Obisidian vault auto-backup: 12-01-2026 13:12:05 on . 7 files edited

2026-01-18 16:47:24 +01:00 · 2026-01-12 13:12:05 +01:00
parent 3bf0affbc5
commit 88e3accaf3
7 changed files with 104 additions and 9 deletions
--- a/.obsidian/workspace.json
+++ b/.obsidian/workspace.json
@@ -206,17 +206,18 @@
  },
  "active": "622da1d4e0ba0f73",
  "lastOpenFiles": [
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/playbook-role-https.yml",
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy_https/handlers/main.yml",
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy_https/handlers",
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy_https/templates/nginx_http.conf.j2",
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy_https/templates/nginx_https.conf.j2",
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy_https/templates",
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy_https/tasks/main.yml",
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy_https/tasks",
+    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy_https",
    "ISEN/Cloud Computing/CIPA4/TP 4 Ansible.md",
    "ISEN/Cloud Computing/CIPA4/TP Ansible/templates/nginx.conf.j2",
    "ISEN/Cloud Computing/CIPA4/TP Ansible/templates",
-    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy/templates/nginx.conf.j2",
-    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy/handlers/main.yml",
-    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy/tasks/main.yml",
-    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/flask_app/tasks/main.yml",
-    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy/templates",
-    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy/tasks",
-    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/nginx_proxy/handlers",
-    "ISEN/Cloud Computing/CIPA4/TP Ansible/roles/flask_app/templates",
    "ISEN/Cloud Computing/CIPA4/Cloud Computing Cours 1.md",
    "ISEN/Cloud Computing/CIPA4/TP 3 Ansible.md",
    "ISEN/Cloud Computing/CIPA4/TP 2 Ansible.md",
--- a/Computing/CIPA4/Cloud
+++ b/Computing/CIPA4/Cloud
@@ -5,4 +5,4 @@ Sujet des tp : https://git.arnaudmorin.fr/arnaud/trainings/src/branch/main/ansib
 TP1: [TP 1 Ansible](TP%201%20Ansible.md)
 TP2: [TP 2 Ansible](TP%202%20Ansible.md)
 TP3: [TP 3 Ansible](TP%203%20Ansible.md)
-TP4: [TP 4 Ansible](TP%204%20Ansible.md)
+TP4: [TP 4 Ansible](TP%204%20Ansible.md)
--- a/Ansible/playbook-role-https.yml
+++ b/Ansible/playbook-role-https.yml
@@ -0,0 +1,13 @@
+---
+- hosts: demo
+  roles:
+    - flask_app
+
+- hosts: localhost
+  become: yes
+  vars:
+    proxy_port: 80
+    flask_port: 8080
+    server_name: "135.125.246.84.xip.opensteak.fr"
+  roles:
+    - role: nginx_proxy_https
--- a/Ansible/roles/nginx_proxy_https/handlers/main.yml
+++ b/Ansible/roles/nginx_proxy_https/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Restart Nginx
+  service:
+    name: nginx
+    state: restarted
--- a/Ansible/roles/nginx_proxy_https/tasks/main.yml
+++ b/Ansible/roles/nginx_proxy_https/tasks/main.yml
@@ -0,0 +1,47 @@
+---
+- name: Installer Nginx et Certbot
+  apt:
+    name:
+      - nginx
+      - certbot
+      - python3-certbot-nginx
+    state: present
+    update_cache: yes
+
+- name: Vérifier si le certificat existe
+  stat:
+    path: /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
+  register: cert_file
+
+- name: Configurer Nginx (HTTP temporaire pour Certbot)
+  template:
+    src: nginx_http.conf.j2
+    dest: /etc/nginx/sites-available/{{ server_name }}
+  when: not cert_file.stat.exists
+  notify: Restart Nginx
+
+- name: Activer la configuration du site
+  file:
+    src: /etc/nginx/sites-available/{{ server_name }}
+    dest: /etc/nginx/sites-enabled/{{ server_name }}
+    state: link
+  notify: Restart Nginx
+
+- name: Forcer le redémarrage de Nginx pour prise en compte
+  meta: flush_handlers
+
+- name: Obtenir le certificat SSL
+  command: certbot certonly --nginx -d {{ server_name }} --non-interactive --agree-tos --email admin@{{ server_name }}
+  when: not cert_file.stat.exists
+
+- name: Vérifier de nouveau le certificat
+  stat:
+    path: /etc/letsencrypt/live/{{ server_name }}/fullchain.pem
+  register: cert_file_after
+
+- name: Configurer Nginx (HTTPS permanent)
+  template:
+    src: nginx_https.conf.j2
+    dest: /etc/nginx/sites-available/{{ server_name }}
+  when: cert_file_after.stat.exists
+  notify: Restart Nginx
--- a/Ansible/roles/nginx_proxy_https/templates/nginx_http.conf.j2
+++ b/Ansible/roles/nginx_proxy_https/templates/nginx_http.conf.j2
@@ -0,0 +1,10 @@
+server {
+    listen 80;
+    server_name {{ server_name }};
+
+    location / {
+        proxy_pass http://127.0.0.2:{{ flask_port }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}
--- a/Ansible/roles/nginx_proxy_https/templates/nginx_https.conf.j2
+++ b/Ansible/roles/nginx_proxy_https/templates/nginx_https.conf.j2
@@ -0,0 +1,19 @@
+server {
+    listen 80;
+    server_name {{ server_name }};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+    server_name {{ server_name }};
+
+    ssl_certificate /etc/letsencrypt/live/{{ server_name }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ server_name }}/privkey.pem;
+
+    location / {
+        proxy_pass http://127.0.0.2:{{ flask_port }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}