Chapter 3
This commit is contained in:
Tim Schilling
@@ -0,0 +1,19 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDCTCCAfGgAwIBAgIULJrcR7o2C6LlIK/TiUcDJX+i8QcwDQYJKoZIhvcNAQEL
|
||||||
|
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MTExOTA3NTkyM1oXDTI1MTEx
|
||||||
|
OTA3NTkyM1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
|
||||||
|
AAOCAQ8AMIIBCgKCAQEAuz0AxbZ9inpAQB29+zWZ6e0g391ROI8vNevl/0s3Bhfj
|
||||||
|
fGgV44soSNHdj+iYLMMnBRfzGMNpgcD+MaoJc8O2aOxGYPpTFW3JHTN022pfvCos
|
||||||
|
6vt3k24kIRrATDHi94tCodeQbyu18llDcHGuO01cTJbtOnTyNCnwNbfA4Vf7apkr
|
||||||
|
QPKehltViurzmfpudanztEAl8cfq3TZ/ky2U8+MTACmEsdGrVvBDv/22nwX+zxye
|
||||||
|
JFbusCoRfBWIXVyJBBe65esA1LdvodV0uFjrJ/N/JfoFs7AIagGNbkqBwHmsErNG
|
||||||
|
C2yRIogORVzMc5pvJOFvRbx2sJZZY34a1EFV1/DAQQIDAQABo1MwUTAdBgNVHQ4E
|
||||||
|
FgQUQ0Hapxg3qvEjr9nsxxN38uBStY8wHwYDVR0jBBgwFoAUQ0Hapxg3qvEjr9ns
|
||||||
|
xxN38uBStY8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAjFnd
|
||||||
|
GpVuOfMZgpstJ+LJmAjfAuZeFIEyToN6T/ZlqegMVa4s8HNW1o3b/sT/lCc36lSN
|
||||||
|
peRh+dgg+lEcX1zz+9Q9bzWuDJ7lig9SHwEF6fEF68ilVYjqowj7reBam0pL93I+
|
||||||
|
GtzKo2ruCV5caEuFHyXfhV1pkMEuhsI+WRX6NzDqXPMyVIDZI8fLhN917IBjsUgc
|
||||||
|
o8wli3SKJhNl6P7tX+xH2xx8S4vsm54zwKu5zGK6dlDBildv6krMlnJWpbpV0yqz
|
||||||
|
mKScUjHLI6zz82QNwnlXXC8AEzTAR3i3opnQgA5ecgz9E8ZO618A5RZ445HCtZEw
|
||||||
|
1FEhCqDEasz0MFGS3w==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
@@ -0,0 +1,28 @@
|
|||||||
|
-----BEGIN PRIVATE KEY-----
|
||||||
|
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7PQDFtn2KekBA
|
||||||
|
Hb37NZnp7SDf3VE4jy816+X/SzcGF+N8aBXjiyhI0d2P6JgswycFF/MYw2mBwP4x
|
||||||
|
qglzw7Zo7EZg+lMVbckdM3Tbal+8Kizq+3eTbiQhGsBMMeL3i0Kh15BvK7XyWUNw
|
||||||
|
ca47TVxMlu06dPI0KfA1t8DhV/tqmStA8p6GW1WK6vOZ+m51qfO0QCXxx+rdNn+T
|
||||||
|
LZTz4xMAKYSx0atW8EO//bafBf7PHJ4kVu6wKhF8FYhdXIkEF7rl6wDUt2+h1XS4
|
||||||
|
WOsn838l+gWzsAhqAY1uSoHAeawSs0YLbJEiiA5FXMxzmm8k4W9FvHawllljfhrU
|
||||||
|
QVXX8MBBAgMBAAECggEAB1O8riAFM2gzj7bCPpyDPofeqZgG88ZJqAvoUxhZycGh
|
||||||
|
T7bghWgmjkv1JkqpOtYztpOwegt6m17mq6Geb1LtNleprOWa3vut+zguZmA4KRxC
|
||||||
|
5/qpfCHbJNb/x7OLkNmYpM3zW2Bb5UUYOiQet/gf6Kje1XLqX/90pJuBXygi4PHW
|
||||||
|
asT2Px2D//UPyj7cyagYRkUp66sWMXxftIiKiUs6/iXKCAoIsWD4p2m2EEh8SQGf
|
||||||
|
e1t2pZ6FeqTtIuFQys9vNxIokxa5WYy226gCw4tiO8NWU5AAHHRBXqn0W/oAxbDG
|
||||||
|
Bu79Hk9XPL1taKdl3dh3KZUHmRtH3UoVhB/lN1snWQKBgQD/+tkQ7eGgjREpH57p
|
||||||
|
77jBqE7lvOh53+3yw47mJH4bAUV3dfvby0h4GkSDOT1+HljJmwn1rts8UGxqye6a
|
||||||
|
L2/yKFQeZ/aK2FnUnzqydK72A/yCsAoWUiZd1wM0GD+V1VFd7OWwh9OIwPDZDpiF
|
||||||
|
rsaG0PjOqDVOTnyzf7SP6j9teQKBgQC7QMWEDhyWtiYtnj1rMSto4tXX/8SdvSFN
|
||||||
|
RcggQlj5Z8K7QvDZ5eanVkfLpemWCkzFgMJSn1fU5FlRs3nxqbkJtc24icvRTq+U
|
||||||
|
CGlOawItgjWZ+5e0PAd5N0tkxbMuQ7dnziujErepQdNWK6SXTEXBPBXApk5OF2s0
|
||||||
|
+bKoe0ZfCQKBgQCiShmAwDCCJ62vktqfmlpafSi4QtJpIm2rsgxRIOXKnT27hVPO
|
||||||
|
f81MR+sT/yBba0YDW4Yu+1MHpD14Xtolatngf20Fcgg+8vfQ87q1FYEvfEuFV7Kt
|
||||||
|
gBvO9tiTGKSHjBzwHZdqGlMkqp6IHtbYOnynUKnN65sQMHajHt4NOAhKkQKBgQCC
|
||||||
|
4s5s9LQ1AFMFVfNWZsMSCGQzG/thyp5pddph+h5ZDpcF78+Mb29fDicXCPySPNbW
|
||||||
|
wp6RxAFPtOFeA1a8fcbyK5sFX4QQ5LBDh/Gbt56JEtfGrx6mA8Oxjd3sLWiGcRzU
|
||||||
|
uT61ONMZwwIm3FCq1Mx5Ojd2NojLewEbwWGI9MoGiQKBgG/82qSc6MdFhyNBtpgv
|
||||||
|
SzNtAqI6x2t+CqipXVpMFSa/NxeQvfwavrFCfF1EMZ2nWjvxEvhtI2VevFjhEJfr
|
||||||
|
lymufqsehJDUGbXzJc3jdpudiRTh9dSXGivAeh+JYynsAsD10DhW/qXQAVc2UVYE
|
||||||
|
KsU7yI4Q/koSvd5iymKGC26K
|
||||||
|
-----END PRIVATE KEY-----
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server ipv6only=on;
|
||||||
|
listen 443 ssl;
|
||||||
|
ssl_protocols TLSv1.2;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
index index.html;
|
||||||
|
server_tokens off;
|
||||||
|
add_header X-Frame-Options DENY;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
