clase 07/03/23

web-automation/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+inventory=inventory
+remote_user=devops

web-automation/deploy_content.yml

@@ -0,0 +1,49 @@
+
+- name: Document root exists for web sites
+  file:
+    path: "/srv/www/{{ item }}"
+    state: directory
+    owner: root
+    mode: '0755'
+  loop: "{{ web_hosts }}"
+
+- name: Index test pages are correct
+  template:
+    src: "index.html.j2"
+    dest: "/srv/www/{{ item }}/index.html"
+  loop: "{{ web_hosts }}"
+
+- name: SELinux policy is correct for web site location
+  sefcontext:
+    target: '/srv/www(/.*)?'
+    setype: httpd_sys_content_t
+    state: present
+
+- name: Correct SELinux file context is on web content
+  file:
+    path: /srv/www
+    state: directory
+    recurse: yes
+    follow: no
+    setype: _default
+
+- name: Virtual host TLS certs in place
+  copy:
+    src: "{{ item }}.crt"
+    dest: "/etc/pki/tls/certs"
+  loop: "{{ web_hosts }}"
+
+- name: Virtual host TLS private keys in place
+  copy:
+    src: "{{ item }}.key"
+    dest: "/etc/pki/tls/private"
+    mode: '0600'
+    owner: root
+    group: root
+  loop: "{{ web_hosts }}"
+
+- name: example.com CA cert in place
+  copy:
+    src: "{{ cacert_file }}"
+    dest: "/etc/pki/tls/certs/{{ cacert_file }}"
+

web-automation/files/cacert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsGgAwIBAgIUOKjPjzHifOZxjYsUUt/UGyCSNfkwDQYJKoZIhvcNAQEL
+BQAwfDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
+VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1FeGFtcGxlLCBJbmMuMSowKAYDVQQDDCFl
+eGFtcGxlLmNvbSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjMwMzA3MDgwNzM0
+WhcNMjQwMzA2MDgwNzM0WjB8MQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGgg
+Q2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxFjAUBgNVBAoMDUV4YW1wbGUsIElu
+Yy4xKjAoBgNVBAMMIWV4YW1wbGUuY29tIENlcnRpZmljYXRlIEF1dGhvcml0eTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQNgc7WXCbPg+ZTthtkPZH
+o20poCBSD6wkWANVMSgi1dNLNJx+X/N+rpC1hjDmQzqTJT1FYiYNhE9teHkg6kkL
+DNbWdWITxL9kYAliaxi+48pWj4ONZIE7x9ymgG50DbVc1fCGAvUCFx+Cfebkroxa
+PVSqG8frg6Vl3sLgruv4gCt7ZJAZKJA2dJ/XbFkZ2YxhD5Uusqxy0qA5mcLHcvDU
+g5seVnDY0S6sR+fvcawm5Rb1hEXeSbxPpKiwOTULN0a1p8SMbuXyhZSRjspR1Tsi
+lPEwnNykM8gk3VhbZTw6zSNEJOjtqcHf+5AQacuUQQgCq8ZVnC0jxJcUabWC6S8C
+AwEAAaNTMFEwHQYDVR0OBBYEFFYHbid6fperMhKwuZi787Y86JGZMB8GA1UdIwQY
+MBaAFFYHbid6fperMhKwuZi787Y86JGZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBABXKHdRy5ZMjQSRKLnRAJq7dTzP+d2f6RHkmpx6aW0mZktNE
+h9PByXI6sYHUJCCWpdLMHu1AXQnHWwPHJCqww+0xoaVZA9cRo7gyWB0T2m3YxpOk
+2ayoC9qTOr5+KWMBxVckxcOWmUv0lxzslD6KOQeGDgmaPJPsruOSoBaeqoY/7FpW
+6xvp/qIzXqsU31oHuDMPnw95+vm3XqcYukgxPTnXkNmUilR+Tw/R37uBzaQxqRqQ
+F0IlX/CrXbCVIp0rMebW1537ZnRVWIm3NWpjlssJulkbD4QiXFoTwHh3uyQG/GaN
+ha4UBNh9vP4nD2eNtWSu/TgKzsgeCtwJlSzNkLE=
+-----END CERTIFICATE-----

web-automation/files/example-ca.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsGgAwIBAgIUOKjPjzHifOZxjYsUUt/UGyCSNfkwDQYJKoZIhvcNAQEL
+BQAwfDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
+VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1FeGFtcGxlLCBJbmMuMSowKAYDVQQDDCFl
+eGFtcGxlLmNvbSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjMwMzA3MDgwNzM0
+WhcNMjQwMzA2MDgwNzM0WjB8MQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGgg
+Q2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxFjAUBgNVBAoMDUV4YW1wbGUsIElu
+Yy4xKjAoBgNVBAMMIWV4YW1wbGUuY29tIENlcnRpZmljYXRlIEF1dGhvcml0eTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQNgc7WXCbPg+ZTthtkPZH
+o20poCBSD6wkWANVMSgi1dNLNJx+X/N+rpC1hjDmQzqTJT1FYiYNhE9teHkg6kkL
+DNbWdWITxL9kYAliaxi+48pWj4ONZIE7x9ymgG50DbVc1fCGAvUCFx+Cfebkroxa
+PVSqG8frg6Vl3sLgruv4gCt7ZJAZKJA2dJ/XbFkZ2YxhD5Uusqxy0qA5mcLHcvDU
+g5seVnDY0S6sR+fvcawm5Rb1hEXeSbxPpKiwOTULN0a1p8SMbuXyhZSRjspR1Tsi
+lPEwnNykM8gk3VhbZTw6zSNEJOjtqcHf+5AQacuUQQgCq8ZVnC0jxJcUabWC6S8C
+AwEAAaNTMFEwHQYDVR0OBBYEFFYHbid6fperMhKwuZi787Y86JGZMB8GA1UdIwQY
+MBaAFFYHbid6fperMhKwuZi787Y86JGZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBABXKHdRy5ZMjQSRKLnRAJq7dTzP+d2f6RHkmpx6aW0mZktNE
+h9PByXI6sYHUJCCWpdLMHu1AXQnHWwPHJCqww+0xoaVZA9cRo7gyWB0T2m3YxpOk
+2ayoC9qTOr5+KWMBxVckxcOWmUv0lxzslD6KOQeGDgmaPJPsruOSoBaeqoY/7FpW
+6xvp/qIzXqsU31oHuDMPnw95+vm3XqcYukgxPTnXkNmUilR+Tw/R37uBzaQxqRqQ
+F0IlX/CrXbCVIp0rMebW1537ZnRVWIm3NWpjlssJulkbD4QiXFoTwHh3uyQG/GaN
+ha4UBNh9vP4nD2eNtWSu/TgKzsgeCtwJlSzNkLE=
+-----END CERTIFICATE-----

