Add web server playbook

2025-07-08 23:30:00 +07:00 · 2025-07-08 23:30:00 +07:00 · c9c669d36a
parent e2e1462c4e
commit c9c669d36a
1 changed files with 98 additions and 0 deletions
--- a/playbooks/web-server.yml
+++ b/playbooks/web-server.yml
@ -0,0 +1,98 @@
+---
+- name: Web Server Deployment
+  hosts: webserver_deployment
+  become: yes
+
+  vars:
+    domain_name: pkl.com
+    ssl_cert_source: files/pkl.com.crt
+    ssl_key_source: files/pkl.com.key
+    ssl_cert_dest: /etc/ssl/certs/pkl.com.crt
+    ssl_key_dest: /etc/ssl/private/pkl.com.key
+    app_source_dir: files/index.html
+    app_target_dir: /var/www/pkl.com
+
+  tasks:
+
+    - name: Install Nginx
+      apt:
+        name: nginx
+        state: present
+        update_cache: yes
+      when: ansible_distribution in "Ubuntu"
+
+    - name: Start Nginx service
+      service:
+        name: nginx
+        state: started
+        enabled: yes
+
+    - name: Create web root directory
+      file:
+        path: "{{ app_target_dir }}"
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: '0755'
+
+    - name: Deploy index.html to web root
+      copy:
+        src: index.html
+        dest: "{{ app_target_dir }}/index.html"
+        owner: www-data
+        group: www-data
+        mode: '0644'
+
+    - name: Copy SSL certificate
+      copy:
+        src: "{{ ssl_cert_source }}"
+        dest: "{{ ssl_cert_dest }}"
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: Copy SSL key
+      copy:
+        src: "{{ ssl_key_source }}"
+        dest: "{{ ssl_key_dest }}"
+        owner: root
+        group: root
+        mode: '0600'
+
+    - name: Create a custom configuration file for Nginx
+      template:
+        src: templates/nginx.conf.j2
+        dest: /etc/nginx/sites-available/default
+        owner: root
+        group: root
+        mode: '0644'
+      notify: Restart Nginx
+
+    - name: Enable the new Nginx site
+      file:
+        src: /etc/nginx/sites-available/default
+        dest: /etc/nginx/sites-enabled/default
+        state: link
+        force: yes
+      notify: Restart Nginx
+      when: ansible_distribution == "Ubuntu"
+
+    - name: Allow HTTP and HTTPS through UFW
+      ufw:
+        rule: allow
+        port: "{{ item }}"
+        proto: tcp
+      loop:
+        - "80"
+        - "443"
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+  handlers:
+  - name: Restart Nginx
+    service:
+      name: nginx
+      state: restarted