From 3efd10d119525fb8c91abf18440554e6f9976c67 Mon Sep 17 00:00:00 2001 From: Sebastian Gumprich Date: Sat, 8 Sep 2018 14:59:13 +0200 Subject: [PATCH] use restart instead of reload, fix syntax --- handlers/main.yml | 6 +++-- tasks/main.yml | 57 +++++++++++++++++++++++++++++------------------ 2 files changed, 39 insertions(+), 24 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index e2dd289..97c58cb 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,2 +1,4 @@ -- name: reload nginx - service: name={{ nginx_service_name }} state=reloaded +- name: restart nginx + service: + name: "nginx" + state: restarted diff --git a/tasks/main.yml b/tasks/main.yml index e902dbe..b285c26 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,58 +10,71 @@ - name: create additional configuration template: src: "hardening.conf.j2" - dest: "{{ nginx_config_conf_dir }}/90.hardening.conf" + dest: "/etc/nginx/conf.d/90.hardening.conf" owner: "root" group: "root" - notify: reload nginx + notify: restart nginx - name: change configuration in main nginx.conf lineinfile: dest: "/etc/nginx/nginx.conf" - regexp: "^\\s*server_tokens" - line: "server_tokens {{ nginx_server_tokens }};" + regexp: '^\s*server_tokens' + line: " server_tokens {{ nginx_server_tokens }};" insertafter: "http {" - notify: reload nginx + notify: restart nginx - name: change ssl_protocols in main nginx.conf - lineinfile: dest="/etc/nginx/nginx.conf" regexp="^\s*ssl_protocols" line="ssl_protocols {{nginx_ssl_protocols}};" insertafter="http {" - notify: reload nginx + lineinfile: + dest: "/etc/nginx/nginx.conf" + regexp: '^\s*ssl_protocols' + line: " ssl_protocols {{nginx_ssl_protocols}};" + insertafter: "http {" + notify: restart nginx - name: change ssl_prefer_server_ciphers in main nginx.conf - lineinfile: dest="/etc/nginx/nginx.conf" regexp="^\s*ssl_prefer_server_ciphers" line="ssl_prefer_server_ciphers {{nginx_ssl_prefer_server_ciphers}};" insertafter="http {" - notify: reload nginx + lineinfile: + dest: "/etc/nginx/nginx.conf" + regexp: '^\s*ssl_prefer_server_ciphers' + line: " ssl_prefer_server_ciphers {{nginx_ssl_prefer_server_ciphers}};" + insertafter: "http {" + notify: restart nginx - name: change client_max_body_size in main nginx.conf lineinfile: dest: "/etc/nginx/nginx.conf" - regexp: "^\\s*client_max_body_size" - line: "client_max_body_size {{ nginx_client_max_body_size }};" + regexp: '^\s*client_max_body_size' + line: " client_max_body_size {{ nginx_client_max_body_size }};" insertafter: "http {" - notify: reload nginx + notify: restart nginx - name: change client_body_buffer_size in main nginx.conf lineinfile: dest: "/etc/nginx/nginx.conf" - regexp: "^\\s*client_body_buffer_size" - line: "client_body_buffer_size {{ nginx_client_body_buffer_size }};" + regexp: '^\s*client_body_buffer_size' + line: " client_body_buffer_size {{ nginx_client_body_buffer_size }};" insertafter: "http {" - notify: reload nginx + notify: restart nginx - name: change keepalive_timeout in main nginx.conf lineinfile: dest: "/etc/nginx/nginx.conf" - regexp: "^\\s*keepalive_timeout" - line: "keepalive_timeout {{ nginx_keepalive_timeout }};" + regexp: '^\s*keepalive_timeout' + line: " keepalive_timeout {{ nginx_keepalive_timeout }};" insertafter: "http {" - notify: reload nginx + notify: restart nginx - name: remove default.conf file: - path: "{{ nginx_default_conf }}" + path: "{{ item }}" state: absent when: nginx_remove_default_site - notify: reload nginx + notify: restart nginx + loop: + - "/etc/nginx/conf.d/default.conf" + - "/etc/nginx/sites-enabled/default" - name: generate dh group - command: openssl dhparam -out {{ nginx_dh_param }} {{ nginx_dh_size }} creates={{ nginx_dh_param }} - notify: reload nginx + command: "openssl dhparam -out /etc/nginx/dh{{nginx_dh_size}}.pem {{ nginx_dh_size }}" + args: + creates: "/etc/nginx/dh{{nginx_dh_size}}.pem" + notify: restart nginx