web-automation/files/servera.lab.example.com.crt

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 5 (0x5)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., CN=example.com Certificate Authority
+        Validity
+            Not Before: Mar  7 11:06:17 2023 GMT
+            Not After : Sep  3 11:06:17 2023 GMT
+        Subject: C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., CN=servera.lab.example.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:ca:3e:be:bf:22:04:a7:90:e0:1b:25:04:99:30:
+                    1f:db:8e:77:a8:0e:82:fb:b1:9f:c1:4e:81:94:5a:
+                    3c:cb:44:ce:83:f4:88:e8:2e:12:a2:fe:80:f2:14:
+                    9e:23:65:6a:5f:b3:67:1e:65:4c:31:41:fd:df:af:
+                    c7:00:7b:eb:62:3c:9d:3f:1e:bb:ac:6e:70:96:7e:
+                    7c:d7:08:91:c6:bd:6a:bd:b3:10:4f:21:a2:18:3e:
+                    1e:40:75:c7:66:9c:c8:a4:8e:4c:e9:c0:cd:4b:b1:
+                    23:f6:7b:bf:a4:4a:67:17:e7:9c:64:24:32:ac:92:
+                    ac:36:2f:31:df:9b:23:1d:46:36:9f:c3:c3:30:a3:
+                    0c:b0:71:ab:03:a2:62:74:df:f5:8f:41:52:5f:87:
+                    12:94:d1:a1:f7:84:a6:41:e4:61:89:89:92:b3:b4:
+                    ac:39:b0:7c:83:21:92:54:76:ab:22:c6:42:1e:f6:
+                    d9:3c:f4:88:07:b4:f4:69:bd:e3:c6:91:f3:4a:32:
+                    80:75:84:4d:7b:30:d7:fb:0f:23:15:58:bb:be:16:
+                    87:cd:2c:be:e9:7b:bf:9d:79:3a:6e:25:1b:bf:bb:
+                    67:80:05:5b:09:e5:bd:a7:69:3f:5f:5f:30:88:57:
+                    42:ee:db:3d:2b:8d:1b:9a:fa:3c:0b:d9:74:19:51:
+                    27:db
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                E2:BD:33:BA:F8:A5:F1:BD:73:8D:CB:EB:5A:27:FD:D6:47:0D:A8:48
+            X509v3 Authority Key Identifier: 
+                keyid:56:07:6E:27:7A:7E:97:AB:32:12:B0:B9:98:BB:F3:B6:3C:E8:91:99
+
+    Signature Algorithm: sha256WithRSAEncryption
+         b9:89:12:89:ad:60:a0:32:8d:34:4e:60:57:a5:6f:9d:db:d6:
+         01:f2:69:26:e0:93:dd:57:de:45:be:7a:5f:f5:df:14:01:1c:
+         0e:17:22:7e:1b:aa:4a:bf:9b:f1:7a:19:f9:85:ab:16:02:cc:
+         23:b0:b2:e5:af:91:85:b4:20:1e:22:7f:f8:1d:56:65:8b:a5:
+         31:a7:06:d3:27:31:b4:76:92:c5:ca:c8:c4:6f:f7:b8:24:3a:
+         f9:8b:3b:d2:55:2b:2c:2d:94:82:b1:41:01:4c:8b:8b:8f:f1:
+         2e:2f:d1:78:7f:42:15:7c:f1:8c:f4:e1:54:3d:a9:0f:51:6f:
+         8d:97:3f:e6:c1:0c:ba:ea:98:86:15:c8:c6:01:32:38:9e:01:
+         2f:27:84:87:f9:c4:8e:b4:0d:e2:9d:76:aa:36:7c:6c:41:0c:
+         cb:da:a9:fd:17:79:07:b1:04:97:dd:f6:ea:a4:4d:27:07:cc:
+         8e:9c:a1:22:47:2b:5c:a3:a0:50:48:59:3b:40:6f:6d:e6:0f:
+         cf:49:43:17:31:09:bc:3a:12:ea:7a:7b:dd:0c:61:58:aa:32:
+         e3:61:83:89:63:cc:db:a3:7b:ac:4f:56:3d:0e:d9:c9:07:8e:
+         b6:0f:d2:65:15:6a:43:ac:97:06:cd:0a:12:97:cc:78:46:fb:
+         c5:64:5c:2f
+-----BEGIN CERTIFICATE-----
+MIID5DCCAsygAwIBAgIBBTANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzEX
+MBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxFjAUBgNV
+BAoMDUV4YW1wbGUsIEluYy4xKjAoBgNVBAMMIWV4YW1wbGUuY29tIENlcnRpZmlj
+YXRlIEF1dGhvcml0eTAeFw0yMzAzMDcxMTA2MTdaFw0yMzA5MDMxMTA2MTdaMHIx
+CzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBwwH
+UmFsZWlnaDEWMBQGA1UECgwNRXhhbXBsZSwgSW5jLjEgMB4GA1UEAwwXc2VydmVy
+YS5sYWIuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDKPr6/IgSnkOAbJQSZMB/bjneoDoL7sZ/BToGUWjzLRM6D9IjoLhKi/oDyFJ4j
+ZWpfs2ceZUwxQf3fr8cAe+tiPJ0/HrusbnCWfnzXCJHGvWq9sxBPIaIYPh5Adcdm
+nMikjkzpwM1LsSP2e7+kSmcX55xkJDKskqw2LzHfmyMdRjafw8MwowywcasDomJ0
+3/WPQVJfhxKU0aH3hKZB5GGJiZKztKw5sHyDIZJUdqsixkIe9tk89IgHtPRpvePG
+kfNKMoB1hE17MNf7DyMVWLu+FofNLL7pe7+deTpuJRu/u2eABVsJ5b2naT9fXzCI
+V0Lu2z0rjRua+jwL2XQZUSfbAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBTi
+vTO6+KXxvXONy+taJ/3WRw2oSDAfBgNVHSMEGDAWgBRWB24nen6XqzISsLmYu/O2
+POiRmTANBgkqhkiG9w0BAQsFAAOCAQEAuYkSia1goDKNNE5gV6VvndvWAfJpJuCT
+3VfeRb56X/XfFAEcDhcifhuqSr+b8XoZ+YWrFgLMI7Cy5a+RhbQgHiJ/+B1WZYul
+MacG0ycxtHaSxcrIxG/3uCQ6+Ys70lUrLC2UgrFBAUyLi4/xLi/ReH9CFXzxjPTh
+VD2pD1FvjZc/5sEMuuqYhhXIxgEyOJ4BLyeEh/nEjrQN4p12qjZ8bEEMy9qp/Rd5
+B7EEl9326qRNJwfMjpyhIkcrXKOgUEhZO0BvbeYPz0lDFzEJvDoS6np73QxhWKoy
+42GDiWPM26N7rE9WPQ7ZyQeOtg/SZRVqQ6yXBs0KEpfMeEb7xWRcLw==
+-----END CERTIFICATE-----

web-automation/files/servera.lab.example.com.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKPr6/IgSnkOAb
+JQSZMB/bjneoDoL7sZ/BToGUWjzLRM6D9IjoLhKi/oDyFJ4jZWpfs2ceZUwxQf3f
+r8cAe+tiPJ0/HrusbnCWfnzXCJHGvWq9sxBPIaIYPh5AdcdmnMikjkzpwM1LsSP2
+e7+kSmcX55xkJDKskqw2LzHfmyMdRjafw8MwowywcasDomJ03/WPQVJfhxKU0aH3
+hKZB5GGJiZKztKw5sHyDIZJUdqsixkIe9tk89IgHtPRpvePGkfNKMoB1hE17MNf7
+DyMVWLu+FofNLL7pe7+deTpuJRu/u2eABVsJ5b2naT9fXzCIV0Lu2z0rjRua+jwL
+2XQZUSfbAgMBAAECggEAJ0/o/fgb1YKIvV4Ftc0v9BqOUcF4XnpZZlbfQzoDJTPb
+vLSUxCTohHxaDjRJxPGaqr2Rpsvj8pM0SP2+/e4YhADqQ/GyY0MYaXhuxdGpnGsH
+S5Z57hfIjVPNx5PdTaneKnZqpulOPo9RQUEusD2yKmhf8utCWl8sUF/+HsvmGHNM
+Biuxsv3F/g7wJKLc9RDcWA5ypn7T6B3+JPRgdGabf5pMihWzyfJlTZHfijVWADIm
+9OqMIQywqXJ4ATVf4BH7Rv+W8N+zOsZeDNoa6eNV0fqM8hIQKIyoXr7XARH+DqCf
+5aJo0RIqvufvpQC1iipFG8ozDW00fnyL3yNaTo9YQQKBgQDlyZ/shX77vI6Libok
+xK+KWkqG7GB32cbqDJP9hPRbQof0xTjA+5L1xuAircPcUf2c2w6jS4AaHRrqmuoU
+ZyLG9t/cDdOu4+iRgw1wMAMXulL43g6pRjmQHVrbIItnlBXHpwoyF2FNsZRtmtCW
+kHnts7K1VJ0Xms2wmMvePuwI4QKBgQDhUM9rOQcRf6eYYYLD+DdNqvNS9OtvNE1A
+EVABXWasBeZsq0yORD2niEjPH+DiHe2orh+IkKMT0wbZCr7O6/eEFYfv+dVkhlRg
+XikNENEYSFK+AYZqypHOfXY3Ri9lBVnQCDMyryL02iVP3rbxXgPkJqeJ/1MrdHKC
+0Ii5KcKcOwKBgQCLqsNzpaiLJg6WLb5gftQbicnmvGHeNxY6SC7jVx6XIZc1ZXKb
+ic3HaXvuWCPGFGfMITGCe29/b9VeZ46DnDR9LqzeOeFCWfCQEVHnsKcQkwW/kmji
+5nYybEU/D0bsTAv48ES4MZHJAXiwLfs+qM4TdrfWk3lwUX1YK2cuzJv2wQKBgQCB
+bvq4jboRw1NzphCIoz6hz2KYdToKV/FIrKlZH16r03fbVUxVLb59Tz0EPzvgqXCt
+Rdm3id8ktEVqyVFzbPpzVisRIGQFq2UtNuo+Jzr2yBVAMYAWOOgpxsjyV89CKSC+
+8Pb4VsOuBOMKTtapMWjq14nHLHWKsQpXO5RPSj4RoQKBgChyNWP1wfWHkKZOnEVe
+tUjZGIbgFaUKKQRcSB99bpIUprEYiNg4fYPrJoe5Qmu8r4/xkVSbQdWYbQ9JEIcj
+f0NeDiz/cktTLwFx41YY6gU5xgHMs+FI8AwkYmeUs6VjRn9ZgUjoxozt/DDBMJmk
+vOguU/MpTauuI9yAYhCh/fhV
+-----END PRIVATE KEY-----

