53 lines
1.5 KiB
YAML
53 lines
1.5 KiB
YAML
---
|
|
- name: Update Nginx SSL Configuration
|
|
hosts: nginxservice
|
|
become: yes
|
|
vars:
|
|
nginx_ssl_cert_path: /etc/nginx/ssl/bywaystudios.com.pem
|
|
nginx_ssl_key_path: /etc/nginx/ssl/bywaystudios.com.key
|
|
nginx_config_path: /etc/nginx/sites-available/default
|
|
nginx_ssl_cert_src: ssl/bywaystudios.com.pem # 新增:证书源文件,可通过 vars/inventory/extra_vars 覆盖
|
|
nginx_ssl_key_src: ssl/bywaystudios.com.key # 新增:私钥源文件,可通过 vars/inventory/extra_vars 覆盖
|
|
|
|
tasks:
|
|
- name: Create SSL directory
|
|
file:
|
|
path: /etc/nginx/ssl
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: Copy SSL certificate
|
|
copy:
|
|
src: "{{ nginx_ssl_cert_src }}"
|
|
dest: "{{ nginx_ssl_cert_path }}"
|
|
mode: '0644'
|
|
notify: Reload Nginx
|
|
|
|
- name: Copy SSL private key
|
|
copy:
|
|
src: "{{ nginx_ssl_key_src }}"
|
|
dest: "{{ nginx_ssl_key_path }}"
|
|
mode: '0600'
|
|
notify: Reload Nginx
|
|
|
|
# - name: Update Nginx SSL configuration
|
|
# template:
|
|
# src: templates/nginx-ssl.conf.j2
|
|
# dest: "{{ nginx_config_path }}"
|
|
# mode: '0644'
|
|
# notify: Reload Nginx
|
|
|
|
- name: Test Nginx configuration
|
|
command: nginx -t
|
|
register: nginx_test
|
|
changed_when: false
|
|
|
|
- name: Display Nginx test result
|
|
debug:
|
|
msg: "{{ nginx_test.stderr }}"
|
|
|
|
handlers:
|
|
- name: Reload Nginx
|
|
service:
|
|
name: nginx
|
|
state: reloaded |