Chapter 3
This commit is contained in:
Tim Schilling
@@ -0,0 +1,19 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIDCTCCAfGgAwIBAgIULJrcR7o2C6LlIK/TiUcDJX+i8QcwDQYJKoZIhvcNAQEL
|
||||
BQAwFDESMBAGA1UEAwwJbG9jYWxob3N0MB4XDTI0MTExOTA3NTkyM1oXDTI1MTEx
|
||||
OTA3NTkyM1owFDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEF
|
||||
AAOCAQ8AMIIBCgKCAQEAuz0AxbZ9inpAQB29+zWZ6e0g391ROI8vNevl/0s3Bhfj
|
||||
fGgV44soSNHdj+iYLMMnBRfzGMNpgcD+MaoJc8O2aOxGYPpTFW3JHTN022pfvCos
|
||||
6vt3k24kIRrATDHi94tCodeQbyu18llDcHGuO01cTJbtOnTyNCnwNbfA4Vf7apkr
|
||||
QPKehltViurzmfpudanztEAl8cfq3TZ/ky2U8+MTACmEsdGrVvBDv/22nwX+zxye
|
||||
JFbusCoRfBWIXVyJBBe65esA1LdvodV0uFjrJ/N/JfoFs7AIagGNbkqBwHmsErNG
|
||||
C2yRIogORVzMc5pvJOFvRbx2sJZZY34a1EFV1/DAQQIDAQABo1MwUTAdBgNVHQ4E
|
||||
FgQUQ0Hapxg3qvEjr9nsxxN38uBStY8wHwYDVR0jBBgwFoAUQ0Hapxg3qvEjr9ns
|
||||
xxN38uBStY8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAjFnd
|
||||
GpVuOfMZgpstJ+LJmAjfAuZeFIEyToN6T/ZlqegMVa4s8HNW1o3b/sT/lCc36lSN
|
||||
peRh+dgg+lEcX1zz+9Q9bzWuDJ7lig9SHwEF6fEF68ilVYjqowj7reBam0pL93I+
|
||||
GtzKo2ruCV5caEuFHyXfhV1pkMEuhsI+WRX6NzDqXPMyVIDZI8fLhN917IBjsUgc
|
||||
o8wli3SKJhNl6P7tX+xH2xx8S4vsm54zwKu5zGK6dlDBildv6krMlnJWpbpV0yqz
|
||||
mKScUjHLI6zz82QNwnlXXC8AEzTAR3i3opnQgA5ecgz9E8ZO618A5RZ445HCtZEw
|
||||
1FEhCqDEasz0MFGS3w==
|
||||
-----END CERTIFICATE-----
|
||||
@@ -0,0 +1,28 @@
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC7PQDFtn2KekBA
|
||||
Hb37NZnp7SDf3VE4jy816+X/SzcGF+N8aBXjiyhI0d2P6JgswycFF/MYw2mBwP4x
|
||||
qglzw7Zo7EZg+lMVbckdM3Tbal+8Kizq+3eTbiQhGsBMMeL3i0Kh15BvK7XyWUNw
|
||||
ca47TVxMlu06dPI0KfA1t8DhV/tqmStA8p6GW1WK6vOZ+m51qfO0QCXxx+rdNn+T
|
||||
LZTz4xMAKYSx0atW8EO//bafBf7PHJ4kVu6wKhF8FYhdXIkEF7rl6wDUt2+h1XS4
|
||||
WOsn838l+gWzsAhqAY1uSoHAeawSs0YLbJEiiA5FXMxzmm8k4W9FvHawllljfhrU
|
||||
QVXX8MBBAgMBAAECggEAB1O8riAFM2gzj7bCPpyDPofeqZgG88ZJqAvoUxhZycGh
|
||||
T7bghWgmjkv1JkqpOtYztpOwegt6m17mq6Geb1LtNleprOWa3vut+zguZmA4KRxC
|
||||
5/qpfCHbJNb/x7OLkNmYpM3zW2Bb5UUYOiQet/gf6Kje1XLqX/90pJuBXygi4PHW
|
||||
asT2Px2D//UPyj7cyagYRkUp66sWMXxftIiKiUs6/iXKCAoIsWD4p2m2EEh8SQGf
|
||||
e1t2pZ6FeqTtIuFQys9vNxIokxa5WYy226gCw4tiO8NWU5AAHHRBXqn0W/oAxbDG
|
||||
Bu79Hk9XPL1taKdl3dh3KZUHmRtH3UoVhB/lN1snWQKBgQD/+tkQ7eGgjREpH57p
|
||||
77jBqE7lvOh53+3yw47mJH4bAUV3dfvby0h4GkSDOT1+HljJmwn1rts8UGxqye6a
|
||||
L2/yKFQeZ/aK2FnUnzqydK72A/yCsAoWUiZd1wM0GD+V1VFd7OWwh9OIwPDZDpiF
|
||||
rsaG0PjOqDVOTnyzf7SP6j9teQKBgQC7QMWEDhyWtiYtnj1rMSto4tXX/8SdvSFN
|
||||
RcggQlj5Z8K7QvDZ5eanVkfLpemWCkzFgMJSn1fU5FlRs3nxqbkJtc24icvRTq+U
|
||||
CGlOawItgjWZ+5e0PAd5N0tkxbMuQ7dnziujErepQdNWK6SXTEXBPBXApk5OF2s0
|
||||
+bKoe0ZfCQKBgQCiShmAwDCCJ62vktqfmlpafSi4QtJpIm2rsgxRIOXKnT27hVPO
|
||||
f81MR+sT/yBba0YDW4Yu+1MHpD14Xtolatngf20Fcgg+8vfQ87q1FYEvfEuFV7Kt
|
||||
gBvO9tiTGKSHjBzwHZdqGlMkqp6IHtbYOnynUKnN65sQMHajHt4NOAhKkQKBgQCC
|
||||
4s5s9LQ1AFMFVfNWZsMSCGQzG/thyp5pddph+h5ZDpcF78+Mb29fDicXCPySPNbW
|
||||
wp6RxAFPtOFeA1a8fcbyK5sFX4QQ5LBDh/Gbt56JEtfGrx6mA8Oxjd3sLWiGcRzU
|
||||
uT61ONMZwwIm3FCq1Mx5Ojd2NojLewEbwWGI9MoGiQKBgG/82qSc6MdFhyNBtpgv
|
||||
SzNtAqI6x2t+CqipXVpMFSa/NxeQvfwavrFCfF1EMZ2nWjvxEvhtI2VevFjhEJfr
|
||||
lymufqsehJDUGbXzJc3jdpudiRTh9dSXGivAeh+JYynsAsD10DhW/qXQAVc2UVYE
|
||||
KsU7yI4Q/koSvd5iymKGC26K
|
||||
-----END PRIVATE KEY-----
|
||||
@@ -0,0 +1,18 @@
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server ipv6only=on;
|
||||
listen 443 ssl;
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
root /usr/share/nginx/html;
|
||||
index index.html;
|
||||
server_tokens off;
