DEV Community

Cover image for Ansible Playbook - Install and Configure Nginx
Daniel Puig Gerarde
Daniel Puig Gerarde

Posted on

Ansible Playbook - Install and Configure Nginx

In today's post, we are going to discuss Ansible, a powerful IT automation tool that can configure systems, deploy software, and orchestrate more advanced IT tasks. We will create a simple Ansible playbook that installs and configures Nginx to host static websites.

Prerequisites
To follow this guide, you need:

  • An Ansible control node: This is the machine where Ansible is installed and from where all tasks and playbooks will be executed. You can install Ansible on a machine running Linux, macOS, or Unix.

  • At least one managed node: This is the host you are managing with Ansible. In our case, this is the server on which we will install Nginx. (In the case of today we will use Ubuntu 22.04 LTS)

  • SSH access from the control node to the managed node(s). For security, it's recommended to use key-based SSH authentication.

  • In this example we will use the access of the user called ubuntu and an Ansible inventory file. The Ansible inventory file is a crucial part of Ansible configurations. It is a text file (usually named 'hosts' by convention, but can be named anything) that defines the hosts and groups of hosts upon which commands, modules, tasks, and playbooks will operate. More details

Steps

  • Create the Nginx Configuration File

On your control node, create a new file called static-site-config:

server {
    listen 80;
    server_name your_domain.com;

    location / {
        root /var/www/html;
        index index.html;
    }
}
Enter fullscreen mode Exit fullscreen mode
  • Create the Ansible Playbook

Playbooks are the language by which Ansible orchestrates, configures, administers, or deploys systems. They are written in YAML.

On your control node, create a new file called nginx-setup.yml and add the following content:

---
- name: Install and configure nginx for static website hosting
  hosts: webservers
  become: yes

  tasks:
    - name: Install nginx
      apt:
        name: nginx
        state: latest
        update_cache: yes

    - name: Add user to group root
      user:
        name: "{{ user }}"
        groups: root
        state: present

    - name: Remove default nginx configuration
      file:
        path: /etc/nginx/sites-enabled/default
        state: absent

    - name: Add nginx configuration
      copy:
        src: <control-node-path-to>/static-site-config
        dest: /etc/nginx/sites-available/
        owner: "{{ user }}"
        group: root
        mode: '0644'

    - name: Enable website configuration
      file:
        src: /etc/nginx/sites-available/static-site-config
        dest: /etc/nginx/sites-enabled/static-site-config
        state: link

    - name: Ensure nginx is running
      systemd:
        name: nginx
        state: started
        enabled: yes
  vars:
    user: "ubuntu"
Enter fullscreen mode Exit fullscreen mode

Replace your_domain.com with your actual domain. This configuration will serve files from the /var/www/html directory.

  • Run the Playbook

After you've defined your inventory and created your playbook and Nginx configuration file, you can run the playbook with the following command:

ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i hosts.ini nginx-setup.yml -u ubuntu
Enter fullscreen mode Exit fullscreen mode

ANSIBLE_HOST_KEY_CHECKING

Host key checking is a security feature of SSH, which is also used by Ansible, as Ansible primarily communicates with the machines it manages via SSH.

The first time you connect to a new host via SSH, you'll see a prompt similar to this:

The authenticity of host 'hostname (192.168.0.1)' can't be established.
ECDSA key fingerprint is SHA256:3w1zq...Do you want to continue connecting (yes/no)?
Enter fullscreen mode Exit fullscreen mode

If you answer "yes", the host's key is added to the known_hosts file in your .ssh directory. Any subsequent SSH connections to this host will not prompt you again.

This mechanism is designed to prevent man-in-the-middle attacks. If a host's key changes (which could indicate that you're connecting to a different machine impersonating the host you intended to connect to), SSH will warn you and refuse to connect.

By default, Ansible also uses host key checking for the same reason. But in some situations (e.g., when you frequently recreate virtual machines with different keys), it can be inconvenient.

If you want to disable host key checking in Ansible, you can do so by setting the host_key_checking option to False in the Ansible configuration file, or by setting the ANSIBLE_HOST_KEY_CHECKING=False environment variable.

Note that while disabling host key checking can make Ansible easier to use in certain scenarios, it also bypasses an important security feature of SSH, and should only be done if you understand the risks involved.

  • Explain the Playbook

This playbook will do the following:

It targets hosts in the group "webservers". You need to replace this with the actual group or hosts you want to target in your Ansible inventory file.

become: yes tells Ansible to use sudo to execute the commands.

It installs the latest version of Nginx using the apt module.

It removes the default Nginx configuration file.

It copies a new Nginx configuration file from the control node to the managed node. You need to replace <control-node-path-to>/static-site-config with the path to your Nginx configuration file on the control node.

It creates a symbolic link from the sites-available directory to the sites-enabled directory, enabling our new configuration.

It makes sure that the Nginx service is running and will start on boot.

And there you have it. You have just created and run an Ansible playbook to install and configure Nginx for static website hosting. You can now access your static website at your domain.

nginx default page

Top comments (0)