| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 |
- ---
- - name: Remove default nginx vhost config file (if configured).
- file:
- path: "{{ nginx_default_vhost_path }}"
- state: absent
- when: nginx_remove_default_vhost
- notify: reload nginx
- - name: Ensure nginx_vhost_path exists.
- file:
- path: "{{ nginx_vhost_path }}"
- state: directory
- notify: reload nginx
- - name: Create self-signed ssl certificates.
- x509_certificate:
- key_path: '/etc/ssl/private/{{vhost.server_name}}.key'
- cert_path: '/etc/ssl/certs/{{vhost.server_name}}.pem'
- common_name: '{{vhost.server_name}}'
- organization_name: '{{vhost.ssl_cert_organization_name|default(None)}}'
- when: vhost.ssl | default(false)
- loop_control:
- loop_var: vhost
- with_items: '{{nginx_vhosts|default([])}}'
- register: vhosts_x509
- # http://unix.stackexchange.com/questions/247418/do-i-need-to-restart-nginx-if-i-renew-my-security-certificates#comment548097_247460
- notify: reload nginx
- - name: Download ssl certificates.
- fetch:
- src: '{{item.cert_path}}'
- flat: yes
- dest: '{{nginx_ssl_cert_download_path_prefix}}/{{item.subject_common_name}}'
- fail_on_missing: yes
- validate_checksum: yes
- when: item.subject_common_name is defined and nginx_ssl_cert_download_path_prefix is defined
- with_items: '{{vhosts_x509.results}}'
- - name: Add managed vhost config file (if any vhosts are configured).
- template:
- src: vhosts.j2
- dest: "{{ nginx_vhost_path }}/{{ nginx_vhosts_filename }}"
- mode: 0644
- when: nginx_vhosts|length > 0
- notify: reload nginx
- - name: Remove managed vhost config file (if no vhosts are configured).
- file:
- path: "{{ nginx_vhost_path }}/{{ nginx_vhosts_filename }}"
- state: absent
- when: nginx_vhosts|length == 0
- notify: reload nginx
|
