homelab/roles/nginx/tasks/main.yml

# If self_signed = true, in nginx/files: generate root CA (if regenereate_root_ca = true),
# and sign a wildcard certificate. Copy certificates to /etc/ssl/.
- name: ensure directories exist
  file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
  loop:
    - "{{ data_folder }}/nginx"
    - "{{ data_folder }}/nginx/conf.d"
    - "{{ data_folder }}/nginx/sites-enabled"
    - "{{ data_folder }}/nginx/sites-available"
    - "{{ data_folder }}/nginx/snippets"
- name: generate self-signed certs
  import_tasks: self-signed.yml
  when: self_signed
- name: create external bridge network
  docker_network:
    name: external
    attachable: true
    internal: false
    state: present
- name: copy nginx.conf
  template:
    src: nginx.conf.j2
    dest: "{{ data_folder }}/nginx/nginx.conf"
    mode: '0755'
- name: copy snippets
  template:
    src: "{{ item }}"
    dest: "{{ data_folder }}/nginx/snippets/{{ item | basename | regex_replace('.j2$', '') }}"
    mode: '0755'
  with_fileglob:
    - "../templates/snippets/*.conf.j2"
- name: run container
  docker_container:
    name: 'nginx'
    image: nginx
    networks:
      - name: external
    volumes:
      - "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
      - "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
      - "{{ data_folder }}/nginx/sites-available:/etc/nginx/sites-available"
      - "{{ data_folder }}/nginx/sites-enabled:/etc/nginx/sites-enabled"
      - "{{ data_folder }}/nginx/snippets:/etc/nginx/snippets"
      - "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/ssl/{{ base_domain }}.key"
      - "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/ssl/{{ base_domain }}.crt"
    ports:
      - "80:80"
      - "443:443"
    env:
      NGINX_HOST: "{{ base_domain }}"
      NGINX_PORT: '80'
    state: started
    restart: yes
Change how certificates are installed 2021-05-14 20:45:51 +00:00			`# If self_signed = true, in nginx/files: generate root CA (if regenereate_root_ca = true),`
			`# and sign a wildcard certificate. Copy certificates to /etc/ssl/.`
Make sure directories exist 2021-04-26 20:35:59 +00:00			`- name: ensure directories exist`
			`file:`
			`path: "{{ item }}"`
			`state: directory`
			`mode: '0755'`
			`loop:`
Change how certificates are installed 2021-05-14 20:45:51 +00:00			`- "{{ data_folder }}/nginx"`
			`- "{{ data_folder }}/nginx/conf.d"`
			`- "{{ data_folder }}/nginx/sites-enabled"`
			`- "{{ data_folder }}/nginx/sites-available"`
			`- "{{ data_folder }}/nginx/snippets"`
			`- name: generate self-signed certs`
nginx: separate self-signed certs 2021-05-05 18:41:28 +00:00			`import_tasks: self-signed.yml`
			`when: self_signed`
Improve networks Create a single external network called "external". Create container-specific networks. Only a few containers need access to these. So far: openldap, postgres. 2021-06-21 08:38:18 +00:00			`- name: create external bridge network`
Improve routing between containers Create user network nginx-internal and use Docker's internal DNS server to resolve containers by hostname. 2021-04-27 21:09:21 +00:00			`docker_network:`
Improve networks Create a single external network called "external". Create container-specific networks. Only a few containers need access to these. So far: openldap, postgres. 2021-06-21 08:38:18 +00:00			`name: external`
Improve routing between containers Create user network nginx-internal and use Docker's internal DNS server to resolve containers by hostname. 2021-04-27 21:09:21 +00:00			`attachable: true`
Improve networks Create a single external network called "external". Create container-specific networks. Only a few containers need access to these. So far: openldap, postgres. 2021-06-21 08:38:18 +00:00			`internal: false`
Improve routing between containers Create user network nginx-internal and use Docker's internal DNS server to resolve containers by hostname. 2021-04-27 21:09:21 +00:00			`state: present`
Change how certificates are installed 2021-05-14 20:45:51 +00:00			`- name: copy nginx.conf`
			`template:`
			`src: nginx.conf.j2`
			`dest: "{{ data_folder }}/nginx/nginx.conf"`
			`mode: '0755'`
			`- name: copy snippets`
			`template:`
			`src: "{{ item }}"`
			`dest: "{{ data_folder }}/nginx/snippets/{{ item \| basename \| regex_replace('.j2$', '') }}"`
			`mode: '0755'`
			`with_fileglob:`
Fix nginx template snippets not being copied 2021-05-14 22:01:23 +00:00			`- "../templates/snippets/*.conf.j2"`
Make sure directories exist 2021-04-26 20:35:59 +00:00			`- name: run container`
Initial commit with working nginx and jellyfin 2021-04-22 23:04:44 +00:00			`docker_container:`
			`name: 'nginx'`
			`image: nginx`
Improve routing between containers Create user network nginx-internal and use Docker's internal DNS server to resolve containers by hostname. 2021-04-27 21:09:21 +00:00			`networks:`
Improve networks Create a single external network called "external". Create container-specific networks. Only a few containers need access to these. So far: openldap, postgres. 2021-06-21 08:38:18 +00:00			`- name: external`
Initial commit with working nginx and jellyfin 2021-04-22 23:04:44 +00:00			`volumes:`
Change how certificates are installed 2021-05-14 20:45:51 +00:00			`- "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"`
Make sure directories exist 2021-04-26 20:35:59 +00:00			`- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"`
Change how certificates are installed 2021-05-14 20:45:51 +00:00			`- "{{ data_folder }}/nginx/sites-available:/etc/nginx/sites-available"`
			`- "{{ data_folder }}/nginx/sites-enabled:/etc/nginx/sites-enabled"`
			`- "{{ data_folder }}/nginx/snippets:/etc/nginx/snippets"`
			`- "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/ssl/{{ base_domain }}.key"`
			`- "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/ssl/{{ base_domain }}.crt"`
Initial commit with working nginx and jellyfin 2021-04-22 23:04:44 +00:00			`ports:`
			`- "80:80"`
Enable SSL 2021-04-26 21:54:10 +00:00			`- "443:443"`
Initial commit with working nginx and jellyfin 2021-04-22 23:04:44 +00:00			`env:`
			`NGINX_HOST: "{{ base_domain }}"`
			`NGINX_PORT: '80'`
			`state: started`
Explicitly restart containers to prevent hard-to-debug issues 2021-04-26 20:36:53 +00:00			`restart: yes`