namespace :nginx do
task :install do on roles :web, :api do execute "#{apt_nointeractive} nginx" execute 'sudo sed -i "s/# server_names_hash_bucket_size 64/server_names_hash_bucket_size 64/" /etc/nginx/nginx.conf' template 'vhost.conf', '/etc/nginx/conf.d/vhost.conf' invoke 'nginx:restart' end end task :cert do on roles(:web, :api) do |host| run_locally do run_in host, <<-EOBLOCK sudo apt update sudo apt install certbot python3-certbot-nginx -y sudo certbot --nginx -m admin@#{host.hostname} --non-interactive --agree-tos --domains #{host.hostname} EOBLOCK end end end task :ssl do on roles(:web, :api) do |host| execute <<-EOBLOCK cd /etc/ssl/certs openssl dhparam -out dhparam.pem 4096 EOBLOCK template 'vhost_ssl.conf', '/etc/nginx/conf.d/vhost.conf' invoke 'nginx:restart' end end %w(start stop restart status).each do |action| desc "Nginx" task :"#{action}" do on roles(:web, :api) do execute "sudo service nginx #{action}" end end end
end