginx
+  template:
+    src: nginx.conf.j2
+    dest: "/etc/nginx/sites-available/{{ nginx_server_name }}.vhost"
+    mode: '0600'
+    owner: root
+  register: nginx_config
+
+- name: Create a symlink for apt.cgrates.org
+  file:
+    src: "/etc/nginx/sites-available/{{ nginx_server_name }}.vhost"
+    dest: "/etc/nginx/sites-enabled/{{ nginx_server_name }}.vhost"
+    state: link
+
+- name: Reload nginx configuration
+  ansible.builtin.systemd:
+    name: nginx
+    state: reloaded
+  become: true
+  when: nginx_config.changed
+
+- name: Ensure nginx is started and enabled to start at boot
+  ansible.builtin.systemd:
+    name: nginx
+    state: started
+    enabled: yes
+  become: true
+
+# - name: Test Nginx configuration
+#   command: nginx -t
+#   register: result
+#   ignore_errors: true
+
+# - name: Report test results
+#   debug:
+#     msg: "{{ result.stdout }}"
--- a/data/ansible/roles/nginx/templates/nginx.conf.j2
+++ b/data/ansible/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,41 @@
+user nginx nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+pid /run/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    server {
+      listen 80;
+      autoindex_localtime on;
+      server_name {{ nginx_server_name }};
+
+      access_log /var/log/nginx/packages-error.log;
+      error_log /var/log/nginx/packages-error.log;
+
+      root /var/packages;
+
+      add_header Strict-Transport-Security "max-age=31536000" always;  
+      add_header X-Frame-Options "SAMEORIGIN" always;  
+      add_header X-XSS-Protection "1; mode=block" always; 
+
+      location / {
+        index index.html;
+        autoindex on;
+      }
+
+      location ~ /(.*)/conf {
+        deny all;
+      }
+
+      location ~ /(.*)/db {
+        deny all;
+      }
+    }
+}