Build NGINX Server / Firewalld with Ansible

ssh-copy-id root@

ssh-copy-id root@

You should now be able to SSH into the host without a password you can try this

ssh root@

Configure your ansible host these are in /etc/ansible/hosts


cd to /etc/ansible/playbook place the below in this directory, along with index.html

    <title>Welcome to ansible</title>
  <h1>nginx, configured by Ansible</h1>
  <p>If you can see this, Ansible successfully installed nginx.</p>

  <p>{{ ansible_managed }}</p>

- name: Install nginx
  hosts: testserver
  become: true

  - name: Add epel-release repo
      name: epel-release
      state: present

  - name: Install nginx
      name: nginx
      state: present

  - name: Insert Index Page
      src: index.html
      dest: /usr/share/nginx/html/index.html

  - name: Start NGiNX
      name: nginx
      state: started

  - firewalld:
      service: https
      permanent: yes
      state: enabled

  - firewalld:
     zone: public
     service: http
     permanent: yes
     state: enabled

  - name: Bounce firewalld
      name: firewalld
      state: restarted

Run your playbook with

ansible-playbook build-nginx-firewalld.yml

We can verity on the remote machine that the above has been configured on the remote machine

[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  services: dhcpv6-client http https ssh
  masquerade: no
  rich rules:

[root@localhost ~]# systemctl status nginx
● nginx.service – The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset : disabled)
Active: active (running) since Wed 2020-08-26 11:10:27 BST; 3h 38min ago
Process: 18598 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 18595 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 18594 ExecStartPre=/usr/bin/rm -f /run/ (code=exited, status =0/SUCCESS)
Main PID: 18600 (nginx)
CGroup: /system.slice/nginx.service
├─18600 nginx: master process /usr/sbin/nginx
└─18601 nginx: worker process

Aug 26 11:10:27 localhost.localdomain systemd[1]: Starting The nginx HTTP and…
Aug 26 11:10:27 localhost.localdomain nginx[18595]: nginx: the configuration …
Aug 26 11:10:27 localhost.localdomain nginx[18595]: nginx: configuration file…
Aug 26 11:10:27 localhost.localdomain systemd[1]: Failed to parse PID from fi…
Aug 26 11:10:27 localhost.localdomain systemd[1]: Started The nginx HTTP and …
Hint: Some lines were ellipsized, use -l to show in full

This verifies that the firewalld configuration has been applied to the remote host as configured in our playbook

You can also web browser to your NGINX server via the IP, index.html should then be shown as below.

Leave a Reply

Your email address will not be published. Required fields are marked *