ls-2024-selection/ansible/playbooks/01-secure-nginx-server.yml

---
- name: Secure Nginx Web Server
  hosts: your_web_server
  become: yes
  tasks:
    - name: Copy nginx configuration file with XSS protection and dot file access denial
      template:
        src: nginx_secure_config.j2
        dest: /etc/nginx/sites-available/default
      notify:
        - Reload Nginx

    - name: Ensure nginx snakeoil.conf is included
      lineinfile:
        path: /etc/nginx/sites-available/default
        regexp: '^include snippets/snakeoil.conf;'
        line: 'include snippets/snakeoil.conf;'
      notify:
        - Reload Nginx

    - name: Ensure nginx PHP location is configured correctly
      lineinfile:
        path: /etc/nginx/sites-available/default
        regexp: '^location ~ \.php\$ {'
        line: 'location ~ \.php$ {'
      notify:
        - Reload Nginx

  handlers:
    - name: Reload Nginx
      systemd:
        name: nginx
        state: restarted
Add ansible playbooks 2024-02-02 12:18:11 +01:00			`---`
			`- name: Secure Nginx Web Server`
			`hosts: your_web_server`
			`become: yes`
			`tasks:`
			`- name: Copy nginx configuration file with XSS protection and dot file access denial`
			`template:`
			`src: nginx_secure_config.j2`
			`dest: /etc/nginx/sites-available/default`
			`notify:`
			`- Reload Nginx`

			`- name: Ensure nginx snakeoil.conf is included`
			`lineinfile:`
			`path: /etc/nginx/sites-available/default`
			`regexp: '^include snippets/snakeoil.conf;'`
			`line: 'include snippets/snakeoil.conf;'`
			`notify:`
			`- Reload Nginx`

			`- name: Ensure nginx PHP location is configured correctly`
			`lineinfile:`
			`path: /etc/nginx/sites-available/default`
			`regexp: '^location ~ \.php\$ {'`
			`line: 'location ~ \.php$ {'`
			`notify:`
			`- Reload Nginx`

			`handlers:`
			`- name: Reload Nginx`
			`systemd:`
			`name: nginx`
			`state: restarted`