diff --git a/files/nginx/conf/000-default.conf b/files/nginx/conf/000-default.conf
new file mode 100644
index 0000000..d40160a
--- /dev/null
+++ b/files/nginx/conf/000-default.conf
@@ -0,0 +1,69 @@
+server {
+
+ listen 80 default_server;
+ listen [::]:80 default_server;
+
+ server_name _;
+
+ expires off;
+ etag off;
+ if_modified_since off;
+
+ gzip on;
+ gzip_min_length 1000;
+ gzip_proxied any;
+ gzip_types *;
+ gunzip on;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+
+ return 301 https://$host$request_uri/;
+ }
+
+ if ($request_method !~ ^(GET|HEAD|POST)$ )
+ {
+ return 405;
+ }
+}
+
+server {
+
+ listen 443 ssl http2 default_server;
+ listen [::]:443 ssl http2 default_server;
+
+ server_name _;
+
+ ssl_certificate /etc/nginx/certs/mpp/fullchain.pem;
+ ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem;
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM';
+ ssl_prefer_server_ciphers on;
+ ssl_session_cache shared:SSL:20m;
+ ssl_session_timeout 180m;
+
+ ssl_stapling on;
+ ssl_stapling_verify on;
+ ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem;
+
+ expires off;
+ etag off;
+ if_modified_since off;
+
+ gzip on;
+ gzip_min_length 1000;
+ gzip_proxied any;
+ gzip_types *;
+ gunzip on;
+
+ location / {
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ }
+
+ if ($request_method !~ ^(GET|HEAD|POST)$ )
+ {
+ return 405;
+ }
+}
diff --git a/files/nginx/config.conf b/files/nginx/config.conf
new file mode 100644
index 0000000..c3c0a8f
--- /dev/null
+++ b/files/nginx/config.conf
@@ -0,0 +1,31 @@
+user nginx;
+worker_processes 1;
+
+error_log /var/log/nginx/error.log error;
+pid /var/run/nginx.pid;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ log_format main '[$time_local] $host - $remote_addr - $remote_user "$request" '
+ '$status $body_bytes_sent "$http_referer" '
+ '"$http_user_agent" "$http_x_forwarded_for"';
+
+ access_log /var/log/nginx/access.log main;
+
+ server_tokens off;
+
+ sendfile off;
+ #tcp_nopush on;
+
+ keepalive_timeout 65;
+
+ resolver 1.1.1.1;
+
+ include /etc/nginx/conf.d/*.conf;
+}
diff --git a/files/nginx/index.html b/files/nginx/index.html
new file mode 100644
index 0000000..7839b9c
--- /dev/null
+++ b/files/nginx/index.html
@@ -0,0 +1,59 @@
+
+
+
+ {{ ansible_facts.fqdn }}
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tasks/deployer.yml b/tasks/deployer.yml
index b1f684c..f181fa3 100644
--- a/tasks/deployer.yml
+++ b/tasks/deployer.yml
@@ -119,6 +119,61 @@
tags:
- mariadb
+- name: "Deployer - Nginx - Configure - Create Folder"
+ file:
+ path: "/root/nginx/"
+ state: directory
+ tags:
+ - nginx
+
+- name: "Deployer - Nginx - Configure - Create Subfolders"
+ file:
+ dest: '/root/nginx/{{ item.path }}'
+ state: directory
+ with_filetree: './files/nginx/'
+ loop_control:
+ label: "{{ item.path }}"
+ when:
+ - item.state == 'directory'
+ tags:
+ - nginx
+
+- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
+ template:
+ src: '{{ item.src }}'
+ dest: '/root/nginx/{{ item.path }}'
+ with_filetree: './files/nginx/'
+ loop_control:
+ label: "{{ item.path }}"
+ when:
+ - item.state == 'file'
+ tags:
+ - nginx
+
+- name: "Deployer - Nginx - Pull Image"
+ containers.podman.podman_image:
+ name: docker.io/nginx
+ tag: latest
+ register: deployerTask3
+
+- name: "Deployer - Nginx - Run Container"
+ containers.podman.podman_container:
+ name: nginx
+ image: docker.io/nginx
+ state: started
+ recreate: on
+ network: host
+ volumes:
+ - "/root/nginx/index.html:/usr/share/nginx/html/index.html:ro"
+ - "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro"
+ - "/root/nginx/conf/:/etc/nginx/conf.d/:ro"
+ - "/root/certs/:/etc/nginx/certs/:ro"
+ restart_policy: always
+ when:
+ - (deployerTask3 is defined and deployerTask3.changed) or deployerTask3 is undefined
+ tags:
+ - nginx
+
- name: "Deployer - Backend - Git Operations"
git:
repo: git@github.com:MetroHege/MPP-Backend.git