ansible-base/roles/nginx/tasks/main.json

[
	{
		"name": "install packages",
		"become": true,
		"ansible.builtin.apt": {
			"update_cache": true,
			"pkg": [
				"nginx"
			]
		}
	},
	{
		"name": "generate dhparams file",
		"ansible.builtin.command": "openssl dhparam -out /etc/nginx/dhparam 4096",
		"args": {
			"creates": "/etc/nginx/dhparam"
		}
	},
	{
		"name": "place hardening config",
		"become": true,
		"ansible.builtin.copy": {
			"src": "ssl-hardening.conf",
			"dest": "/etc/nginx/ssl-hardening.conf"
		}
	},
	{
		"name": "restart service",
		"become": true,
		"ansible.builtin.systemd_service": {
			"state": "restarted",
			"name": "nginx"
		}
	}
]
[ini] 2023-11-20 02:07:08 +01:00			`[`
			`{`
			`"name": "install packages",`
			`"become": true,`
			`"ansible.builtin.apt": {`
[fix] role:nginx:apt update 2024-03-20 00:05:42 +01:00			`"update_cache": true,`
[ini] 2023-11-20 02:07:08 +01:00			`"pkg": [`
			`"nginx"`
			`]`
			`}`
			`},`
Harden nginx ssl/tls config According to https://ssl-config.mozilla.org/ 2024-04-19 00:20:46 +02:00			`{`
Generate dhparams instead of using a checked in file 2024-04-20 13:11:26 +02:00			`"name": "generate dhparams file",`
			`"ansible.builtin.command": "openssl dhparam -out /etc/nginx/dhparam 4096",`
			`"args": {`
			`"creates": "/etc/nginx/dhparam"`
Harden nginx ssl/tls config According to https://ssl-config.mozilla.org/ 2024-04-19 00:20:46 +02:00			`}`
			`},`
			`{`
			`"name": "place hardening config",`
			`"become": true,`
			`"ansible.builtin.copy": {`
			`"src": "ssl-hardening.conf",`
			`"dest": "/etc/nginx/ssl-hardening.conf"`
			`}`
			`},`
[ini] 2023-11-20 02:07:08 +01:00			`{`
			`"name": "restart service",`
			`"become": true,`
			`"ansible.builtin.systemd_service": {`
			`"state": "restarted",`
			`"name": "nginx"`
			`}`
			`}`
			`]`