58 lines
1.8 KiB
YAML
58 lines
1.8 KiB
YAML
# If self_signed = true, in nginx/files: generate root CA (if regenereate_root_ca = true),
|
|
# and sign a wildcard certificate. Copy certificates to /etc/ssl/.
|
|
- name: ensure directories exist
|
|
file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: '0755'
|
|
loop:
|
|
- "{{ data_folder }}/nginx"
|
|
- "{{ data_folder }}/nginx/conf.d"
|
|
- "{{ data_folder }}/nginx/sites-enabled"
|
|
- "{{ data_folder }}/nginx/sites-available"
|
|
- "{{ data_folder }}/nginx/snippets"
|
|
- name: generate self-signed certs
|
|
import_tasks: self-signed.yml
|
|
when: self_signed
|
|
- name: create nginx bridge network
|
|
docker_network:
|
|
name: nginx-internal
|
|
attachable: true
|
|
internal: true
|
|
state: present
|
|
- name: copy nginx.conf
|
|
template:
|
|
src: nginx.conf.j2
|
|
dest: "{{ data_folder }}/nginx/nginx.conf"
|
|
mode: '0755'
|
|
- name: copy snippets
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ data_folder }}/nginx/snippets/{{ item | basename | regex_replace('.j2$', '') }}"
|
|
mode: '0755'
|
|
with_fileglob:
|
|
- "../templates/snippets/*.conf"
|
|
- name: run container
|
|
docker_container:
|
|
name: 'nginx'
|
|
image: nginx
|
|
networks:
|
|
- name: bridge
|
|
- name: nginx-internal
|
|
volumes:
|
|
- "{{ data_folder }}/nginx/conf.d:/etc/nginx/conf.d"
|
|
- "{{ data_folder }}/nginx/nginx.conf:/etc/nginx/nginx.conf"
|
|
- "{{ data_folder }}/nginx/sites-available:/etc/nginx/sites-available"
|
|
- "{{ data_folder }}/nginx/sites-enabled:/etc/nginx/sites-enabled"
|
|
- "{{ data_folder }}/nginx/snippets:/etc/nginx/snippets"
|
|
- "{{ data_folder }}/nginx/{{ base_domain }}.key:/etc/ssl/{{ base_domain }}.key"
|
|
- "{{ data_folder }}/nginx/{{ base_domain }}.crt:/etc/ssl/{{ base_domain }}.crt"
|
|
ports:
|
|
- "80:80"
|
|
- "443:443"
|
|
env:
|
|
NGINX_HOST: "{{ base_domain }}"
|
|
NGINX_PORT: '80'
|
|
state: started
|
|
restart: yes
|