ansible_deployment/site.yml

---
- name: Déploiement application PHP avec Nginx + SSL via Certbot
  hosts: hosts
  become: true

  vars:
    web_root: /var/www/html
    php_version: "8.3"
    domain: workmanager.aurianeschmitt.fr
    email_ssl: auriane.geaischmitt@viacesi.fr

  tasks:
    # ---------------------------------------------------
    # 1️⃣ Système : mise à jour et packages
    # ---------------------------------------------------
    - name: Mise à jour du cache APT
      apt:
        update_cache: yes
        cache_valid_time: 3600

    - name: Installer Nginx et PHP
      apt:
        name:
          - nginx
          - php{{ php_version }}
          - php{{ php_version }}-fpm
          - php{{ php_version }}-cli
          - php{{ php_version }}-common
          - php{{ php_version }}-curl
          - php{{ php_version }}-mbstring
          - php{{ php_version }}-xml
          - php{{ php_version }}-zip
          - php{{ php_version }}-mysql
          - certbot
          - python3-certbot-nginx
        state: present

    - name: S'assurer que PHP-FPM est démarré
      service:
        name: php{{ php_version }}-fpm
        state: started
        enabled: yes

    # ---------------------------------------------------
    # 2️⃣ Nginx HTTP seulement (pré-Certbot)
    # ---------------------------------------------------
    - name: Supprimer le site nginx par défaut
      file:
        path: /etc/nginx/sites-enabled/default
        state: absent
      notify: reload nginx

    - name: Configurer Nginx HTTP temporaire
      copy:
        dest: '/etc/nginx/sites-available/{{ domain }}'
        content: |
          server {
              listen 80;
              server_name {{ domain }};
              root {{ web_root }};

              index index.php index.html;

              location / {
                  try_files $uri $uri/ /index.php?$query_string;
              }

              location ~ \.php$ {
                  include snippets/fastcgi-php.conf;
                  fastcgi_pass unix:/run/php/php{{ php_version }}-fpm.sock;
              }

              location ~ /\.ht {
                  deny all;
              }
          }
      notify: reload nginx

    - name: Activer le site
      file:
        src: '/etc/nginx/sites-available/{{ domain }}'
        dest: '/etc/nginx/sites-enabled/{{ domain }}'
        state: link
      notify: reload nginx

    # ---------------------------------------------------
    # 3️⃣ Contenu Web
    # ---------------------------------------------------
    - name: Supprimer l'ancien contenu web
      file:
        path: "{{ web_root }}"
        state: absent

    - name: Recréer le dossier web
      file:
        path: "{{ web_root }}"
        state: directory
        owner: www-data
        group: www-data
        mode: '0755'

    - name: Copier le dossier out vers le serveur
      copy:
        src: out/
        dest: "{{ web_root }}"
        owner: www-data
        group: www-data
        mode: '0755'

    # ---------------------------------------------------
    # 4️⃣ Certificat SSL via plugin Nginx
    # ---------------------------------------------------
    - name: Générer SSL et configurer HTTPS avec Certbot
      command: >
        certbot --nginx
        -d {{ domain }}
        --non-interactive 
        --agree-tos
        --redirect
        --email {{ email_ssl }}
      args:
        creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem
      notify: reload nginx

    # # ---------------------------------------------------
    # # 5️⃣ Renouvellement automatique
    # # ---------------------------------------------------
    - name: Activer le timer Certbot pour renouvellement automatique
      systemd:
        name: certbot.timer
        enabled: yes
        state: started

  handlers:
    - name: reload nginx
      service:
        name: nginx
        state: reloaded
-												feat(back): Ansible config to deploy website with certbot

											
										
										
											1 month ago
+								---
 								- name: Déploiement application PHP avec Nginx + SSL via Certbot
-												fix(doc + back): fix vars and wording

											
										
										
											1 month ago
+								  hosts: hosts
-												feat(back): Ansible config to deploy website with certbot

											
										
