|
|
---
|
|
|
- name: Déploiement application PHP avec Nginx + SSL via Certbot
|
|
|
hosts: hosts
|
|
|
become: true
|
|
|
|
|
|
vars:
|
|
|
web_root: /var/www/html
|
|
|
php_version: "8.3"
|
|
|
domain: {{ votre nom de domaine ici }}
|
|
|
email_ssl: {{ votre mail ici }}
|
|
|
|
|
|
tasks:
|
|
|
# ---------------------------------------------------
|
|
|
# 1️⃣ Système : mise à jour et packages
|
|
|
# ---------------------------------------------------
|
|
|
- name: Mise à jour du cache APT
|
|
|
apt:
|
|
|
update_cache: yes
|
|
|
cache_valid_time: 3600
|
|
|
|
|
|
- name: Installer Nginx et PHP
|
|
|
apt:
|
|
|
name:
|
|
|
- nginx
|
|
|
- php{{ php_version }}
|
|
|
- php{{ php_version }}-fpm
|
|
|
- php{{ php_version }}-cli
|
|
|
- php{{ php_version }}-common
|
|
|
- php{{ php_version }}-curl
|
|
|
- php{{ php_version }}-mbstring
|
|
|
- php{{ php_version }}-xml
|
|
|
- php{{ php_version }}-zip
|
|
|
- php{{ php_version }}-mysql
|
|
|
- certbot
|
|
|
- python3-certbot-nginx
|
|
|
state: present
|
|
|
|
|
|
- name: S'assurer que PHP-FPM est démarré
|
|
|
service:
|
|
|
name: php{{ php_version }}-fpm
|
|
|
state: started
|
|
|
enabled: yes
|
|
|
|
|
|
# ---------------------------------------------------
|
|
|
# 2️⃣ Nginx HTTP seulement (pré-Certbot)
|
|
|
# ---------------------------------------------------
|
|
|
- name: Supprimer le site nginx par défaut
|
|
|
file:
|
|
|
path: /etc/nginx/sites-enabled/default
|
|
|
state: absent
|
|
|
notify: reload nginx
|
|
|
|
|
|
- name: Configurer Nginx HTTP temporaire
|
|
|
copy:
|
|
|
dest: '/etc/nginx/sites-available/{{ domain }}'
|
|
|
content: |
|
|
|
server {
|
|
|
listen 80;
|
|
|
server_name {{ domain }};
|
|
|
root {{ web_root }};
|
|
|
|
|
|
index index.php index.html;
|
|
|
|
|
|
location / {
|
|
|
try_files $uri $uri/ /index.php?$query_string;
|
|
|
}
|
|
|
|
|
|
location ~ \.php$ {
|
|
|
include snippets/fastcgi-php.conf;
|
|
|
fastcgi_pass unix:/run/php/php{{ php_version }}-fpm.sock;
|
|
|
}
|
|
|
|
|
|
location ~ /\.ht {
|
|
|
deny all;
|
|
|
}
|
|
|
}
|
|
|
notify: reload nginx
|
|
|
|
|
|
- name: Activer le site
|
|
|
file:
|
|
|
src: '/etc/nginx/sites-available/{{ domain }}'
|
|
|
dest: '/etc/nginx/sites-enabled/{{ domain }}'
|
|
|
state: link
|
|
|
notify: reload nginx
|
|
|
|
|
|
# ---------------------------------------------------
|
|
|
# 3️⃣ Contenu Web
|
|
|
# ---------------------------------------------------
|
|
|
- name: Supprimer l'ancien contenu web
|
|
|
file:
|
|
|
path: "{{ web_root }}"
|
|
|
state: absent
|
|
|
|
|
|
- name: Recréer le dossier web
|
|
|
file:
|
|
|
path: "{{ web_root }}"
|
|
|
state: directory
|
|
|
owner: www-data
|
|
|
group: www-data
|
|
|
mode: '0755'
|
|
|
|
|
|
- name: Copier le dossier out vers le serveur
|
|
|
copy:
|
|
|
src: out/
|
|
|
dest: "{{ web_root }}"
|
|
|
owner: www-data
|
|
|
group: www-data
|
|
|
mode: '0755'
|
|
|
|
|
|
# ---------------------------------------------------
|
|
|
# 4️⃣ Certificat SSL via plugin Nginx
|
|
|
# ---------------------------------------------------
|
|
|
- name: Générer SSL et configurer HTTPS avec Certbot
|
|
|
command: >
|
|
|
certbot --nginx
|
|
|
-d {{ domain }}
|
|
|
--non-interactive
|
|
|
--agree-tos
|
|
|
--redirect
|
|
|
--email {{ email_ssl }}
|
|
|
args:
|
|
|
creates: /etc/letsencrypt/live/{{ domain }}/fullchain.pem
|
|
|
notify: reload nginx
|
|
|
|
|
|
# # ---------------------------------------------------
|
|
|
# # 5️⃣ Renouvellement automatique
|
|
|
# # ---------------------------------------------------
|
|
|
- name: Activer le timer Certbot pour renouvellement automatique
|
|
|
systemd:
|
|
|
name: certbot.timer
|
|
|
enabled: yes
|
|
|
state: started
|
|
|
|
|
|
handlers:
|
|
|
- name: reload nginx
|
|
|
service:
|
|
|
name: nginx
|
|
|
state: reloaded
|