- block: - name: install required packages apt: name: - openssl - nginx - sslh - ufw state: present update_cache: true cache_valid_time: 86400 - name: deploy index.html template: src: index.html.j2 dest: /var/www/html/index.html owner: www-data group: www-data mode: '0644' - name: ensure /var/www/html directory permissions file: path: /var/www/html state: directory owner: www-data group: www-data mode: '0755' - name: generate self-signed ssl certificate command: > openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt -subj "/CN=localhost" args: creates: /etc/ssl/certs/nginx-selfsigned.crt - name: deploy nginx.conf template: src: nginx.conf.j2 dest: /etc/nginx/nginx.conf owner: root group: root mode: '0644' - name: restart nginx systemd: name: nginx state: restarted enabled: true when: ansible_service_mgr == 'systemd' - name: deploy sslh config file template: src: sslh.j2 dest: /etc/default/sslh owner: root group: root mode: '0644' - name: restart sslh systemd: name: sslh state: restarted enabled: true when: ansible_service_mgr == 'systemd' - name: allow ssh port and enable ufw ufw: rule: allow port: "{{ internal_sshd_port }}" proto: tcp - name: allow http port and enable ufw ufw: rule: allow port: "{{ public_sslh_port }}" proto: tcp notify: - enable ufw - restart ufw - name: enable ufw ufw: state: enabled policy: deny - name: restart ufw systemd: name: ufw state: restarted enabled: true when: ansible_service_mgr == 'systemd' when: - public_sslh_port is defined - internal_nginx_port is defined - internal_sshd_port is defined