From 69ec1e9ddeec6eaf5f27621c933e310b92319e26 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Fri, 31 Jul 2020 12:33:22 +0200 Subject: [PATCH] Manage the 'httpd_can_network_connect' seboolean on EL. --- tasks/nginx-rh.yml | 7 +++++++ tasks/nginx-virtualhosts.yml | 16 ++++++++++++---- 2 files changed, 19 insertions(+), 4 deletions(-) diff --git a/tasks/nginx-rh.yml b/tasks/nginx-rh.yml index 57211c2..fa62751 100644 --- a/tasks/nginx-rh.yml +++ b/tasks/nginx-rh.yml @@ -3,5 +3,12 @@ - name: Install the nginx web server yum: pkg=nginx state={{ nginx_package_state }} + - name: nginx must be able to network connect when used as a proxy + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + when: letsencrypt_acme_install is defined and letsencrypt_acme_install + when: ansible_distribution_file_variety == "RedHat" tags: nginx diff --git a/tasks/nginx-virtualhosts.yml b/tasks/nginx-virtualhosts.yml index 1615c60..0380a63 100644 --- a/tasks/nginx-virtualhosts.yml +++ b/tasks/nginx-virtualhosts.yml @@ -23,10 +23,18 @@ - name: Install and enable the nginx virtualhost files on RH based systems block: - - name: Install the nginx virtualhost files - template: src=nginx-virthost.j2 dest=/etc/nginx/conf.d/{{ item.virthost_name }}.conf owner=root group=root mode=0444 - with_items: '{{ nginx_virthosts | default(omit) }}' - notify: Reload nginx + - name: Install the nginx virtualhost files + template: src=nginx-virthost.j2 dest=/etc/nginx/conf.d/{{ item.virthost_name }}.conf owner=root group=root mode=0444 + with_items: '{{ nginx_virthosts | default(omit) }}' + notify: Reload nginx + + - name: nginx must be able to network connect when used as a proxy + seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + with_items: '{{ nginx_virthosts | default(omit) }}' + when: item.proxy_standard_setup is defined and item.proxy_standard_setup when: ansible_distribution_file_variety == "RedHat" tags: [ 'nginx', 'virtualhost' ]