--- - name: Install and configure the nginx web server hosts: webserver become: yes become_user: root vars: admin_email: emi@matchu.dev tasks: - name: Update the apt cache apt: update_cache: yes - name: Install nginx apt: name: nginx - name: Install certbot apt: name: - certbot - python3-certbot-nginx - name: Set up the SSL certificate for analytics.openneo.net command: "certbot certonly --nginx -n --agree-tos --email {{ admin_email }} --domains analytics.openneo.net" - name: Add plausible config file to nginx copy: dest: /etc/nginx/sites-available/plausible.conf content: | server { server_name analytics.openneo.net; listen 80; listen [::]:80; if ($host = analytics.openneo.net) { return 301 https://$host$request_uri; } } server { server_name analytics.openneo.net; listen 443; listen [::]:443 ssl; ssl_certificate /etc/letsencrypt/live/analytics.openneo.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/analytics.openneo.net/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; ssl_session_cache shared:SSL:10m; # https://superuser.com/q/1484466/14127 location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } notify: - Restart nginx - name: Enable plausible config file in nginx file: src: /etc/nginx/sites-available/plausible.conf dest: /etc/nginx/sites-enabled/plausible.conf state: link notify: - Restart nginx handlers: - name: Restart nginx systemd: name: nginx state: restarted