Php website automated using an ansible playbook with the lets encrypt or Buypass free SSL on the domain
This GitHub repository contains a playbook that enables easy deployment of a Git-based PHP website using an Nginx role. The playbook allows users to choose their desired SSL configuration by utilizing ACME validation and modifying the ACME directory. The playbook uses an acme module along with openssl_privatekey and openssl_csr ansible modules. You can execute the playbook by declaring the variable in the command line or in main.yml under the vars section at the play level. By default the playbook uses the free lets encrypt SSL
ansible-playbook -i inventory main.yml -e domain_name="<domain name>" -e git_url="<git repo url>"
If you would like to have Buypass free SSL, please execute the below command or make necessary changes in main.yml* under the vars section at the play level
ansible-playbook -i inventory main.yml -e domain_name="<domain name>" -e acme_directory="https://api.buypass.com/acme/directory" -e git_url="<git repo url>"
Please look into the repository Github repo for the complete code and it's sample output in below video.
Sampl.Output.webm
The main playbook in this repository, main.yml, automates the process of deploying a PHP website hosted on Git to a remote server. The playbook utilizes the Nginx role and performs the following tasks:
- Clones the Git repository containing the website contents to the remote server.
- Copies the contents to the default document root directory, /var/www/html/{{ domain_name }}.
- Restarts Nginx to enable Let's Encrypt validation.
- Creates a directory structure for Let's Encrypt SSL certificates under /etc/nginx/ssl.
- Generates an account key for the ACME module.
- Generates a private key for the specified domain.
- Generates a certificate signing request (CSR) with the domain name.
- Performs the first challenge for the domain using the CSR and account key.
- Creates the .well-known/acme-challenge directory for HTTP-01 challenges.
- Copies the HTTP-01 challenges to the /.well-known/acme-challenge directory.
- Performs the final Let's Encrypt verification and saves the full chain certificate file.
- Activates SSL in the Nginx configuration file for the specified domain
I'm using amazon linux 2023 and I've installed the ansible using pip3
sudo yum install python3-pip git -y
sudo pip3 install ansible
A sample video has been made to guide you.