--- - name: Packages ansible.builtin.include_tasks: install.yml tags: install - name: Install the proxy snippet ansible.builtin.copy: src: files/proxy.conf dest: /etc/nginx/proxy.conf mode: 0644 owner: root group: root notify: Restart nginx - name: Install the SSL snippet ansible.builtin.template: src: templates/ssl.conf dest: /etc/nginx/ssl.conf mode: 0644 owner: root group: root notify: Restart nginx - name: Install the default config ansible.builtin.copy: src: files/nginx.conf dest: /etc/nginx/nginx.conf mode: 0644 owner: root group: root notify: Restart nginx - name: Install the HTTP config ansible.builtin.template: src: templates/http.conf dest: /etc/nginx/http.conf mode: 0644 owner: root group: root notify: Restart nginx - name: Enable $HOME shortcut ansible.builtin.template: src: templates/me.conf dest: /etc/nginx/conf.d/me.conf mode: 0644 owner: root group: root notify: Restart nginx - name: Allow httpd in homedirs in SELinux ansible.posix.seboolean: name: httpd_enable_homedirs state: true persistent: true when: ansible_facts.selinux.status == 'enabled' - name: Enable reverse proxy ansible.builtin.template: src: templates/reverse_proxy.conf dest: "/etc/nginx/conf.d/{{ item.domain }}.conf" mode: 0644 owner: root group: root vars: proxy_domain: "{{ item.domain }}" proxy_upstream: "{{ item.upstream }}" proxy_protocol: "{{ item.protocol }}" loop: "{{ nginx_reverse_proxy }}" notify: Restart nginx # ‹httpd_can_network_relay› was not enough for the ubiquiti reverse proxy - name: Allow reverse proxy in SELinux ansible.posix.seboolean: name: httpd_can_network_connect state: true persistent: true when: "ansible_facts.selinux.status == 'enabled' and nginx_reverse_proxy" - name: Enable nginx on firewall ansible.posix.firewalld: service: "{{ item }}" immediate: true permanent: true state: enabled loop: - http - https when: ansible_facts.services['firewalld'] is defined tags: firewall - name: Enable nginx ansible.builtin.service: name: nginx enabled: true state: restarted