web-automation/files/serverb.lab.example.com.crt

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 6 (0x6)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., CN=example.com Certificate Authority
+        Validity
+            Not Before: Mar  7 11:06:17 2023 GMT
+            Not After : Sep  3 11:06:17 2023 GMT
+        Subject: C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., CN=serverb.lab.example.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:b6:21:49:3e:0e:1c:bc:a2:65:72:db:06:77:00:
+                    bb:f0:4d:4a:bc:ec:c3:00:00:a0:a5:06:83:29:0d:
+                    95:be:be:88:95:6e:b4:08:7f:6a:4b:69:87:16:0e:
+                    e3:3a:b9:6b:3f:9b:dc:ce:f5:cd:fc:d9:b2:7e:75:
+                    35:44:20:06:86:5e:47:05:39:27:41:31:2a:b4:a0:
+                    3d:af:14:b4:6c:99:4a:14:36:5a:dd:33:ff:34:29:
+                    29:00:48:78:ac:33:ed:d5:6f:00:73:27:5e:ca:8c:
+                    cf:16:45:c7:22:74:81:1e:20:35:6b:c7:6c:08:17:
+                    78:de:19:50:b1:26:dd:fb:b5:4e:16:1d:85:32:34:
+                    71:47:09:fa:0e:d5:9e:9e:80:bf:92:c8:3f:64:35:
+                    4f:fe:45:34:eb:e6:27:85:fe:af:0b:dd:a5:f6:3e:
+                    ae:b2:ba:e2:bd:18:35:d2:6f:9a:d0:c6:32:c0:e5:
+                    a2:a3:b8:a5:83:1a:13:44:6a:f8:ac:8a:02:f5:24:
+                    b0:e7:a5:f2:79:d2:f4:f2:56:4e:ef:2a:d5:7f:ed:
+                    50:3c:e2:90:e5:bd:c9:10:0c:26:56:89:f3:e0:41:
+                    c1:e9:ce:e4:70:06:39:9f:a7:df:21:05:ae:50:c7:
+                    51:75:da:8d:28:01:89:4d:2e:01:94:cc:46:d8:7c:
+                    7d:25
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                85:0D:41:4C:0E:87:A1:F2:A3:48:47:CD:F3:B2:C1:49:85:6C:14:5C
+            X509v3 Authority Key Identifier: 
+                keyid:56:07:6E:27:7A:7E:97:AB:32:12:B0:B9:98:BB:F3:B6:3C:E8:91:99
+
+    Signature Algorithm: sha256WithRSAEncryption
+         6d:a0:8f:72:29:06:90:58:d6:33:07:d7:96:45:2b:8d:d2:78:
+         85:85:2d:98:2a:f8:ee:e0:40:53:9a:4b:4a:a0:d9:2e:d8:dd:
+         5a:b2:c2:1c:1b:7c:12:d7:53:e7:8b:cd:e2:a0:04:45:52:ab:
+         1e:8a:25:9f:de:d3:7d:93:c8:47:c5:70:94:95:e9:d4:aa:a9:
+         18:53:85:a7:2a:71:e8:39:35:3a:d9:c8:e8:70:ba:ae:9f:cf:
+         8a:80:16:fc:bb:3f:fb:2c:3c:fa:e3:2c:a5:b0:01:4c:19:33:
+         48:5e:56:1a:64:67:31:dc:7d:c6:b8:36:d0:6f:8f:db:1c:09:
+         71:20:16:9b:38:e2:25:71:0b:ff:69:68:a3:0b:b9:7e:36:aa:
+         7f:2c:02:18:43:04:5b:81:76:41:ff:49:2a:d0:39:01:71:3c:
+         28:bb:39:ed:d9:e6:4d:c9:d8:6b:34:f2:c6:91:57:27:cd:ff:
+         e1:f1:50:01:15:4f:e8:70:32:1c:a8:f9:84:ff:bf:cd:46:e5:
+         fd:d6:08:69:1b:12:ce:75:9e:34:88:99:64:8e:98:21:d4:e1:
+         a0:e1:03:61:cb:d3:68:bc:54:25:5d:c7:05:11:97:53:35:e0:
+         05:86:50:2d:5a:e4:62:d1:2d:40:77:8e:e5:f1:01:44:36:48:
+         a0:3c:03:25
+-----BEGIN CERTIFICATE-----
+MIID5DCCAsygAwIBAgIBBjANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzEX
+MBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxFjAUBgNV
+BAoMDUV4YW1wbGUsIEluYy4xKjAoBgNVBAMMIWV4YW1wbGUuY29tIENlcnRpZmlj
+YXRlIEF1dGhvcml0eTAeFw0yMzAzMDcxMTA2MTdaFw0yMzA5MDMxMTA2MTdaMHIx
+CzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBwwH
+UmFsZWlnaDEWMBQGA1UECgwNRXhhbXBsZSwgSW5jLjEgMB4GA1UEAwwXc2VydmVy
+Yi5sYWIuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC2IUk+Dhy8omVy2wZ3ALvwTUq87MMAAKClBoMpDZW+voiVbrQIf2pLaYcWDuM6
+uWs/m9zO9c382bJ+dTVEIAaGXkcFOSdBMSq0oD2vFLRsmUoUNlrdM/80KSkASHis
+M+3VbwBzJ17KjM8WRccidIEeIDVrx2wIF3jeGVCxJt37tU4WHYUyNHFHCfoO1Z6e
+gL+SyD9kNU/+RTTr5ieF/q8L3aX2Pq6yuuK9GDXSb5rQxjLA5aKjuKWDGhNEavis
+igL1JLDnpfJ50vTyVk7vKtV/7VA84pDlvckQDCZWifPgQcHpzuRwBjmfp98hBa5Q
+x1F12o0oAYlNLgGUzEbYfH0lAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSF
+DUFMDoeh8qNIR83zssFJhWwUXDAfBgNVHSMEGDAWgBRWB24nen6XqzISsLmYu/O2
+POiRmTANBgkqhkiG9w0BAQsFAAOCAQEAbaCPcikGkFjWMwfXlkUrjdJ4hYUtmCr4
+7uBAU5pLSqDZLtjdWrLCHBt8EtdT54vN4qAERVKrHooln97TfZPIR8VwlJXp1Kqp
+GFOFpypx6Dk1OtnI6HC6rp/PioAW/Ls/+yw8+uMspbABTBkzSF5WGmRnMdx9xrg2
+0G+P2xwJcSAWmzjiJXEL/2loowu5fjaqfywCGEMEW4F2Qf9JKtA5AXE8KLs57dnm
+TcnYazTyxpFXJ83/4fFQARVP6HAyHKj5hP+/zUbl/dYIaRsSznWeNIiZZI6YIdTh
+oOEDYcvTaLxUJV3HBRGXUzXgBYZQLVrkYtEtQHeO5fEBRDZIoDwDJQ==
+-----END CERTIFICATE-----