										
											1 month ago
+								  become: true
 								  vars:
 								    web_root: /var/www/html
 								    php_version: "8.3"
 								    domain: workmanager.aurianeschmitt.fr
 								    email_ssl: auriane.geaischmitt@viacesi.fr
 								  tasks:
 								    # ---------------------------------------------------
 								    # 1️⃣ Système : mise à jour et packages
 								    # ---------------------------------------------------
 								    - name: Mise à jour du cache APT
 								      apt:
 								        update_cache: yes
 								        cache_valid_time: 3600
 								    - name: Installer Nginx et PHP
 								      apt:
 								        name:
 								          - nginx
 								          - php{{ php_version }}
 								          - php{{ php_version }}-fpm
 								          - php{{ php_version }}-cli
 								          - php{{ php_version }}-common
 								          - php{{ php_version }}-curl
 								          - php{{ php_version }}-mbstring
 								          - php{{ php_version }}-xml
 								          - php{{ php_version }}-zip
 								          - php{{ php_version }}-mysql
 								          - certbot
 								          - python3-certbot-nginx
 								        state: present
 								    - name: S'assurer que PHP-FPM est démarré
 								      service:
 								        name: php{{ php_version }}-fpm
 								        state: started
 								        enabled: yes
 								    # ---------------------------------------------------
 								    # 2️⃣ Nginx HTTP seulement (pré-Certbot)
 								    # ---------------------------------------------------
 								    - name: Supprimer le site nginx par défaut
 								      file:
 								        path: /etc/nginx/sites-enabled/default
 								        state: absent
 								      notify: reload nginx
 								    - name: Configurer Nginx HTTP temporaire
 								      copy:
 								        dest: '/etc/nginx/sites-available/{{ domain }}'
 								        content: |
 								          server {
 								              listen 80;
 								              server_name {{ domain }};
 								              root {{ web_root }};
 								              index index.php index.html;
 								              location / {
 								                  try_files $uri $uri/ /index.php?$query_string;
 								              }
 								              location ~ \.php$ {
 								                  include snippets/fastcgi-php.conf;
 								                  fastcgi_pass unix:/run/php/php{{ php_version }}-fpm.sock;
 								              }
 								              location ~ /\.ht {
 								                  deny all;
 								              }
 								          }
 								      notify: reload nginx
 								    - name: Activer le site
 								      file:
 								        src: '/etc/nginx/sites-available/{{ domain }}'
 								        dest: '/etc/nginx/sites-enabled/{{ domain }}'
 								        state: link
 								      notify: reload nginx
 								    # ---------------------------------------------------
 								    # 3️⃣ Contenu Web
 								    # ---------------------------------------------------
 								    - name: Supprimer l'ancien contenu web
 								      file:
 								        path: "{{ web_root }}"
 								        state: absent
 								    - name: Recréer le dossier web
 								      file:
 								        path: "{{ web_root }}"
 								        state: directory
 								        owner: www-data
 								        group: www-data
 								        mode: '0755'
 								    - name: Copier le dossier out vers le serveur
 								      copy:
 								        src: out/
 								        dest: "{{ web_root }}"
 								        owner: www-data
 								        group: www-data
 								        mode: '0755'
 								    # ---------------------------------------------------
 								    # 4️⃣ Certificat SSL via plugin Nginx
 								    # ---------------------------------------------------
 								    - name: Générer SSL et configurer HTTPS avec Certbot
 								      command: >
 								        certbot --nginx
 								        -d {{ domain }}
 								        --non-interactive
 								        --agree-tos
 								        --redirect
 								        --email {{ email_ssl }}
 								      args:
 								        creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem
 								      notify: reload nginx
 								    # # ---------------------------------------------------
 								    # # 5️⃣ Renouvellement automatique
 								    # # ---------------------------------------------------
 								    - name: Activer le timer Certbot pour renouvellement automatique
 								      systemd:
 								        name: certbot.timer
 								        enabled: yes
 								        state: started
 								  handlers:
 								    - name: reload nginx
 								      service:
 								        name: nginx
 								        state: reloaded