server_name {{ server_name }};
|
||||||
|
ssl_certificate {{ tls_dir }}{{ cert_file }};
|
||||||
|
ssl_certificate_key {{ tls_dir }}{{ key_file }};
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,74 @@
|
|||||||
|
- name: Configure webserver with Nginx and TLS
|
||||||
|
hosts: webservers
|
||||||
|
become: true
|
||||||
|
gather_facts: false
|
||||||
|
vars:
|
||||||
|
tls_dir: /etc/nginx/ssl/
|
||||||
|
key_file: nginx.key
|
||||||
|
cert_file: nginx.crt
|
||||||
|
conf_file: /etc/nginx/sites-available/default
|
||||||
|
server_name: Test01
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
- name: Restart nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Ensure nginx is installed
|
||||||
|
package:
|
||||||
|
name: nginx
|
||||||
|
update_cache: true
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
|
- name: Create directories for TLS certificates
|
||||||
|
file:
|
||||||
|
path: "{{ tls_dir }}"
|
||||||
|
state: directory
|
||||||
|
mode: '0750'
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
|
- name: Copy TLS files
|
||||||
|
copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ tls_dir }}"
|
||||||
|
mode: '0600'
|
||||||
|
loop:
|
||||||
|
- "{{ key_file }}"
|
||||||
|
- "{{ cert_file }}"
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
|
- name: Manage nginx config template
|
||||||
|
template:
|
||||||
|
src: nginx.conf.j2
|
||||||
|
dest: "{{ conf_file }}"
|
||||||
|
mode: '0644'
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
|
- name: Enable configuration
|
||||||
|
file:
|
||||||
|
src: /etc/nginx/sites-available/default
|
||||||
|
dest: /etc/nginx/sites-enabled/default
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: Install home page
|
||||||
|
template:
|
||||||
|
src: index.html.j2
|
||||||
|
dest: /usr/share/nginx/html/index.html
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Restart nginx
|
||||||
|
meta: flush_handlers
|
||||||
|
|
||||||
|
- name: "Test it! https://localhost:8443/index.html"
|
||||||
|
delegate_to: localhost
|
||||||
|
become: false
|
||||||
|
uri:
|
||||||
|
url: 'https://localhost:8443/index.html'
|
||||||
|
validate_certs: false
|
||||||
|
return_content: true
|
||||||
|
register: this
|
||||||
|
failed_when: "'Running on ' not in this.content"
|
||||||
|
tags:
|
||||||
|
- test
|
||||||
+22
-21
@@ -2,30 +2,31 @@
|
|||||||
- name: Configure webserver with nginx
|
- name: Configure webserver with nginx
|
||||||
hosts: webservers
|
hosts: webservers
|
||||||
become: true
|
become: true
|
||||||
|
vars:
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure nginx is installed
|
- name: Ensure nginx is installed
|
||||||
package:
|
package:
|
||||||
name: nginx
|
name: nginx
|
||||||
update_cache: yes
|
update_cache: true
|
||||||
|
|
||||||
- name: Copy nginx config file
|
- name: Copy nginx config file
|
||||||
copy:
|
copy:
|
||||||
src: nginx.conf
|
src: nginx.conf
|
||||||
dest: /etc/nginx/sites-available/default
|
dest: /etc/nginx/sites-available/default
|
||||||
|
|
||||||
- name: Enable Configuration
|
- name: Enable Configuration
|
||||||
file:
|
file:
|
||||||
src: /etc/nginx/sites-available/default
|
src: /etc/nginx/sites-available/default
|
||||||
dest: /etc/nginx/sites-enabled/default
|
dest: /etc/nginx/sites-enabled/default
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
- name: Copy index.html
|
- name: Copy index.html
|
||||||
template:
|
template:
|
||||||
src: index.html.j2
|
src: index.html.j2
|
||||||
dest: /usr/share/nginx/html/index.html
|
dest: /usr/share/nginx/html/index.html
|
||||||
|
|
||||||
- name: Restart nginx
|
- name: Restart nginx
|
||||||
service:
|
service:
|
||||||
name: nginx
|
name: nginx
|
||||||
state: restarted
|
state: restarted
|
||||||
...
|
...
|
||||||
Reference in New Issue
Block a user