You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
233 lines
5.9 KiB
YAML
233 lines
5.9 KiB
YAML
---
|
|
- name: Installer et configurer Nginx sur VPS Ubuntu
|
|
hosts: webservers
|
|
become: yes
|
|
|
|
tasks:
|
|
- name: Mettre à jour le cache apt
|
|
apt:
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
|
|
- name: Installer Nginx
|
|
apt:
|
|
name: nginx
|
|
state: present
|
|
|
|
- name: Installer Node.js et npm
|
|
apt:
|
|
name:
|
|
- nodejs
|
|
- npm
|
|
state: present
|
|
|
|
- name: Installer pnpm globalement
|
|
command: npm install -g pnpm
|
|
changed_when: false
|
|
|
|
- name: Installer apache2-utils pour htpasswd
|
|
apt:
|
|
name: apache2-utils
|
|
state: present
|
|
|
|
- name: Installer la librairie Python passlib
|
|
apt:
|
|
name: python3-passlib
|
|
state: present
|
|
|
|
- name: Créer un fichier de mots de passe
|
|
htpasswd:
|
|
path: /etc/nginx/.htpasswd
|
|
name: admin
|
|
password: "mdp123"
|
|
owner: root
|
|
group: www-data
|
|
mode: '0640'
|
|
|
|
- name: Installer Certbot pour Let's Encrypt
|
|
apt:
|
|
name:
|
|
- certbot
|
|
- python3-certbot-nginx
|
|
state: present
|
|
|
|
- name: Obtenir un certificat SSL avec Certbot
|
|
command: certbot --nginx -d defder.fr --non-interactive --agree-tos --email bottero.romain1811@gmail.com --redirect
|
|
notify: Restart Nginx
|
|
args:
|
|
creates: /etc/letsencrypt/live/defder.fr/fullchain.pem
|
|
|
|
- name: Configurer le renouvellement automatique du certificat
|
|
cron:
|
|
name: "Renouveler le certificat SSL"
|
|
minute: "0"
|
|
hour: "3"
|
|
job: "certbot renew --quiet"
|
|
|
|
|
|
- name: S'assurer qu'UFW est installé
|
|
apt:
|
|
name: ufw
|
|
state: present
|
|
|
|
- name: Autoriser le trafic SSH dans le firewall (UFW)
|
|
ufw:
|
|
rule: allow
|
|
port: '22'
|
|
proto: tcp
|
|
|
|
- name: Autoriser le trafic HTTP dans le firewall (UFW)
|
|
ufw:
|
|
rule: allow
|
|
port: '80'
|
|
proto: tcp
|
|
|
|
- name: Autoriser le trafic HTTPS dans le firewall (UFW)
|
|
ufw:
|
|
rule: allow
|
|
port: '443'
|
|
proto: tcp
|
|
|
|
- name: Activer UFW(uncomplicated firewall)
|
|
ufw:
|
|
state: enabled
|
|
|
|
- name: Démarrer et activer Nginx
|
|
systemd:
|
|
name: nginx
|
|
state: started
|
|
enabled: yes
|
|
# Config Nginx supprimée - on utilise uniquement nginx-app-legacy.conf.j2
|
|
# qui fait le reverse proxy vers l'app Node.js
|
|
|
|
- name: Supprimer toute ancienne config Nginx obsolète
|
|
file:
|
|
path: /etc/nginx/sites-available/defder
|
|
state: absent
|
|
|
|
- name: Déployer la configuration Nginx pour l'app legacy
|
|
template:
|
|
src: templates/nginx-app-legacy.conf.j2
|
|
dest: /etc/nginx/sites-available/defder
|
|
notify: Recharger Nginx
|
|
|
|
- name: Déployer le service systemd pour l'app legacy
|
|
template:
|
|
src: templates/bricoloc-legacy.service.j2
|
|
dest: /etc/systemd/system/bricoloc-legacy.service