web-automation/files/serverb.lab.example.com.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC2IUk+Dhy8omVy
+2wZ3ALvwTUq87MMAAKClBoMpDZW+voiVbrQIf2pLaYcWDuM6uWs/m9zO9c382bJ+
+dTVEIAaGXkcFOSdBMSq0oD2vFLRsmUoUNlrdM/80KSkASHisM+3VbwBzJ17KjM8W
+RccidIEeIDVrx2wIF3jeGVCxJt37tU4WHYUyNHFHCfoO1Z6egL+SyD9kNU/+RTTr
+5ieF/q8L3aX2Pq6yuuK9GDXSb5rQxjLA5aKjuKWDGhNEavisigL1JLDnpfJ50vTy
+Vk7vKtV/7VA84pDlvckQDCZWifPgQcHpzuRwBjmfp98hBa5Qx1F12o0oAYlNLgGU
+zEbYfH0lAgMBAAECggEATJwdweOPxO0OfUySIJaHd2IbsPJqZ+Lbr+7YVvlm5rAg
+pbLGOdjWrlf6QZYLkNUTvtLiA5AzkEtGIJlOyZQrCnQ3rYPH9k0nKIlKyQ2NgyzL
+k0r115wamidCHuNdFxpUzXV+m/GQluS56yV4yQ52jWSA9BATaiftaIb/gTTXJRv9
+xoC9kuEazDcK3cJmIFSnayPA239ZuyDGkEQxMYaVvtrgeccqr9vcsJCy3qRI7uNR
+nZsq1AmSzWFD53SnFIr7UCcr1XWHnUC7n81Xhc9m8Nc0DchDCASGIobAwv2nfbnj
+F+JNFr4dzccJAdSS62CkeQ3oi58DR5JTbjXQstC4wQKBgQDcQBmdgSi7ZzZDw0rh
+B1SKahksy83vfpgPNABbEQpOju+r0Fs1+dla+OEjM62qEP47TR/JbDuS5TadoMPY
+yboSODpIVfm7GtC+MTD8FP++PjvlFZjE1KXCTZqMdCGKpj7JpIqlBakdzWV6FOSR
+msfh6DgCkL5viddCgfxfoacoVQKBgQDTsTLr9SV5Xrpguz8TVcBnRUZ6rPsOt7mJ
+0RgXAt9XLcs5X5t1wnNB++cHVXxl5XQ3cisV5IKgpPbUFdDClUKqrfqAhbL3hPfv
+ViqAohHJnDdW9J5OQqtMjmAmL8wiSKTAQbmLmer0UVPa8xjP99Cm5OV0PiJ8zDrL
+ShxZp50RkQKBgQC5H9On9ID1C6qryEFu5Udk1Ar3ARLGQ6Sx2qaV5LvCDhhbVNTl
+iGzuLxSlDvHgaUoXNBsMpUFplemTEiarV9tjJwmt9T3jy4U654PhzhCrqgmT4tQ2
+VPpCWBIYDiCHNna96+RxElH0b8jklR0NWYi6VAKH/XtjqvtYtoMXKnuixQKBgQC6
+2W8u4gSfqkMr2lqEQG5BON5KraAzj2sPACYZOYnUszDrhT38pROCrEtxJ71TW0JH
+JlhtTHMYREMxU8gd2A0uBb5T7q7W1uDYud9uBp9YqrAV6nhIb4QvYIPxcMLnh+MT
+Z2/UjpjZ6WbwnR3LgtsCVItLHQTnzoQep116rP1wYQKBgCLEyCcUyVM1P9Ae2h0I
+cjEQBzuLUdSccEissU0lv1BVt7LklZeGwbs0V8BIxCgfuub9kfLf41HKV0TQNtsY
+/a01CSjjrpBCazYi1ldUTuZXEZZsvevN+M7MI/lE4x83sxJJfEgrCcCiCi8k8dxM
+zs7aX++n6hUQQoiyo630Zn64
+-----END PRIVATE KEY-----

web-automation/group_vars/all/default.yml

@@ -0,0 +1,7 @@
+---
+httpd_packages:
+  - httpd
+  - mod_ssl
+nginx_packages:
+  - '@nginx:1.16'
+cacert_file: "example-ca.crt"

web-automation/group_vars/httpd/vars.yml

@@ -0,0 +1,2 @@
+web_hosts:
+  - "servera.lab.example.com"

web-automation/group_vars/nginx/vars.yml

@@ -0,0 +1,2 @@
+web_hosts:
+  - "serverb.lab.example.com"

web-automation/httpd.yml

@@ -0,0 +1,35 @@
+---
+- name: Apache HTTP Server web server deployment
+  hosts: httpd
+  become: true
+
+  tasks:
+    - name: Latest software installed for Apache HTTPD
+      yum:
+        name: "{{ httpd_packages }}"
+        state: present
+
+    - name: Web content is in place
+      import_tasks: deploy_content.yml
+
+    - name: Virtual hosts are configured
+      template:
+        src: "httpd.conf.j2"
+        dest: "/etc/httpd/conf.d/{{ item }}.conf"
+      loop: "{{ web_hosts }}"
+
+    - name: Firewall ports are open
+      firewalld:
+        service: "{{ item }}"
+        permanent: yes
+        immediate: yes
+        state: enabled
+      loop:
+        - https
+        - http
+
+    - name: Web server is started and enabled
+      service:
+        name: httpd
+        state: started
+        enabled: yes

web-automation/inventory

@@ -0,0 +1,9 @@
+[webservers]
+servera.lab.example.com
+serverb.lab.example.com
+
+[httpd]
+servera.lab.example.com
+
+[nginx]
+serverb.lab.example.com

web-automation/nginx.yml

@@ -0,0 +1,35 @@
+---
+- name: Nginx web server deployment
+  hosts: nginx
+  become: true
+
+  tasks:
+    - name: Latest software installed for nginx
+      yum:
+        name: "{{ nginx_packages }}"
+        state: present
+
+    - name: Web content is in place
+      import_tasks: deploy_content.yml
+
+    - name: Set up nginx serverblock
+      template:
+        src: "nginx.conf.j2"
+        dest: "/etc/nginx/conf.d/{{ item }}.conf"
+      loop: "{{ web_hosts }}"
+
+    - name: Firewall ports are open
+      firewalld:
+        service: "{{ item }}"
+        permanent: yes
+        immediate: yes
+        state: enabled
+      loop:
+        - https
+        - http
+
+    - name: Nginx is enabled and started
+      service:
+        name: nginx
+        state: started
+        enabled: yes

web-automation/site.yml

@@ -0,0 +1,2 @@
+- import_playbook: httpd.yml
+- import_playbook: nginx.yml

web-automation/solutions/disable_all_webservers.yml

@@ -0,0 +1,14 @@
+  - name: Turn off all web servers
+    hosts:
+      - httpd
+      - nginx
+    become: true
+    tasks:
+      - name: Disable all web servers
+        service:
+          name: "{{ item }}"
+          state: stopped
+          enabled: no
+        loop:
+          - httpd
+          - nginx

web-automation/solutions/httpd.yml

@@ -0,0 +1,35 @@
+---
+- name: Apache HTTP Server web server deployment
+  hosts: httpd
+  become: true
+
+  tasks:
+    - name: Latest software installed for Apache HTTPD
+      yum:
+        name: "{{ httpd_packages }}"
+        state: present
+
+    - name: Web content is in place
+      import_tasks: deploy_content.yml
+
+    - name: Virtual hosts are configured
+      template:
+        src: "httpd.conf.j2"
+        dest: "/etc/httpd/conf.d/{{ item }}.conf"
+      loop: "{{ web_hosts }}"
+
+    - name: Firewall ports are open
+      firewalld:
+        service: "{{ item }}"
+        permanent: yes
+        immediate: yes
+        state: enabled
+      loop:
+        - https
+        - http
+
+    - name: Web server is started and enabled
+      service:
+        name: httpd
+        state: started
+        enabled: yes

web-automation/solutions/nginx.yml

@@ -0,0 +1,35 @@
+---
+- name: Nginx web server deployment
+  hosts: nginx
+  become: true
+
+  tasks:
+    - name: Latest software installed for nginx
+      yum:
+        name: "{{ nginx_packages }}"
+        state: present
+
+    - name: Web content is in place
+      import_tasks: deploy_content.yml
+
+    - name: Set up nginx serverblock
+      template:
+        src: "nginx.conf.j2"
+        dest: "/etc/nginx/conf.d/{{ item }}.conf"
+      loop: "{{ web_hosts }}"
+
+    - name: Firewall ports are open
+      firewalld:
+        service: "{{ item }}"
+        permanent: yes
+        immediate: yes
+        state: enabled
+      loop:
+        - https
+        - http
+
+    - name: Nginx is enabled and started
+      service:
+        name: nginx
+        state: started
+        enabled: yes

web-automation/templates/httpd.conf.j2

@@ -0,0 +1,20 @@
+<VirtualHost *:443>
+ServerName {{ item }}
+SSLEngine On
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
+SSLHonorCipherOrder on
+SSLCertificateFile /etc/pki/tls/certs/{{ item }}.crt
+SSLCertificateKeyFile /etc/pki/tls/private/{{ item }}.key
+SSLCertificateChainFile /etc/pki/tls/certs/{{ cacert_file }}
+DocumentRoot /srv/www/{{ item }}
+</VirtualHost>
+<Directory /srv/www/{{ item }}>
+Require all granted
+</Directory>
+
+<VirtualHost *:80>
+ServerName {{ item }}
+Redirect "/" "https://{{ item }}"
+</VirtualHost>
+

