diff --git a/roles/webserver/files/apache-site.conf b/roles/webserver/files/apache-site.conf deleted file mode 100644 index dece11f..0000000 --- a/roles/webserver/files/apache-site.conf +++ /dev/null @@ -1,17 +0,0 @@ - - - ServerAdmin webmaster@kmlabz.com - - DocumentRoot /var/www/html - - ErrorLog ${APACHE_LOG_DIR}/error.log - CustomLog ${APACHE_LOG_DIR}/access.log combined - - SSLEngine on - SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem - SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key - - ProxyPass "/" "http://127.0.0.1:8080/" retry=1 acquire=3000 timeout=600 Keepalive=On - ProxyPassReverse "/" "http://127.0.0.1:8080/" - - diff --git a/roles/webserver/files/nginx.conf b/roles/webserver/files/nginx.conf new file mode 100644 index 0000000..c31506c --- /dev/null +++ b/roles/webserver/files/nginx.conf @@ -0,0 +1,72 @@ +# {{ansible_managed}} +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + multi_accept on; +} + +http { + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + gzip on; + + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $http_connection; + client_max_body_size 10m; + client_body_buffer_size 128k; + proxy_connect_timeout 90; + proxy_send_timeout 120; + proxy_read_timeout 300; + proxy_buffering off; + proxy_request_buffering off; + + server { + + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name _; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + location /{ + proxy_pass http://127.0.0.1:8080; + } + } +} \ No newline at end of file diff --git a/roles/webserver/tasks/main.yaml b/roles/webserver/tasks/main.yaml index a806ea5..7607859 100644 --- a/roles/webserver/tasks/main.yaml +++ b/roles/webserver/tasks/main.yaml @@ -1,33 +1,30 @@ --- -- name: "Install Apache via apt" +- name: "Remove Apache via apt" + apt: + update_cache: yes + state: absent + purge: true + name: + - apache2 + +- name: "Install Nginx via apt" apt: update_cache: yes state: present name: - - apache2 + - nginx - name: Upload site config to destination copy: - src: apache-site.conf - dest: /etc/apache2/sites-available/site.conf + src: nginx.conf + dest: /etc/nginx/nginx.conf mode: 644 owner: root + group: root -- name: Enable ssl module - command: a2enmod ssl - -- name: Enable proxy module - command: a2enmod proxy - -- name: Enable proxy_http module - command: a2enmod proxy_http - -- name: Enable site - command: a2ensite site.conf - -- name: Enable and restart Apache2 daemon +- name: Enable and restart nginx daemon service: - name: apache2 + name: nginx state: restarted enabled: yes