Ansible playbook that configures NGINX and LetsEncrypt/Certbot to host Jekyll-generated websites on Ubuntu Server.
See article here for more info.
---
- name: Configure NGINX and Certbot to host jekyll-generated websites.
hosts: yourdomain.com
remote_user: root
tasks:
- name: add deploy group
group: name=deploy state=present
- name: add deploy user
user: name=deploy groups=deploy,www-data generate_ssh_key=no createhome=yes shell=/bin/bash
- name: ensure ssh directory presence for deploy user
file: path=/home/deploy/.ssh state=directory mode=700 owner=deploy group=deploy
- name: Set up authorized_keys for the deploy user and add your key
authorized_key: user=deploy key="{{ lookup('file', '~/.ssh/your-ssh-key.pub') }}"
- name: create site directory
file: path=/var/www/yourdomain.com owner=deploy group=www-data mode=755 state=directory
- name: update apt
apt: update_cache=yes
- name: install nginx
apt: name=nginx state=present
- name: install certbot
apt: name=certbot state=present
- name: install python3-certbot-nginx
apt: name=python3-certbot-nginx state=present
- name: add nginx vhost config
copy:
dest: "/etc/nginx/sites-available/yourdomain.com"
owner: root
group: root
mode: 644
content: |
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/yourdomain.com;
index index.html;
expires 1d;
}
- name: enable site
file: src=/etc/nginx/sites-available/yourdomain.com dest=/etc/nginx/sites-enabled/yourdomain.com state=link
- name: reload nginx
service: name=nginx state=reloaded
- name: run certbot for site
shell:
cmd: "certbot -n --nginx --agree-tos -m admin@yourdomain.com -d yourdomain.com -d www.yourdomain.com"