web-automation/templates/index.html.j2

@@ -0,0 +1,10 @@
+<html>
+   <head>
+       <title>Welcome to {{ item }} !</title>
+   </head>
+   <body>
+   <h1>Success! The {{ item }} virtual host is working!</h1>
+   <p>This site is hosted on {{ ansible_facts['fqdn'] }}.</p>
+</body>
+</html>
+

web-automation/templates/nginx.conf.j2

@@ -0,0 +1,16 @@
+server {
+    listen 80 ;
+    server_name {{ item }};
+    return 301 https://$host$request_uri;
+}
+server {
+    listen 443 ssl;
+    server_name {{ item }};
+    ssl_certificate /etc/pki/tls/certs/{{ item }}.crt;
+    ssl_certificate_key /etc/pki/tls/private/{{ item }}.key;
+    location / {
+        root /srv/www/{{ item }};
+        index index.html index.htm;
+    }
+}
+

web-review/ansible.cfg

@@ -0,0 +1,3 @@
+[defaults]
+inventory=inventory
+remote_user=devops

web-review/deploy_content.yml

@@ -0,0 +1,72 @@
+- name: Document root exists for servers web site
+  file:
+    path: "/srv/nginx/www"
+    state: directory
+    owner: root
+    mode: '0755'
+
+- name: Document root exists for virtual servers web site
+  file:
+    path: "/srv/nginx/www"
+    state: directory
+    owner: root
+    mode: '0755'
+
+- name: Index test pages are correct
+  template:
+    src: "index.html.j2"
+    dest: "/srv/nginx/www/index.html"
+
+- name: Virtual index test pages are correct
+  template:
+    src: "virtual.html.j2"
+    dest: "/srv/nginx/www/index.html"
+
+- name: SELinux policy is correct for web site location
+  sefcontext:
+    target: '/srv/www(/.*)?'
+    setype: httpd_sys_content_t
+    state: present
+
+- name: Correct SELinux file context is on web content
+  file:
+    path: /srv/FIX_ME/www
+    state: directory
+    recurse: yes
+    follow: no
+    setype: _default
+
+- name: Correct SELinux file context is on web content
+  file:
+    path: /srv/nginx/www
+    state: directory
+    recurse: yes
+    follow: no
+    setype: _default
+
+- name: Serverc host TLS certs in place
+  copy:
+    src: "serverc.lab.example.com.crt"
+    dest: "/etc/pki/tls/certs"
+
+- name: Serverc host TLS private keys in place
+  copy:
+    src: "serverc.lab.example.com.key"
+    dest: "/etc/pki/tls/private"
+    mode: '0600'
+
+- name: Virtual host TLS certs in place
+  copy:
+    src: "virtual.lab.example.com.crt"
+    dest: "/etc/pki/tls/certs"
+
+- name: Virtual host TLS private keys in place
+  copy:
+    src: "virtual.lab.example.com.key"
+    dest: "/etc/pki/tls/private"
+    mode: '0600'
+
+- name: example.com CA cert in place
+  copy:
+    src: "example-ca.crt"
+    dest: "/etc/pki/tls/certs/example-ca.crt"

web-review/files/cacert.pem

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsGgAwIBAgIUOKjPjzHifOZxjYsUUt/UGyCSNfkwDQYJKoZIhvcNAQEL
+BQAwfDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
+VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1FeGFtcGxlLCBJbmMuMSowKAYDVQQDDCFl
+eGFtcGxlLmNvbSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjMwMzA3MDgwNzM0
+WhcNMjQwMzA2MDgwNzM0WjB8MQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGgg
+Q2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxFjAUBgNVBAoMDUV4YW1wbGUsIElu
+Yy4xKjAoBgNVBAMMIWV4YW1wbGUuY29tIENlcnRpZmljYXRlIEF1dGhvcml0eTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQNgc7WXCbPg+ZTthtkPZH
+o20poCBSD6wkWANVMSgi1dNLNJx+X/N+rpC1hjDmQzqTJT1FYiYNhE9teHkg6kkL
+DNbWdWITxL9kYAliaxi+48pWj4ONZIE7x9ymgG50DbVc1fCGAvUCFx+Cfebkroxa
+PVSqG8frg6Vl3sLgruv4gCt7ZJAZKJA2dJ/XbFkZ2YxhD5Uusqxy0qA5mcLHcvDU
+g5seVnDY0S6sR+fvcawm5Rb1hEXeSbxPpKiwOTULN0a1p8SMbuXyhZSRjspR1Tsi
+lPEwnNykM8gk3VhbZTw6zSNEJOjtqcHf+5AQacuUQQgCq8ZVnC0jxJcUabWC6S8C
+AwEAAaNTMFEwHQYDVR0OBBYEFFYHbid6fperMhKwuZi787Y86JGZMB8GA1UdIwQY
+MBaAFFYHbid6fperMhKwuZi787Y86JGZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBABXKHdRy5ZMjQSRKLnRAJq7dTzP+d2f6RHkmpx6aW0mZktNE
+h9PByXI6sYHUJCCWpdLMHu1AXQnHWwPHJCqww+0xoaVZA9cRo7gyWB0T2m3YxpOk
+2ayoC9qTOr5+KWMBxVckxcOWmUv0lxzslD6KOQeGDgmaPJPsruOSoBaeqoY/7FpW
+6xvp/qIzXqsU31oHuDMPnw95+vm3XqcYukgxPTnXkNmUilR+Tw/R37uBzaQxqRqQ
+F0IlX/CrXbCVIp0rMebW1537ZnRVWIm3NWpjlssJulkbD4QiXFoTwHh3uyQG/GaN
+ha4UBNh9vP4nD2eNtWSu/TgKzsgeCtwJlSzNkLE=
+-----END CERTIFICATE-----

web-review/files/example-ca.crt

@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsGgAwIBAgIUOKjPjzHifOZxjYsUUt/UGyCSNfkwDQYJKoZIhvcNAQEL
+BQAwfDELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
+VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1FeGFtcGxlLCBJbmMuMSowKAYDVQQDDCFl
+eGFtcGxlLmNvbSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjMwMzA3MDgwNzM0
+WhcNMjQwMzA2MDgwNzM0WjB8MQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGgg
+Q2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxFjAUBgNVBAoMDUV4YW1wbGUsIElu
+Yy4xKjAoBgNVBAMMIWV4YW1wbGUuY29tIENlcnRpZmljYXRlIEF1dGhvcml0eTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANxQNgc7WXCbPg+ZTthtkPZH
+o20poCBSD6wkWANVMSgi1dNLNJx+X/N+rpC1hjDmQzqTJT1FYiYNhE9teHkg6kkL
+DNbWdWITxL9kYAliaxi+48pWj4ONZIE7x9ymgG50DbVc1fCGAvUCFx+Cfebkroxa
+PVSqG8frg6Vl3sLgruv4gCt7ZJAZKJA2dJ/XbFkZ2YxhD5Uusqxy0qA5mcLHcvDU
+g5seVnDY0S6sR+fvcawm5Rb1hEXeSbxPpKiwOTULN0a1p8SMbuXyhZSRjspR1Tsi
+lPEwnNykM8gk3VhbZTw6zSNEJOjtqcHf+5AQacuUQQgCq8ZVnC0jxJcUabWC6S8C
+AwEAAaNTMFEwHQYDVR0OBBYEFFYHbid6fperMhKwuZi787Y86JGZMB8GA1UdIwQY
+MBaAFFYHbid6fperMhKwuZi787Y86JGZMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBABXKHdRy5ZMjQSRKLnRAJq7dTzP+d2f6RHkmpx6aW0mZktNE
+h9PByXI6sYHUJCCWpdLMHu1AXQnHWwPHJCqww+0xoaVZA9cRo7gyWB0T2m3YxpOk
+2ayoC9qTOr5+KWMBxVckxcOWmUv0lxzslD6KOQeGDgmaPJPsruOSoBaeqoY/7FpW
+6xvp/qIzXqsU31oHuDMPnw95+vm3XqcYukgxPTnXkNmUilR+Tw/R37uBzaQxqRqQ
+F0IlX/CrXbCVIp0rMebW1537ZnRVWIm3NWpjlssJulkbD4QiXFoTwHh3uyQG/GaN
+ha4UBNh9vP4nD2eNtWSu/TgKzsgeCtwJlSzNkLE=
+-----END CERTIFICATE-----

