diff --git a/roles/web_server/tasks/main.yml b/roles/web_server/tasks/main.yml
index c72ce0d1f345d1ae4c426a1864e340dd2dccbf7b..bf4007f07e4f4a3b3319589d697eb4dfa1d52448 100644
--- a/roles/web_server/tasks/main.yml
+++ b/roles/web_server/tasks/main.yml
@@ -10,19 +10,19 @@
- name: Deploy nginx TLS private key
copy: dest="/etc/ssl/private/{{ ansible_fqdn }}_https.key" content="{{ default_https_tls_key }}"
- mode=640 owner=root group=root
+ mode=0640 owner=root group=root
notify:
- Restart nginx
- name: Deploy nginx TLS certificate
copy: dest="/etc/ssl/certs/{{ ansible_fqdn }}_https.pem" content="{{ default_https_tls_certificate }}"
- mode=644 owner=root group=root
+ mode=0644 owner=root group=root
notify:
- Restart nginx
- name: Deploy configuration file for checking certificate validity via cron
copy: content="/etc/ssl/certs/{{ ansible_fqdn }}_https.pem" dest="/etc/check_certificate/{{ ansible_fqdn }}_https.conf"
- owner=root group=root mode=644
+ owner=root group=root mode=0644
- name: Remove TLS protocol configuration from the main configuration file
lineinfile: dest="/etc/nginx/nginx.conf" backrefs=yes regexp="^\s*ssl_protocols" state=absent
@@ -31,17 +31,17 @@
- name: Harden TLS by allowing only TLSv1.2 and PFS ciphers
template: dest="/etc/nginx/conf.d/tls.conf" src="tls.conf.j2"
- owner="root" group="root" mode=644
+ owner="root" group="root" mode=0644
notify:
- Restart nginx
- name: Deploy script for verification of nginx vhost configurations
copy: src="nginx_verify_site.sh" dest="/usr/local/bin/nginx_verify_site.sh"
- owner=root group=root mode=755
+ owner=root group=root mode=0755
- name: Deploy default vhost configuration
template: src="nginx-default.j2" dest="/etc/nginx/sites-available/default"
- owner=root group=root mode=640 validate="/usr/local/bin/nginx_verify_site.sh -n default %s"
+ owner=root group=root mode=0640 validate="/usr/local/bin/nginx_verify_site.sh -n default %s"
notify:
- Restart nginx
@@ -52,7 +52,7 @@
- Restart nginx
- name: Deploy firewall configuration for web server
- copy: src="ferm_http.conf" dest="/etc/ferm/conf.d/30-web.conf" owner=root group=root mode=640
+ copy: src="ferm_http.conf" dest="/etc/ferm/conf.d/30-web.conf" owner=root group=root mode=0640
notify:
- Restart ferm
@@ -64,11 +64,11 @@
- name: Create directory for storing the default website page
file: path="/var/www/default/" state=directory
- owner=root group=www-data mode=750
+ owner=root group=www-data mode=0750
- name: Deploy the default index.html
template: src="index.html.j2" dest=/var/www/default/index.html
- owner=root group=www-data mode=640
+ owner=root group=www-data mode=0640
- name: Enable nginx service
service: name=nginx enabled=yes state=started
@@ -81,14 +81,14 @@
- name: Create directories for storing per-site socket files
file: path="{{ item }}" state="directory"
- owner="root" group="www-data" mode="750"
+ owner="root" group="www-data" mode="0750"
with_items:
- "/run/wsgi/"
- "/run/php5-fpm/"
- name: Create directories for storing per-site socket files on boot
copy: content="d /run/{{ item }}/ 0750 root www-data - -" dest="/etc/tmpfiles.d/{{ item }}.conf"
- owner="root" group="root" mode=644
+ owner="root" group="root" mode=0644
with_items:
- wsgi
- php5-fpm
@@ -100,11 +100,11 @@
- name: Create directory for storing PHP FPM service configuration overrides
file: path="/etc/systemd/system/php5-fpm.service.d/" state=directory
- owner=root group=root mode=755
+ owner=root group=root mode=0755
- name: Configure php5-fpm service to run with umask 0007
copy: src="php5_fpm_umask.conf" dest="/etc/systemd/system/php5-fpm.service.d/umask.conf"
- owner=root group=root mode=644
+ owner=root group=root mode=0644
notify:
- Restart php5-fpm
@@ -117,7 +117,7 @@
- name: Configure timezone for PHP
template: src="php_timezone.ini.j2" dest="{{ item }}/30-timezone.ini"
- owner=root group=root mode=644
+ owner=root group=root mode=0644
with_items:
- /etc/php5/cli/conf.d/
- /etc/php5/fpm/conf.d/