The role implements the following:

* Installs and configures nginx with a single, default vhost with a small static

  index page.

* Deploys the HTTPS TLS private key and certificate (for default vhost).

* Configures firewall to allow incoming connections to the web server.

* Installs and configures virtualenv and virtualenvwrapper as a common base for

  Python apps.

* Installs and configures PHP FPM as a common base for PHP apps.

  Title for the default web page shown to users (if no other vhosts were matched).

**web_default_message** (string, optional, ``You are attempting to access the web server using a wrong name or an IP address. Please check your URL.``)

  Message for the default web page shown to users (if no other vhosts were

  matched).

Examples

~~~~~~~~

Here is an example configuration for setting-up web server:

default_enforce_https: True

default_https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + ansible_fqdn + '_https.pem') }}"

default_https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + ansible_fqdn + '_https.key') }}"

web_default_title: "Welcome"

web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."

- name: Remove TLS protocol configuration from the main configuration file

  lineinfile: dest="/etc/nginx/nginx.conf" backrefs=yes regexp="^ssl_protocols" state=absent

  notify:

    - Restart nginx

- name: Harden TLS by allowing only TLSv1.2 and PFS ciphers

  notify:

    - Restart nginx

- name: Deploy script for verification of nginx vhost configurations

  copy: src="nginx_verify_site.sh" dest="/usr/local/bin/nginx_verify_site.sh"

        owner=root group=root mode=755