Playbook Example: Secure Nginx Server

This page walks through a procedure resulting in the following files:

    playbooks/ansible.cfg

    playbooks/hosts

    playbooks/Vagrantfile

    playbooks/web-notls.yml

    playbooks/web-tls.yml

    playbooks/files/nginx.key

    playbooks/files/nginx.crt

    playbooks/files/nginx.conf

    playbooks/templates/index.html.j2

    playbooks/templates/nginx.conf.j2

Port configuration (Vagrantfile)

We want to arrange the Vagrant machine so that we map the local port 8080 to the vagrant machine's port 80, and map the local port 8443 to the vagrant machine's port 443.

The Vagrantfile should be modified as follows:

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box = "ubuntu/xenial64"
  config.vm.network "forwarded_port", guest: 80, host: 8080
  config.vm.network "forwarded_port", guest: 443, host: 8443
end

Now instruct vagrant to reload from the Vagrantfile:

$ vagrant reload

==> default: Forwarding ports...
    default: 80 => 8080 (adapter 1)
    default: 443 => 8443 (adapter 1)
    default: 22 => 2222 (adapter 1)

Simple playbook

Here is a simple playbook for our secure nginx server:

web-notls.yml:

- name: Configure webserver with nginx
  hosts: webservers
  become: True
  tasks:
    - name: install nginx
      apt: name=nginx update_cache=yes

    - name: copy nginx config file
      copy: src=files/nginx.conf dest=/etc/nginx/sites-available/default

    - name: enable configuration
      file: >
        dest=/etc/nginx/sites-enabled/default
        src=/etc/nginx/sites-available/default
        state=link

    - name: copy index.html
      template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html
        mode=0644

    - name: restart nginx
      service: name=nginx state=restarted

YAML truthy: true, True, TRUE, yes, Yes, YES, on, On, ON, y, Y

YAML falsey: false, False, FALSE, no, No, NO, off, Off, OFF, n, N

Flags