--- - name: Copy webserver files ansible.builtin.copy: src: "{{ item }}" dest: "{{ DATA_ROOT }}/nginx" owner: "{{ USER }}" group: "{{ USER }}" mode: '0644' loop: - www - user_conf.d - inc notify: Restart nginx - name: Setup nginx containers.podman.podman_container: name: webserver image: docker.io/jonasal/nginx-certbot network: "{{ NETWORK }}" ports: - "8080:80" - "8443:443" env: CERTBOT_EMAIL: "johannes@memzero.de" # STAGING: "1" # DEBUG: "1" volumes: # Use 'Z' to privately relable selinux contexts. - "{{ DATA_ROOT }}/nginx/user_conf.d:/etc/nginx/user_conf.d:ro,Z" - "{{ DATA_ROOT }}/nginx/inc:/etc/nginx/inc:ro,Z" - "{{ DATA_ROOT }}/nginx/certs:/etc/letsencrypt:Z" # Use 'z' to shared-ly relable selinux contexts. - "{{ DATA_ROOT }}/nginx/www:/www:ro,z" - name: Forward port 80/443 to 8080/8443 ansible.posix.firewalld: rich_rule: "rule family=ipv4 forward-port port={{ item.from }} protocol=tcp to-port={{ item.to }}" permanent: true immediate: true state: enabled become: true loop: - { from: 80 , to: 8080 } - { from: 443, to: 8443 }