web-review/files/serverc.lab.example.com.crt

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 7 (0x7)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., CN=example.com Certificate Authority
+        Validity
+            Not Before: Mar  7 11:29:04 2023 GMT
+            Not After : Sep  3 11:29:04 2023 GMT
+        Subject: C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., CN=serverc.lab.example.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:ed:27:4e:67:8e:8a:12:c8:6a:90:21:7d:01:8d:
+                    83:d7:cb:1b:b6:3f:40:ef:21:da:b5:2f:3f:16:18:
+                    e5:f7:65:d0:a9:24:69:38:d3:a3:da:d0:e4:7e:3a:
+                    09:22:dc:75:8f:f5:75:d6:66:d5:fc:c7:95:75:a4:
+                    c0:48:0c:7f:05:2a:4a:9b:e1:e9:9e:9e:c1:8c:63:
+                    e2:c4:e7:69:23:ca:5e:13:ff:ab:4a:79:42:98:2f:
+                    a6:ac:1d:85:0c:a2:fe:69:cb:b6:e3:df:44:60:6f:
+                    be:14:c3:46:61:a7:88:13:00:53:b2:29:f5:0e:9e:
+                    d7:d0:90:13:9e:b7:e3:86:c2:d4:0d:3b:fa:e8:64:
+                    4b:b0:b7:ae:86:dd:f8:c5:47:6d:ae:e8:57:12:83:
+                    fd:b2:e9:0f:0b:df:ab:98:4f:87:c7:35:25:11:82:
+                    e5:5d:63:07:1f:5b:0c:78:e6:09:6e:7a:e0:e3:f6:
+                    4d:c6:08:78:65:39:85:3d:41:ce:5c:58:9a:97:9b:
+                    51:13:d9:38:78:18:85:56:c2:5b:af:62:48:a2:77:
+                    c7:e2:82:6e:f5:ab:85:fa:86:ba:3b:69:ea:ba:96:
+                    c8:f6:7e:76:fe:b2:87:6c:1e:3f:92:1f:0d:44:5e:
+                    15:05:8d:1e:a9:71:5f:9f:f8:90:40:be:82:33:e5:
+                    38:bd
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                78:62:81:D0:FB:55:2B:78:DA:14:E1:47:95:37:F2:9E:2D:6E:05:18
+            X509v3 Authority Key Identifier: 
+                keyid:56:07:6E:27:7A:7E:97:AB:32:12:B0:B9:98:BB:F3:B6:3C:E8:91:99
+
+    Signature Algorithm: sha256WithRSAEncryption
+         4d:7d:ac:f8:d8:12:27:69:80:01:5c:97:3d:7d:f1:06:ef:7d:
+         df:b5:e6:e9:1b:e0:52:ba:0a:01:cc:11:3f:12:b9:55:0d:57:
+         21:53:da:0e:46:c7:97:9e:9b:02:63:79:fc:23:ac:d1:4e:41:
+         a7:05:22:79:80:ee:fa:5f:de:76:3d:f0:fc:27:fe:21:d5:7f:
+         68:d4:b8:fe:cc:39:74:0b:bf:40:4f:62:a8:85:af:ba:de:27:
+         ff:f7:e5:35:43:42:a5:17:21:00:eb:15:70:52:d4:b1:87:bd:
+         9e:f9:15:b9:d9:bc:26:60:3d:f3:d1:83:03:8e:a1:90:02:dc:
+         7d:45:f9:83:9c:f4:5a:05:87:55:39:17:c7:31:f6:ea:43:2c:
+         8c:d5:4c:09:a7:11:5a:ee:6f:9a:5c:ef:52:99:12:5b:53:a1:
+         4f:3b:05:da:f4:26:78:70:38:38:5c:12:61:31:95:49:f2:06:
+         dd:66:0c:2b:a1:a5:fc:e4:bf:30:06:a8:a8:11:8b:4d:a6:6c:
+         96:9e:fb:67:fa:f1:08:5c:36:61:4a:32:aa:1a:09:9e:d8:54:
+         a4:7c:92:4e:3e:f3:63:79:19:34:a0:5f:dd:58:14:15:cf:e0:
+         63:bd:40:92:c1:c9:4e:4c:95:ca:20:6c:f3:05:4c:34:15:94:
+         3a:56:47:23
+-----BEGIN CERTIFICATE-----
+MIID5DCCAsygAwIBAgIBBzANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzEX
+MBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxFjAUBgNV
+BAoMDUV4YW1wbGUsIEluYy4xKjAoBgNVBAMMIWV4YW1wbGUuY29tIENlcnRpZmlj
+YXRlIEF1dGhvcml0eTAeFw0yMzAzMDcxMTI5MDRaFw0yMzA5MDMxMTI5MDRaMHIx
+CzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBwwH
+UmFsZWlnaDEWMBQGA1UECgwNRXhhbXBsZSwgSW5jLjEgMB4GA1UEAwwXc2VydmVy
+Yy5sYWIuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDtJ05njooSyGqQIX0BjYPXyxu2P0DvIdq1Lz8WGOX3ZdCpJGk406Pa0OR+Ogki
+3HWP9XXWZtX8x5V1pMBIDH8FKkqb4emensGMY+LE52kjyl4T/6tKeUKYL6asHYUM
+ov5py7bj30Rgb74Uw0Zhp4gTAFOyKfUOntfQkBOet+OGwtQNO/roZEuwt66G3fjF
+R22u6FcSg/2y6Q8L36uYT4fHNSURguVdYwcfWwx45glueuDj9k3GCHhlOYU9Qc5c
+WJqXm1ET2Th4GIVWwluvYkiid8figm71q4X6hro7aeq6lsj2fnb+sodsHj+SHw1E
+XhUFjR6pcV+f+JBAvoIz5Ti9AgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBR4
+YoHQ+1UreNoU4UeVN/KeLW4FGDAfBgNVHSMEGDAWgBRWB24nen6XqzISsLmYu/O2
+POiRmTANBgkqhkiG9w0BAQsFAAOCAQEATX2s+NgSJ2mAAVyXPX3xBu9937Xm6Rvg
+UroKAcwRPxK5VQ1XIVPaDkbHl56bAmN5/COs0U5BpwUieYDu+l/edj3w/Cf+IdV/
+aNS4/sw5dAu/QE9iqIWvut4n//flNUNCpRchAOsVcFLUsYe9nvkVudm8JmA989GD
+A46hkALcfUX5g5z0WgWHVTkXxzH26kMsjNVMCacRWu5vmlzvUpkSW1OhTzsF2vQm
+eHA4OFwSYTGVSfIG3WYMK6Gl/OS/MAaoqBGLTaZslp77Z/rxCFw2YUoyqhoJnthU
+pHySTj7zY3kZNKBf3VgUFc/gY71AksHJTkyVyiBs8wVMNBWUOlZHIw==
+-----END CERTIFICATE-----

