From d9da26d47e2bd58ec06c3511889fffa41d3b84d5 Mon Sep 17 00:00:00 2001 From: Auriane GS Date: Wed, 14 Jan 2026 11:55:13 +0100 Subject: [PATCH] feat(back): Ansible config to deploy website with certbot --- site.yml | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 site.yml diff --git a/site.yml b/site.yml new file mode 100644 index 0000000..e23075b --- /dev/null +++ b/site.yml @@ -0,0 +1,138 @@ +--- +- name: Déploiement application PHP avec Nginx + SSL via Certbot + hosts: workManager + become: true + + vars: + web_root: /var/www/html + php_version: "8.3" + domain: workmanager.aurianeschmitt.fr + email_ssl: auriane.geaischmitt@viacesi.fr + + tasks: + # --------------------------------------------------- + # 1️⃣ Système : mise à jour et packages + # --------------------------------------------------- + - name: Mise à jour du cache APT + apt: + update_cache: yes + cache_valid_time: 3600 + + - name: Installer Nginx et PHP + apt: + name: + - nginx + - php{{ php_version }} + - php{{ php_version }}-fpm + - php{{ php_version }}-cli + - php{{ php_version }}-common + - php{{ php_version }}-curl + - php{{ php_version }}-mbstring + - php{{ php_version }}-xml + - php{{ php_version }}-zip + - php{{ php_version }}-mysql + - certbot + - python3-certbot-nginx + state: present + + - name: S'assurer que PHP-FPM est démarré + service: + name: php{{ php_version }}-fpm + state: started + enabled: yes + + # --------------------------------------------------- + # 2️⃣ Nginx HTTP seulement (pré-Certbot) + # --------------------------------------------------- + - name: Supprimer le site nginx par défaut + file: + path: /etc/nginx/sites-enabled/default + state: absent + notify: reload nginx + + - name: Configurer Nginx HTTP temporaire + copy: + dest: '/etc/nginx/sites-available/{{ domain }}' + content: | + server { + listen 80; + server_name {{ domain }}; + root {{ web_root }}; + + index index.php index.html; + + location / { + try_files $uri $uri/ /index.php?$query_string; + } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/run/php/php{{ php_version }}-fpm.sock; + } + + location ~ /\.ht { + deny all; + } + } + notify: reload nginx + + - name: Activer le site + file: + src: '/etc/nginx/sites-available/{{ domain }}' + dest: '/etc/nginx/sites-enabled/{{ domain }}' + state: link + notify: reload nginx + + # --------------------------------------------------- + # 3️⃣ Contenu Web + # --------------------------------------------------- + - name: Supprimer l'ancien contenu web + file: + path: "{{ web_root }}" + state: absent + + - name: Recréer le dossier web + file: + path: "{{ web_root }}" + state: directory + owner: www-data + group: www-data + mode: '0755' + + - name: Copier le dossier out vers le serveur + copy: + src: out/ + dest: "{{ web_root }}" + owner: www-data + group: www-data + mode: '0755' + + # --------------------------------------------------- + # 4️⃣ Certificat SSL via plugin Nginx + # --------------------------------------------------- + - name: Générer SSL et configurer HTTPS avec Certbot + command: > + certbot --nginx + -d {{ domain }} + --non-interactive + --agree-tos + --redirect + --email {{ email_ssl }} + args: + creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem + notify: reload nginx + + # # --------------------------------------------------- + # # 5️⃣ Renouvellement automatique + # # --------------------------------------------------- + - name: Activer le timer Certbot pour renouvellement automatique + systemd: + name: certbot.timer + enabled: yes + state: started + + handlers: + - name: reload nginx + service: + name: nginx + state: reloaded