|
|
notify: Redémarrer l'app legacy
|
|
|
|
- name: Activer et démarrer le service legacy
|
|
systemd:
|
|
name: bricoloc-legacy
|
|
state: started
|
|
enabled: yes
|
|
daemon_reload: yes
|
|
|
|
- name: Activer le site
|
|
file:
|
|
src: /etc/nginx/sites-available/defder
|
|
dest: /etc/nginx/sites-enabled/defder
|
|
state: link
|
|
notify: Recharger Nginx
|
|
|
|
- name: Désactiver le site par défaut
|
|
file:
|
|
path: /etc/nginx/sites-enabled/default
|
|
state: absent
|
|
notify: Recharger Nginx
|
|
|
|
- name: Vérifier que Nginx est en cours d'exécution
|
|
service:
|
|
name: nginx
|
|
state: started
|
|
register: nginx_status
|
|
|
|
- name: Afficher le statut de Nginx
|
|
debug:
|
|
msg: "Nginx est installé et en cours d'exécution"
|
|
|
|
|
|
- name: Récupérer l'IP du serveur
|
|
command: hostname -I
|
|
register: server_ip
|
|
changed_when: false
|
|
|
|
- name: Créer le dossier du site web
|
|
file:
|
|
path: /var/www/apps
|
|
state: directory
|
|
owner: www-data
|
|
group: www-data
|
|
mode: '0755'
|
|
|
|
- name: Créer le dossier .local pour pnpm
|
|
file:
|
|
path: /var/www/.local/share/pnpm
|
|
state: directory
|
|
owner: www-data
|
|
group: www-data
|
|
mode: '0755'
|
|
recurse: yes
|
|
|
|
- name: Déployer l'app depuis le repo local
|
|
synchronize:
|
|
src: app/bricolociaac/
|
|
dest: /var/www/apps/bricolociaac/
|
|
delete: yes
|
|
rsync_opts:
|
|
- "--exclude=node_modules"
|
|
- "--exclude=.git"
|
|
|
|
- name: Définir les permissions sur les fichiers déployés
|
|
file:
|
|
path: /var/www/apps/bricolociaac
|
|
owner: www-data
|
|
group: www-data
|
|
recurse: yes
|
|
|
|
- name: Installer les dépendances du projet
|
|
shell: |
|
|
cd /var/www/apps/bricolociaac
|
|
pnpm install --frozen-lockfile || pnpm install
|
|
environment:
|
|
NODE_ENV: production
|
|
PNPM_HOME: /var/www/.local/share/pnpm
|
|
timeout: 600
|
|
|
|
- name: Installer les dépendances de l'app legacy spécifiquement
|
|
shell: |
|
|
cd /var/www/apps/bricolociaac
|
|
pnpm install --filter legacy --frozen-lockfile || pnpm install --filter legacy
|
|
environment:
|
|
NODE_ENV: production
|
|
PNPM_HOME: /var/www/.local/share/pnpm
|
|
timeout: 600
|
|
|
|
- name: Builder l'app legacy
|
|
command: pnpm build:legacy
|
|
args:
|
|
chdir: /var/www/apps/bricolociaac
|
|
environment:
|
|
NODE_ENV: production
|
|
PNPM_HOME: /var/www/.local/share/pnpm
|
|
|
|
- name: Afficher l'URL d'accès
|
|
debug:
|
|
msg: "Nginx est accessible à l'adresse : https://defder.fr (ou http://{{ server_ip.stdout.split()[0] }} qui redirige vers HTTPS)"
|
|
|
|
handlers:
|
|
- name: Restart Nginx
|
|
service:
|
|
name: nginx
|
|
state: restarted
|
|
|
|
- name: Recharger Nginx
|
|
systemd:
|
|
name: nginx
|
|
state: reloaded
|
|
|
|
- name: Redémarrer l'app legacy
|
|
systemd:
|
|
name: bricoloc-legacy
|
|
state: restarted |