The ``web_server`` role can be used for setting-up a web server on destination

machine.

The role is supposed very lightweight, providing a basis for deployment of web

applications.

The role implements the following:

* Installs and configures nginx with a single, default vhost with a small static

  index page.

* Deploys the HTTPS TLS private key and certificate (for default vhost).

* Configures firewall to allow incoming connections to the web server.

Parameters

~~~~~~~~~~

**https_tls_key** (string, mandatory)

  Path to file on Ansible host that contains the private key used for TLS for

  HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.

**https_tls_certificate** (string, mandatory)

  Path to file on Ansible host that contains the X.509 certificate used for TLS

  for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.

---

- name: Restart nginx

    - /var/www/html/index.nginx-debian.html

    - /var/www/html/

- name: Create directory for storing the default website page

  file: path="/var/www/default/" state=directory

        owner=root group=www-data mode=750

- name: Deploy the default index.html

  template: src="index.html.j2" dest=/var/www/default/index.html

            owner=root group=www-data mode=640

- name: Enable nginx service

    password: '$6$cJnUatae7cMz23fl$O3HE2TslnEaKaTDSZnvuDDrfqILAiuMV1wOPGVnkUQFxUu3gIWZOyO7AI1OWYkqeQMVBiezpSqYNiQy6NF6bi0'

os_groups:

  - name: office

    gid: 2000

  - name: developer

    gid: 2001

common_packages:

  - emacs24-nox

  - screen

  - debconf-utils

ca_certificates:

  - "{{ inventory_dir }}/tls/example_ca_chain.pem"

incoming_connection_limit: 2/second

incoming_connection_limit_burst: 6