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
server_name {{ server_name }};
|
||||
ssl_certificate {{ tls_dir }}{{ cert_file }};
|
||||
ssl_certificate_key {{ tls_dir }}{{ key_file }};
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,74 @@
|
||||
- name: Configure webserver with Nginx and TLS
|
||||
hosts: webservers
|
||||
become: true
|
||||
gather_facts: false
|
||||
vars:
|
||||
tls_dir: /etc/nginx/ssl/
|
||||
key_file: nginx.key
|
||||
cert_file: nginx.crt
|
||||
conf_file: /etc/nginx/sites-available/default
|
||||
server_name: Test01
|
||||
|
||||
handlers:
|
||||
- name: Restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
|
||||
tasks:
|
||||
- name: Ensure nginx is installed
|
||||
package:
|
||||
name: nginx
|
||||
update_cache: true
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Create directories for TLS certificates
|
||||
file:
|
||||
path: "{{ tls_dir }}"
|
||||
state: directory
|
||||
mode: '0750'
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Copy TLS files
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ tls_dir }}"
|
||||
mode: '0600'
|
||||
loop:
|
||||
- "{{ key_file }}"
|
||||
- "{{ cert_file }}"
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Manage nginx config template
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
dest: "{{ conf_file }}"
|
||||
mode: '0644'
|
||||
notify: Restart nginx
|
||||
|
||||
- name: Enable configuration
|
||||
file:
|
||||
src: /etc/nginx/sites-available/default
|
||||
dest: /etc/nginx/sites-enabled/default
|
||||
state: link
|
||||
|
||||
- name: Install home page
|
||||
template:
|
||||
src: index.html.j2
|
||||
dest: /usr/share/nginx/html/index.html
|
||||
mode: '0644'
|
||||
|
||||
- name: Restart nginx
|
||||
meta: flush_handlers
|
||||
|
||||
- name: "Test it! https://localhost:8443/index.html"
|
||||
delegate_to: localhost
|
||||
become: false
|
||||
uri:
|
||||
url: 'https://localhost:8443/index.html'
|
||||
validate_certs: false
|
||||
return_content: true
|
||||
register: this
|
||||
failed_when: "'Running on ' not in this.content"
|
||||
tags:
|
||||
- test
|
||||
+22
-21
@@ -2,30 +2,31 @@
|
||||
- name: Configure webserver with nginx
|
||||
hosts: webservers
|
||||
become: true
|
||||
vars:
|
||||
tasks:
|
||||
- name: Ensure nginx is installed
|
||||
package:
|
||||
name: nginx
|
||||
update_cache: yes
|
||||
- name: Ensure nginx is installed
|
||||
package:
|
||||
name: nginx
|
||||
update_cache: true
|
||||
|
||||
- name: Copy nginx config file
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/sites-available/default
|
||||
- name: Copy nginx config file
|
||||
copy:
|
||||
src: nginx.conf
|
||||
dest: /etc/nginx/sites-available/default
|
||||
|
||||
- name: Enable Configuration
|
||||
file:
|
||||
src: /etc/nginx/sites-available/default
|
||||
dest: /etc/nginx/sites-enabled/default
|
||||
state: link
|
||||
- name: Enable Configuration
|
||||
file:
|
||||
src: /etc/nginx/sites-available/default
|
||||
dest: /etc/nginx/sites-enabled/default
|
||||
state: link
|
||||
|
||||
- name: Copy index.html
|
||||
template:
|
||||
src: index.html.j2
|
||||
dest: /usr/share/nginx/html/index.html
|
||||
- name: Copy index.html
|
||||
template:
|
||||
src: index.html.j2
|
||||
dest: /usr/share/nginx/html/index.html
|
||||
|
||||
- name: Restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
- name: Restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
...
|
||||
Reference in New Issue
Block a user