41 lines
1006 B
YAML
41 lines
1006 B
YAML
---
|
||
- name: 安装 nginx 并同步本地 ssl 证书到远端 /etc/nginx/ssl
|
||
hosts: google-sdk
|
||
become: yes
|
||
vars:
|
||
remote_ssl_dir: /etc/nginx/ssl
|
||
|
||
tasks:
|
||
- name: 安装 nginx 包
|
||
package:
|
||
name: nginx
|
||
state: present
|
||
|
||
- name: 确保远端 ssl 目录存在
|
||
file:
|
||
path: "{{ remote_ssl_dir }}"
|
||
state: directory
|
||
owner: root
|
||
group: root
|
||
mode: '0755'
|
||
|
||
- name: 将本地 ssl/ 目录同步到远端 /etc/nginx/ssl
|
||
synchronize:
|
||
src: "../ssl/"
|
||
dest: "{{ remote_ssl_dir }}/"
|
||
recursive: yes
|
||
delete: no
|
||
rsync_opts:
|
||
- "--chmod=D0755,F0644"
|
||
delegate_to: localhost
|
||
|
||
- name: 限制私钥文件权限为 0600(匹配 *.key)
|
||
shell: "find {{ remote_ssl_dir }} -type f -name '*.key' -exec chmod 0600 {} \\;"
|
||
args:
|
||
warn: false
|
||
|
||
- name: 确保 nginx 已启用并运行
|
||
service:
|
||
name: nginx
|
||
state: restarted
|
||
enabled: yes |