web-review/files/serverc.lab.example.com.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDtJ05njooSyGqQ
+IX0BjYPXyxu2P0DvIdq1Lz8WGOX3ZdCpJGk406Pa0OR+Ogki3HWP9XXWZtX8x5V1
+pMBIDH8FKkqb4emensGMY+LE52kjyl4T/6tKeUKYL6asHYUMov5py7bj30Rgb74U
+w0Zhp4gTAFOyKfUOntfQkBOet+OGwtQNO/roZEuwt66G3fjFR22u6FcSg/2y6Q8L
+36uYT4fHNSURguVdYwcfWwx45glueuDj9k3GCHhlOYU9Qc5cWJqXm1ET2Th4GIVW
+wluvYkiid8figm71q4X6hro7aeq6lsj2fnb+sodsHj+SHw1EXhUFjR6pcV+f+JBA
+voIz5Ti9AgMBAAECggEBAJruZeNzlLKmqi+VITSlfi+5alZKxqIzTM23mxBVnc9d
+fc8ykWdlpJNsiwoH4jYbLtaotp4mOsBUp0jfJBstxsHaGjnyggx1jN6p1tlqkR6n
+s4R/MCmMRLxlzQ5+jpBt36XAR7BhCSuzdMvdsxpTN6uqOAOaM5WkojuIFLlJS2Sa
+m7HEuZ6p8GghsxdAmUjZs1WJ+P1gzQ/6BFpW85ep2SfTWucKa8rOusk+tc2DynDi
+zPIEo/Cbbuz+Uyjv2eABUBGV4o9BQ6tpoFfgXwKeZHtAJHlgPffQ396bxmbwhxps
+nvhPg75wl70w5SlI6BLQMv2USDZbCsyjqabXD4eigyECgYEA+gAi9Q+sNchefyBy
++g2CTpYE1cUFvydIICgv2aEtE271a973eo5RE/M+eKLe4GyU5L/nvSqikjuINYP0
+SNy7KteYi6QH/mL+Y4/us+T3Zp9m2KU9xDz3SfhGpphKZnctQsnwqdypoUzUqcy9
+fBuqe/FT7SKdShRhKm/v3+S6/OUCgYEA8tg+tqZJfNbe2WCetkPZ4VSc+6vSjHAe
+KOpgLvZd2mHG1+LpWH5AgCBdkLUjhRVPunLFDPqpoN+Jc/x3ncNUFUXwgoXHrbRT
+pb8xaoihvdV6FixAylC4chZ/f4cfdOQcdi+f1AuRn9+tQaR1jCNcSOGSZgnNNQcZ
+6o0Zq8IaZvkCgYEA82W6oxj1Mw+3YNH43xbT7SsF3hKKO8dE43n8zEetmSQIcVON
+Ypa4vVGvWshHcfyFIgjs2DFwQisPu/qSlXXCDD4HWL0Ew1kiD1EMt7yOWi2LdhW7
+AxnQMQY10vCmTwhs2n+9fcNGq7IfwomBWhmdbDpS2ac/t+YLi8ObqUIKAzkCgYB4
+vg4IcItvV8J7oG+pPfkx8QkQlPDdxM0qGMZz8yjc8OqV4ouU5Ukaq3z5+yZLADqh
+AHl7J5J5m0tTcP7kYP8IiLq5mtyaQGOqsHJYftC0e1T1e1FHhnT+vLLt7Hg2fUit
+dqZoHsxsCiGx1pxfbiFvV0CcHVl7eSlolnliDeNkuQKBgQCYrjlF+yIRmJHbCXOh
+2eMJHxbARA7KUHGCnKNP/nB7f0QP9gHpwgXGPNCHJOAWe13Qt6kDz34vpvB5IxXo
+Oslsauj7j/xa+Cnk8utQqcHy58/1t5qSKREUvzCj6N1BVJUpSHs4uh6HAFSsg5/x
+iblgy2LRYWzLuh1w8iBOEWikCQ==
+-----END PRIVATE KEY-----

web-review/files/virtual.lab.example.com.crt

@@ -0,0 +1,82 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 8 (0x8)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., CN=example.com Certificate Authority
+        Validity
+            Not Before: Mar  7 11:29:04 2023 GMT
+            Not After : Sep  3 11:29:04 2023 GMT
+        Subject: C=US, ST=North Carolina, L=Raleigh, O=Example, Inc., CN=virtual.lab.example.com
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:bd:6b:15:97:f2:c9:8a:67:80:bc:d0:23:73:92:
+                    10:37:69:d8:f9:f4:d2:a7:93:a3:2e:3d:f2:d5:72:
+                    ed:ef:65:41:06:fb:86:f7:46:92:29:3f:e5:39:ea:
+                    6e:9c:28:de:7a:bd:7c:4d:38:27:e5:8d:20:ab:bc:
+                    a4:b8:41:d0:58:1c:be:f7:92:01:d1:54:ec:c8:13:
+                    78:1c:79:56:8b:9f:af:c4:e6:85:db:a6:9e:fe:02:
+                    2d:76:9d:57:87:69:ec:34:d8:3a:ea:bd:bf:32:e5:
+                    35:e6:4b:fe:6a:6f:14:79:1b:62:66:0e:7f:dc:b5:
+                    41:14:3c:80:8e:e1:20:cf:d4:8e:d6:c1:61:d8:ca:
+                    10:ad:b6:22:3b:d2:52:9e:53:a9:6d:8d:7c:6f:f2:
+                    80:a6:c0:85:b1:c2:3a:d4:ef:8a:b5:18:71:5a:71:
+                    16:1b:62:dd:2e:c1:40:ac:70:44:be:84:57:6e:de:
+                    06:c9:83:9a:aa:52:e6:35:c9:2f:22:bd:6d:6d:b1:
+                    c5:8b:70:d1:f2:da:e4:ec:73:25:01:69:dd:19:30:
+                    15:4d:92:c4:56:52:68:33:db:af:d3:7a:e0:c1:8b:
+                    17:c8:8d:72:0f:e2:b6:8f:da:5f:76:7a:be:a0:b5:
+                    43:bd:f0:23:09:59:44:60:8e:25:06:79:69:8d:29:
+                    b9:ad
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                BD:AE:8B:5A:0F:8D:C6:14:17:CC:9A:6E:A5:97:85:6C:EB:82:2E:24
+            X509v3 Authority Key Identifier: 
+                keyid:56:07:6E:27:7A:7E:97:AB:32:12:B0:B9:98:BB:F3:B6:3C:E8:91:99
+
+    Signature Algorithm: sha256WithRSAEncryption
+         1a:78:2e:9e:a4:ee:13:82:99:9e:b6:7b:fc:9d:15:a1:17:4e:
+         3a:d3:9a:df:21:9e:a9:3a:4a:be:59:b9:a5:b7:2d:23:91:0b:
+         b9:1b:39:ec:fc:be:bf:a5:6a:13:11:9f:0a:18:4f:27:00:68:
+         e9:57:61:e3:d6:f9:7c:63:0d:32:b9:aa:4f:c6:f6:10:95:f6:
+         75:0f:d7:ff:cb:ca:3b:09:a4:ce:26:e6:06:33:9e:be:58:35:
+         36:92:e9:75:34:cf:a3:47:dc:5f:11:d7:a9:da:6d:83:d9:6a:
+         4a:70:03:1b:07:2b:56:46:06:90:f5:08:55:79:41:c2:2c:20:
+         77:de:26:55:dd:d7:c5:28:50:14:3d:a4:b8:ee:b2:d9:48:bb:
+         a3:b3:fc:8b:4f:0b:f3:33:05:a5:5f:fb:ac:d2:7d:2d:af:f1:
+         0e:f1:7d:b9:ce:b0:1e:58:8d:97:98:24:59:37:01:f2:2a:ad:
+         81:45:2f:e4:3c:71:b6:30:da:ff:e5:bf:11:25:54:a9:6d:3e:
+         d4:13:69:06:a7:64:35:4e:df:fd:a4:69:aa:21:39:07:cf:02:
+         c1:b4:81:11:b0:c0:bc:11:09:bb:cb:3a:4f:0f:ac:51:6d:3f:
+         87:f5:79:92:f0:24:7d:95:b7:bc:c8:1d:dd:b1:01:6e:59:5d:
+         41:d5:c9:4d
+-----BEGIN CERTIFICATE-----
+MIID5DCCAsygAwIBAgIBCDANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzEX
+MBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxFjAUBgNV
+BAoMDUV4YW1wbGUsIEluYy4xKjAoBgNVBAMMIWV4YW1wbGUuY29tIENlcnRpZmlj
+YXRlIEF1dGhvcml0eTAeFw0yMzAzMDcxMTI5MDRaFw0yMzA5MDMxMTI5MDRaMHIx
+CzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4GA1UEBwwH
+UmFsZWlnaDEWMBQGA1UECgwNRXhhbXBsZSwgSW5jLjEgMB4GA1UEAwwXdmlydHVh
+bC5sYWIuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQC9axWX8smKZ4C80CNzkhA3adj59NKnk6MuPfLVcu3vZUEG+4b3RpIpP+U56m6c
+KN56vXxNOCfljSCrvKS4QdBYHL73kgHRVOzIE3gceVaLn6/E5oXbpp7+Ai12nVeH
+aew02Drqvb8y5TXmS/5qbxR5G2JmDn/ctUEUPICO4SDP1I7WwWHYyhCttiI70lKe
+U6ltjXxv8oCmwIWxwjrU74q1GHFacRYbYt0uwUCscES+hFdu3gbJg5qqUuY1yS8i
+vW1tscWLcNHy2uTscyUBad0ZMBVNksRWUmgz26/TeuDBixfIjXIP4raP2l92er6g
+tUO98CMJWURgjiUGeWmNKbmtAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4
+QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBS9
+rotaD43GFBfMmm6ll4Vs64IuJDAfBgNVHSMEGDAWgBRWB24nen6XqzISsLmYu/O2
+POiRmTANBgkqhkiG9w0BAQsFAAOCAQEAGngunqTuE4KZnrZ7/J0VoRdOOtOa3yGe
+qTpKvlm5pbctI5ELuRs57Py+v6VqExGfChhPJwBo6Vdh49b5fGMNMrmqT8b2EJX2
+dQ/X/8vKOwmkzibmBjOevlg1NpLpdTTPo0fcXxHXqdptg9lqSnADGwcrVkYGkPUI
+VXlBwiwgd94mVd3XxShQFD2kuO6y2Ui7o7P8i08L8zMFpV/7rNJ9La/xDvF9uc6w
+HliNl5gkWTcB8iqtgUUv5DxxtjDa/+W/ESVUqW0+1BNpBqdkNU7f/aRpqiE5B88C
+wbSBEbDAvBEJu8s6Tw+sUW0/h/V5kvAkfZW3vMgd3bEBblldQdXJTQ==
+-----END CERTIFICATE-----

