Using Ansible for Hosting a Blog on a Cloud Server

Creating Hetzner Cloud Server

Installing Nginx

- name: Install nginx
gather_facts: true
- admantium
- nginx
become: true
nginx_install_from: 'os_repository'
nginx_repository: deb stretch nginx
nginx_main_upload_enable: true
nginx_main_upload_src: config/nginx.conf
nginx_main_upload_dest: /etc/nginx/
nginx_http_upload_enable: true
nginx_http_upload_src: config/http/*.conf
nginx_http_upload_dest: /etc/nginx/conf.d/
- nginxinc.nginx

Get Certificates with Let’s Encrypt

apt-get install certbot python-certbot-nginx
certbot certonly --nginx
server {
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;

Securing the Web Server

  • Only allow TLSv1.2 and TLSv1.3, older version have been compromised
  • Configure the server to offer a carefully selected set of ssl_ciphers and tell the client to select one of them
  • Set the Strict-Transport-Security header, and proper redirects, to only allow TLS connections.
# SSL Settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp521r1:secp384r1;
add_header Strict-Transport-Security "max-age=15768000; preload" always;




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store