2026-02-10 08:49:44 +01:00
|
|
|
---
|
|
|
|
|
- name: Configurer Nginx avec authentification htpasswd et HTTPS via Certbot
|
|
|
|
|
hosts: all
|
|
|
|
|
become: yes
|
|
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
|
- name: Mettre à jour la liste des paquets
|
|
|
|
|
apt:
|
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
|
|
- name: Upgrader tous les paquets
|
|
|
|
|
apt:
|
|
|
|
|
upgrade: dist
|
|
|
|
|
|
|
|
|
|
- name: Installer Nginx
|
|
|
|
|
apt:
|
|
|
|
|
name: nginx
|
|
|
|
|
state: present
|
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
|
|
- name: Démarrer et activer Nginx
|
|
|
|
|
service:
|
|
|
|
|
name: nginx
|
|
|
|
|
state: started
|
|
|
|
|
enabled: yes
|
|
|
|
|
|
|
|
|
|
- name: Créer le répertoire pour le site web
|
|
|
|
|
file:
|
2026-02-11 20:09:03 +01:00
|
|
|
path: "/var/www/{{ intranet.nginx.domain_name }}"
|
2026-02-10 08:49:44 +01:00
|
|
|
state: directory
|
|
|
|
|
owner: www-data
|
|
|
|
|
group: www-data
|
|
|
|
|
mode: '0755'
|
|
|
|
|
|
|
|
|
|
# - name: Créer une page d'accueil simple
|
|
|
|
|
# copy:
|
|
|
|
|
# content: |
|
|
|
|
|
# <html>
|
|
|
|
|
# <head><title>Bienvenue sur {{ domain_name }}</title></head>
|
|
|
|
|
# <body><h1>Bienvenue sur {{ domain_name }}</h1></body>
|
|
|
|
|
# </html>
|
|
|
|
|
# dest: "/var/www/{{ domain_name }}/index.html"
|
|
|
|
|
# owner: www-data
|
|
|
|
|
# group: www-data
|
|
|
|
|
# mode: '0644'
|
|
|
|
|
|
|
|
|
|
- name: Installer le paquet apache2-utils pour htpasswd
|
|
|
|
|
apt:
|
|
|
|
|
name: apache2-utils
|
|
|
|
|
state: present
|
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
|
|
- name: Créer le fichier htpasswd avec le premier utilisateur
|
|
|
|
|
command: >
|
2026-02-11 20:09:03 +01:00
|
|
|
htpasswd -bc {{ intranet.nginx.htpasswd_file }} {{ intranet.nginx.users[0].username }} {{ intranet.nginx.users[0].password }}
|
2026-02-10 08:49:44 +01:00
|
|
|
args:
|
2026-02-11 20:09:03 +01:00
|
|
|
creates: "{{ intranet.nginx.htpasswd_file }}" # Ne recrée pas le fichier s'il existe déjà
|
2026-02-10 08:49:44 +01:00
|
|
|
|
|
|
|
|
- name: Ajouter les utilisateurs suivants au fichier htpasswd
|
|
|
|
|
command: >
|
2026-02-11 20:09:03 +01:00
|
|
|
htpasswd -b {{ intranet.nginx.htpasswd_file }} {{ item.username }} {{ item.password }}
|
|
|
|
|
loop: "{{ intranet.nginx.users[1:] }}" # Ignore le premier utilisateur déjà ajouté
|
|
|
|
|
when: intranet.nginx.users | length > 1 # Exécute uniquement s'il y a plus d'un utilisateur
|
2026-02-10 08:49:44 +01:00
|
|
|
|
|
|
|
|
- name: Configurer le site Nginx avec authentification (HTTP)
|
|
|
|
|
template:
|
|
|
|
|
src: nginx_site_http.conf.j2
|
2026-02-11 20:09:03 +01:00
|
|
|
dest: "/etc/nginx/sites-available/{{ intranet.nginx.domain_name }}"
|
2026-02-10 08:49:44 +01:00
|
|
|
owner: root
|
|
|
|
|
group: root
|
|
|
|
|
mode: '0644'
|
|
|
|
|
|
|
|
|
|
- name: Activer le site Nginx
|
|
|
|
|
file:
|
2026-02-11 20:09:03 +01:00
|
|
|
src: "/etc/nginx/sites-available/{{ intranet.nginx.domain_name }}"
|
|
|
|
|
dest: "/etc/nginx/sites-enabled/{{ intranet.nginx.domain_name }}"
|
2026-02-10 08:49:44 +01:00
|
|
|
state: link
|
|
|
|
|
|
|
|
|
|
- name: Tester la configuration Nginx
|
|
|
|
|
command: nginx -t
|
|
|
|
|
register: nginx_test
|
|
|
|
|
changed_when: false
|
|
|
|
|
notify: Redémarrer Nginx
|
|
|
|
|
|
|
|
|
|
- name: Redémarrer Nginx pour appliquer les changements
|
|
|
|
|
service:
|
|
|
|
|
name: nginx
|
|
|
|
|
state: restarted
|
|
|
|
|
|
|
|
|
|
- name: Installer Certbot et le plugin Nginx
|
|
|
|
|
apt:
|
|
|
|
|
name:
|
|
|
|
|
- certbot
|
|
|
|
|
- python3-certbot-nginx
|
|
|
|
|
state: present
|
|
|
|
|
update_cache: yes
|
|
|
|
|
|
|
|
|
|
- name: Obtenir un certificat SSL avec Certbot
|
|
|
|
|
command: >
|
2026-02-11 20:09:03 +01:00
|
|
|
certbot --nginx -d {{ intranet.nginx.domain_name }} --non-interactive --agree-tos --email {{ intranet.nginx.email }} --redirect
|
2026-02-10 08:49:44 +01:00
|
|
|
notify: Redémarrer Nginx
|
|
|
|
|
|
|
|
|
|
handlers:
|
|
|
|
|
- name: Redémarrer Nginx
|
|
|
|
|
service:
|
|
|
|
|
name: nginx
|
|
|
|
|
state: restarted
|
