roles/ssh-nginx-multiplex/tasks/ssh_nginx_setup.yaml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

- block: 
  - name: install required packages
    apt:
      name:
        - openssl
        - nginx
        - sslh
        - ufw
      state: present
      update_cache: true
  
  - name: deploy index.html
    template:
      src: index.html.j2
      dest: /var/www/html/index.html
      owner: www-data
      group: www-data
      mode: '0644'
  
  - name: ensure /var/www/html directory permissions
    file:
      path: /var/www/html
      state: directory
      owner: www-data
      group: www-data
      mode: '0755'

  - name: generate self-signed ssl certificate
    command: >
      openssl req -x509 -nodes -days 365 -newkey rsa:2048
      -keyout /etc/ssl/private/nginx-selfsigned.key
      -out /etc/ssl/certs/nginx-selfsigned.crt
      -subj "/CN=localhost"
    args:
      creates: /etc/ssl/certs/nginx-selfsigned.crt
  
  - name: deploy nginx.conf
    template:
      src: nginx.conf.j2
      dest: /etc/nginx/nginx.conf
      owner: root
      group: root
      mode: '0644'
    notify: restart nginx
  
  - name: deploy sslh config file
    template:
      src: sslh.j2
      dest: /etc/default/sslh
      owner: root
      group: root
      mode: '0644'
    notify: restart sslh

  - name: allow ssh port and enable ufw
    ufw:
      rule: allow
      port: "{{ internal_sshd_port }}"
      proto: tcp
    notify: 
      - enable ufw
      - restart ufw
  
  - name: allow http port and enable ufw
    ufw:
      rule: allow
      port: "{{ public_sslh_port }}"
      proto: tcp
    notify:
      - enable ufw
      - restart ufw

  when:
    - public_sslh_port is defined
    - internal_nginx_port is defined
    - internal_sshd_port is defined