--- # tasks file for nginx - name: Install nginx ansible.builtin.apt: name: - nginx - libnginx-mod-http-headers-more-filter state: present notify: Start and enable nginx - name: Remove default from sites-enabled ansible.builtin.file: path: /etc/nginx/sites-enabled/default state: absent - name: Comment out ssl_protocols in nginx.conf, it is defined in security.conf ansible.builtin.replace: path: /etc/nginx/nginx.conf regexp: '^(\s*ssl_protocols)' replace: '#\1' - name: Second time, because of emptyline ¯\_(ツ)_/¯ ansible.builtin.replace: path: /etc/nginx/nginx.conf regexp: '^(\s*ssl_protocols)' replace: '#\1' - name: Comment out ssl_prefer_server_ciphers in nginx.conf, it is defined in security.conf ansible.builtin.replace: path: /etc/nginx/nginx.conf regexp: '^(\s*ssl_prefer_server_ciphers)' replace: '#\1' - name: Create security.conf ansible.builtin.template: src: templates/security.conf.j2 dest: /etc/nginx/conf.d/security.conf owner: root group: root mode: '0644' notify: Reload nginx - name: Create proxy_params ansible.builtin.template: src: templates/proxy_params.j2 dest: /etc/nginx/proxy_params owner: root group: root mode: '0644' notify: Reload nginx - name: Create ws_params ansible.builtin.template: src: templates/ws_params.j2 dest: /etc/nginx/ws_params owner: root group: root mode: '0644' notify: Reload nginx - name: Configure http redirect ansible.builtin.template: src: templates/http_redirect.conf.j2 dest: /etc/nginx/conf.d/http_redirect.conf owner: root group: root mode: '0644' notify: Reload nginx - name: Configure reverse proxies ansible.builtin.template: src: templates/reverse_proxy.conf.j2 dest: /etc/nginx/sites-available/{{ item.key }}.conf owner: root group: root mode: '0644' loop: "{{ reverse_proxies | dict2items }}" notify: Reload nginx - name: Create a symbolic link ansible.builtin.file: src: /etc/nginx/sites-available/{{ item.key }}.conf dest: /etc/nginx/sites-enabled/{{ item.key }}.conf state: link loop: "{{ reverse_proxies | dict2items }}" notify: Reload nginx