From 63ca4e6a8d58ab19280c5599bb05b9f927e82aeb Mon Sep 17 00:00:00 2001
From: FozzeY <tehfozzey@gmail.com>
Date: Sat, 18 Nov 2023 23:40:42 +0200
Subject: [PATCH] Nginx config

---
 ansible/main.yml   | 11 +++++++++
 ansible/nginx.conf | 58 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 ansible/nginx.conf

diff --git a/ansible/main.yml b/ansible/main.yml
index 55f9a4b..b3d9e21 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -33,6 +33,17 @@
         mode: 0600
       with_fileglob:
         - fozzey_ru.*
+    - name: Copy nginx config
+      copy:
+        src: nginx.conf
+        dest: /etc/nginx/
+        owner: root
+        group: wheel
+        mode: 0644
+      notify:
+      - restart nginx
   handlers:
     - name: restart sshd
       service: name=sshd state=restarted
+    - name: restart nginx
+      service: name=nginx state=restarted
diff --git a/ansible/nginx.conf b/ansible/nginx.conf
new file mode 100644
index 0000000..e433b00
--- /dev/null
+++ b/ansible/nginx.conf
@@ -0,0 +1,58 @@
+# Take note of http://wiki.nginx.org/Pitfalls
+
+#user  www;
+worker_processes  1;
+
+#load_module "modules/ngx_stream_module.so";
+
+#error_log  logs/error.log;
+#error_log  logs/error.log  notice;
+#error_log  logs/error.log  info;
+#error_log  syslog:server=unix:/dev/log,severity=notice;
+
+#pid        logs/nginx.pid;
+
+worker_rlimit_nofile 1024;
+events {
+    worker_connections  800;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    index         index.html index.htm;
+
+    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+    #                  '$status $body_bytes_sent "$http_referer" '
+    #                  '"$http_user_agent" "$http_x_forwarded_for"';
+
+    #access_log  logs/access.log  main;
+    #access_log  syslog:server=unix:/dev/log,severity=notice main;
+
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server_tokens off;
+
+    server {
+	    listen 80 default_server;
+		server_name _;
+		return 301 https://$host$request_uri;
+	}
+
+    HTTPS server
+	
+    server {
+	    listen 443 ssl;
+
+        server_name fozzey.ru;
+        ssl_certificate /etc/ssl/fozzey_ru.crt;
+        ssl_certificate_key /etc/ssl/fozzey_ru.key;
+        root /var/www/htdocs;
+    }
+}