jackregnart/dhis2-nginx-ansible.yml

## dhis2-nginx-ansible.yml
---
- hosts: dhis
  become: true
  gather_facts: no

  pre_tasks:
    - raw: apt-get install -y python-simplejson

  tasks:
    - name: install letsencrypt
      apt: name=letsencrypt state=latest

    - name: create letsencrypt directory
      file: name=/var/www/letsencrypt state=directory

    - name: Remove default nginx config
      file: name=/etc/nginx/sites-enabled/default state=absent

    - name: Install system nginx config
      template:
        src: nginx-http.conf
        dest: /etc/nginx/nginx.conf

    - name: Creating sites-enabled dir
      file:
        path: /etc/nginx/sites-enabled
        state: directory

    - name: Creating cache/nginx dir
      file:
        path: /var/cache/nginx
        state: directory

    - name: Install nginx site for letsencrypt requests
      template:
        src: nginx-ssl.conf
        dest: /etc/nginx/sites-enabled/http

    - name: Reload nginx to activate letsencrypt site
      service: name=nginx state=restarted

    - name: Create letsencrypt certificate
      shell: letsencrypt certonly -n --webroot -w /var/www/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ ansible_host }}
      args:
        creates: /etc/letsencrypt/live/{{ ansible_host }}

    - name: Generate dhparams
      shell: openssl dhparam -out /etc/nginx/dhparams.pem 2048
      args:
        creates: /etc/nginx/dhparams.pem

    - name: Install nginx site for specified site
      template:
        src: "{{ https_config }}"
        dest: /etc/nginx/sites-enabled/dhis2

    - name: Reload nginx to activate specified site
      service:
        name: nginx
        state: restarted
        use: service

    - name: Add letsencrypt cronjob for cert renewal
      cron:
        name: letsencrypt_renewal
        special_time: weekly
        job: letsencrypt --renew certonly -n --webroot -w /var/www/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ ansible_host }} && service nginx reload
	---
	- hosts: dhis
	become: true
	gather_facts: no

	pre_tasks:
	- raw: apt-get install -y python-simplejson

	tasks:
	- name: install letsencrypt
	apt: name=letsencrypt state=latest

	- name: create letsencrypt directory
	file: name=/var/www/letsencrypt state=directory

	- name: Remove default nginx config
	file: name=/etc/nginx/sites-enabled/default state=absent

	- name: Install system nginx config
	template:
	src: nginx-http.conf
	dest: /etc/nginx/nginx.conf

	- name: Creating sites-enabled dir
	file:
	path: /etc/nginx/sites-enabled
	state: directory

	- name: Creating cache/nginx dir
	file:
	path: /var/cache/nginx
	state: directory

	- name: Install nginx site for letsencrypt requests
	template:
	src: nginx-ssl.conf
	dest: /etc/nginx/sites-enabled/http

	- name: Reload nginx to activate letsencrypt site
	service: name=nginx state=restarted

	- name: Create letsencrypt certificate
	shell: letsencrypt certonly -n --webroot -w /var/www/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ ansible_host }}
	args:
	creates: /etc/letsencrypt/live/{{ ansible_host }}

	- name: Generate dhparams
	shell: openssl dhparam -out /etc/nginx/dhparams.pem 2048
	args:
	creates: /etc/nginx/dhparams.pem

	- name: Install nginx site for specified site
	template:
	src: "{{ https_config }}"
	dest: /etc/nginx/sites-enabled/dhis2

	- name: Reload nginx to activate specified site
	service:
	name: nginx
	state: restarted
	use: service

	- name: Add letsencrypt cronjob for cert renewal
	cron:
	name: letsencrypt_renewal
	special_time: weekly
	job: letsencrypt --renew certonly -n --webroot -w /var/www/letsencrypt -m {{ letsencrypt_email }} --agree-tos -d {{ ansible_host }} && service nginx reload