mirror of
https://github.com/Apress/Beginning-Ansible-Concepts-and-Application.git
synced 2024-11-09 17:07:44 +01:00
49 lines
1 KiB
YAML
49 lines
1 KiB
YAML
|
---
|
||
|
- hosts: webservers
|
||
|
become: true
|
||
|
tasks:
|
||
|
- name: Ensure nginx is installed
|
||
|
apt:
|
||
|
name: nginx
|
||
|
state: present
|
||
|
|
||
|
- name: Change the nginx port
|
||
|
replace:
|
||
|
path: /etc/nginx/sites-enabled/default
|
||
|
regexp: "listen [0-9]+"
|
||
|
replace: "listen {{ http_port }}"
|
||
|
|
||
|
- name: Reload nginx for new config
|
||
|
service:
|
||
|
name: nginx
|
||
|
state: reloaded
|
||
|
|
||
|
- name: Push website content to the web root
|
||
|
copy:
|
||
|
src: index.html
|
||
|
dest: /var/www/html/
|
||
|
mode: u=rw,g=r,o=r
|
||
|
|
||
|
- name: Firewall - Allow SSH connections
|
||
|
ufw:
|
||
|
rule: allow
|
||
|
name: OpenSSH
|
||
|
|
||
|
- name: Firewall - Allow website connections
|
||
|
ufw:
|
||
|
rule: allow
|
||
|
port: "{{ http_port }}"
|
||
|
|
||
|
- name: Firewall - Deny everything else
|
||
|
ufw:
|
||
|
state: enabled
|
||
|
policy: deny
|
||
|
|
||
|
- name: Validate that the http_port is working
|
||
|
wait_for:
|
||
|
host: "{{ ansible_host }}"
|
||
|
port: "{{ http_port }}"
|
||
|
timeout: 5
|
||
|
connection: local
|
||
|
|