1 files changed, 35 insertions, 28 deletions

diff --git a/roles/common-web/tasks/main.yml b/roles/common-web/tasks/main.yml
index d2b2acd..f059bfc 100644
--- a/roles/common-web/tasks/main.yml
+++ b/roles/common-web/tasks/main.yml
@@ -1,61 +1,68 @@
 - name: Install Nginx
-  apt: pkg=nginx
+  apt: pkg=nginx-light
 
 - name: Limit Nginx logging
   lineinfile: "dest=/etc/logrotate.d/nginx create=yes
                regexp='^\\s*rotate\\s'
-               line='\trotate 1'"
+               line='\trotate 7'"
   tags:
     - logrotate
 
-- name: Delete /etc/nginx/sites-{available,enabled}/default
-  file: path=/etc/nginx/sites-{{ item }}/default state=absent
-  with_items:
-    - enabled
-    - available
-
-- name: Create directory /etc/nginx/{fastcgi,ssl}
-  file: path=/etc/nginx/{{ item }}
-        state=directory
-        owner=root group=root
-        mode=0755
-  with_items:
-    - fastcgi
-    - ssl
-
-- name: Copy fastcgi parameters
-  copy: src=etc/nginx/fastcgi/{{ item }}
-        dest=/etc/nginx/fastcgi/{{ item }}
+- name: Copy fastcgi parameters and SSL configuration snippets
+  copy: src=etc/nginx/snippets/{{ item }}
+        dest=/etc/nginx/snippets/{{ item }}
         owner=root group=root
         mode=0644
   register: r1
   with_items:
-    - params
-    - php
-    - php-ssl
+    - fastcgi.conf
+    - fastcgi-php.conf
+    - fastcgi-php-ssl.conf
+    - ssl.conf
+    - headers.conf
   notify:
     - Restart Nginx
 
-- name: Copy SSL configuration
-  copy: src=etc/nginx/ssl/config
-        dest=/etc/nginx/ssl/config
+- name: Copy /etc/nginx/sites-available/default
+  copy: src=etc/nginx/sites-available/default
+        dest=/etc/nginx/sites-available/default
         owner=root group=root
         mode=0644
   register: r2
   notify:
     - Restart Nginx
 
+- name: Create /etc/nginx/sites-enabled/default
+  file: src=../sites-available/default
+        dest=/etc/nginx/sites-enabled/default
+        owner=root group=root
+        state=link force=yes
+  register: r3
+  notify:
+    - Restart Nginx
+
 - name: Add .asc to text/plain MIME types
   lineinfile: dest=/etc/nginx/mime.types
               regexp='^(\s*text/plain\s+)'
               backrefs=yes
               line='\1txt asc;'
-  register: r3
+  register: r4
+  notify:
+    - Restart Nginx
+
+# WARN Bullseye: nginx >=1.15.1 uses font/woff and font/woff2 (cf. https://trac.nginx.org/nginx/ticket/1243)
+# however Bootstrap(?) appears to query resources with "Accept: application/font-woff" resp. application/font-woff2.
+# Unfortunately it also uses "Accept-Encoding: identity" so the resource isn't compressed...
+- name: Fix MIME type for woff
+  lineinfile: dest=/etc/nginx/mime.types
+              insertafter='^\s*\S+\s\s+woff;'
+              line='    application/font-woff2                woff2;'
+  register: r5
   notify:
     - Restart Nginx
 
 - name: Start Nginx
   service: name=nginx state=started
-  when: not (r1.changed or r2.changed or r3.changed)
+  when: not (r1.changed or r2.changed or r3.changed or r4.changed or r5.changed)
 
 - meta: flush_handlers