Manage the 'httpd_can_network_connect' seboolean on EL.

2020-07-31 12:33:22 +02:00 · 2020-07-31 12:33:22 +02:00 · 69ec1e9dde
parent 9ea3a30b9f
commit 69ec1e9dde
2 changed files with 19 additions and 4 deletions
--- a/tasks/nginx-rh.yml
+++ b/tasks/nginx-rh.yml
@ -3,5 +3,12 @@
  - name: Install the nginx web server
    yum: pkg=nginx state={{ nginx_package_state }}

+  - name: nginx must be able to network connect when used as a proxy
+    seboolean:
+      name: httpd_can_network_connect
+      state: yes
+      persistent: yes
+    when: letsencrypt_acme_install is defined and letsencrypt_acme_install
+
  when: ansible_distribution_file_variety == "RedHat"
  tags: nginx
--- a/tasks/nginx-virtualhosts.yml
+++ b/tasks/nginx-virtualhosts.yml
@ -23,10 +23,18 @@

 - name: Install and enable the nginx virtualhost files on RH based systems
  block:
-    - name: Install the nginx virtualhost files
-      template: src=nginx-virthost.j2 dest=/etc/nginx/conf.d/{{ item.virthost_name }}.conf owner=root group=root mode=0444
-      with_items: '{{ nginx_virthosts | default(omit) }}'
-      notify: Reload nginx
+  - name: Install the nginx virtualhost files
+    template: src=nginx-virthost.j2 dest=/etc/nginx/conf.d/{{ item.virthost_name }}.conf owner=root group=root mode=0444
+    with_items: '{{ nginx_virthosts | default(omit) }}'
+    notify: Reload nginx
+
+  - name: nginx must be able to network connect when used as a proxy
+    seboolean:
+      name: httpd_can_network_connect
+      state: yes
+      persistent: yes
+    with_items: '{{ nginx_virthosts | default(omit) }}'
+    when: item.proxy_standard_setup is defined and item.proxy_standard_setup

  when: ansible_distribution_file_variety == "RedHat"
  tags: [ 'nginx', 'virtualhost' ]