web-review/files/virtual.lab.example.com.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9axWX8smKZ4C8
+0CNzkhA3adj59NKnk6MuPfLVcu3vZUEG+4b3RpIpP+U56m6cKN56vXxNOCfljSCr
+vKS4QdBYHL73kgHRVOzIE3gceVaLn6/E5oXbpp7+Ai12nVeHaew02Drqvb8y5TXm
+S/5qbxR5G2JmDn/ctUEUPICO4SDP1I7WwWHYyhCttiI70lKeU6ltjXxv8oCmwIWx
+wjrU74q1GHFacRYbYt0uwUCscES+hFdu3gbJg5qqUuY1yS8ivW1tscWLcNHy2uTs
+cyUBad0ZMBVNksRWUmgz26/TeuDBixfIjXIP4raP2l92er6gtUO98CMJWURgjiUG
+eWmNKbmtAgMBAAECggEBAJbai84B3CTQHaVCFpnaP/QB5n3bT1GKsTEIwTbhW0GH
+YGyRMYIJwCn96y9e10yi99zEwBQ3nv6gkN51VLIyKB2kdypwK+ZtPk5xwvzaXeTA
+/plQBldSsdkWHuMSmD0OTMIhW3rMN1PvXCfXaf2WDbYN6yXgclByQiw9qx0fiqQ5
+ArA84u5LpgozDt7Odv5RA3+VjnGm27FRgVZ8Fg8RzkbE1NSrEiVoUlcTvTK5VAfq
+HXaN3KSV8aCVa/b6xe41myug6E4AhgiES3PnQwF9andofyuizbnjLcXJhgvaqPI+
+iODMatjHcc4cQ5WZyHvL3K3f9Uz5+Wici3U+FKw6bMECgYEA75wYfAyc+WOXBHJx
+7A6CtB5n+bkbPeFMcQddfefp7DaTcupfJdPkH0c9cNO6Cqql12bAFQeDFcKQ0OhT
+eVGW+YuGSroLWxJB4tFm/6bUgbWYcZVlFd0B18pn+dPyZeu42keNt9g+rjx7kpyN
+sI9Owj073dSveWPjO+3tSQ+otRUCgYEAymAQ0HnA3swLMpzsRCpnrtgcuJocsjJ7
+FN8kbwXDJxvtk1botv+54APfueFzFiiioCoexbXxdd/duU58duxQrREvyVbIWrWA
+sMOK7hLD/ejjwkQIjjT1D+5xkD6G0W34U0PH7C5tmzJP0AzDIOUCrnYTyj+Gpzft
+aL+qTTDdyDkCgYAEDfsoFjqNyc6jZ6Bf4zr4+069HhHE8UwO2ZYObF87/QxvtGGZ
+zUUd9mGmyB5s0chupbF4aaEhPCKhNl07P1Mzs9W46/8HMn7k7LA2gUc1TrJesa19
+OjkuwqERzDFc4ilFoFJYmxMsdZ+NspJ/O12U0d5yeYfioPsWZ4dNZjNvpQKBgDsp
+gGDh5x96+R8PvwZiezMjHKpe61qw5UiBv23xek65nGeBdcDh254Ao+v8W5+zu28l
+QR+9g9xY2MHujvZZOXCO4LB0fVf/TaLfV4Mn20IkTkkhiHrCQo4ov+xSSyl4g6sb
+2ptSK1q+h5Sj1nuMV49XF4v9rEjAUdhYh9nPGlcJAoGAekR/87zclQRSjBLXxuZX
+EVGS7uGsgpriJFkGt2ZhVoOJhNvyGBbqZ4xzGMefheru/bJfFbMjhPZ8T+GpPgtk
+q6+T4LDlbwGlHvRRYfXlsUZLV49TrgYSHKYWRJuWMRVg8QwwXv8QLgJB+bCnLIXm
+UdznHq6SpctqoBINnoDAAik=
+-----END PRIVATE KEY-----

web-review/group_vars/webserver/vars.yml

@@ -0,0 +1,2 @@
+web_hosts:
+  - "serverc.lab.example.com"

web-review/inventory

@@ -0,0 +1,2 @@
+[webserver]
+serverc.lab.example.com

web-review/nginx.yml

@@ -0,0 +1,33 @@
+- name: Configure Nginx
+  hosts: webserver
+  become: true
+
+  tasks:
+    - name: install nginx
+      yum:
+        name: nginx
+        state: present
+
+    - name: deploy content
+      import_tasks: deploy_content.yml
+
+    - name: deploy nginx conf
+      template:
+        src: templates/nginx.conf.j2
+        dest: /etc/nginx/conf.d/virtual.conf
+
+    - name: start and enable service
+      service:
+        name: nginx
+        state: started
+        enabled: yes
+
+    - name: open ports
+      firewalld:
+        service: "{{ item }}"
+        state: enabled
+        permanent: yes
+        immediate: yes
+      loop: 
+        - http
+        - https

web-review/solutions/httpd.yml

@@ -0,0 +1,55 @@
+---
+- name: Apache HTTP Server web server deployment
+  hosts: webserver
+  become: true
+  tasks:
+    - name: Latest software installed for Apache HTTPD
+      yum:
+        name: "{{ item }}"
+        state: latest
+      loop:
+        - httpd
+        - mod_ssl
+      notify: Restart httpd
+
+    - name: Web content is in place
+      import_tasks: deploy_content.yml
+
+    - name: Serverc Virtual hosts are configured
+      template:
+        src: "httpd.conf.j2"
+        dest: "/etc/httpd/conf.d/httpd.conf"
+      notify: Reload httpd
+
+
+    - name: Virtual hosts are configured
+      template:
+        src: "hvirtual.conf.j2"
+        dest: "/etc/httpd/conf.d/virtual.conf"
+      notify: Reload httpd
+
+    - name: Web server is started and enabled
+      service:
+        name: httpd
+        state: started
+        enabled: yes
+
+    - name: Firewall ports are open
+      firewalld:
+        service: "{{ item }}"
+        permanent: yes
+        immediate: yes
+        state: enabled
+      loop:
+        - http
+        - https
+
+  handlers:
+    - name: Reload httpd
+      service:
+        name: httpd
+        state: reloaded
+    - name: Restart httpd
+      service:
+        name: httpd
+        state: restarted

web-review/solutions/nginx.yml

@@ -0,0 +1,48 @@
+---
+- name: Nginx web server deployment
+  hosts: webserver
+  become: true
+  tasks:
+    - name: Latest software installed for nginx
+      dnf:
+        name: "@nginx:1.16"
+        state: present
+      notify: Restart nginx
+
+    - name: Web content is in place
+      import_tasks: deploy_content.yml
+
+    - name: Set up nginx serverblock
+      template:
+        src: "nginx.conf.j2"
+        dest: "/etc/nginx/conf.d/nginx.conf"
+
+    - name: Set up nginx serverblock
+      template:
+        src: "nvirtual.conf.j2"
+        dest: "/etc/nginx/conf.d/virtual.conf"
+
+      notify: Reload nginx
+    - name: Firewall ports are open
+      firewalld:
+        service: "{{ item }}"
+        permanent: yes
+        immediate: yes
+        state: enabled
+      loop:
+        - https
+        - http
+    - name: Nginx is enabled and started
+      service:
+        name: nginx
+        state: started
+        enabled: yes
+  handlers:
+    - name: Reload nginx
+      service:
+        name: nginx
+        state: reloaded
+    - name: Restart nginx
+      service:
+        name: nginx
+        state: restarted

web-review/templates/httpd.conf.j2

@@ -0,0 +1,18 @@
+<VirtualHost *:443>
+ServerName serverc.lab.example.com
+SSLEngine On
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
+SSLHonorCipherOrder on
+SSLCertificateFile /etc/pki/tls/certs/serverc.lab.example.com.crt
+SSLCertificateKeyFile /etc/pki/tls/private/serverc.lab.example.com.key
+SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
+DocumentRoot /srv/httpd/www
+</VirtualHost>
+<Directory /srv/httpd/www>
+Require all granted
+</Directory>
+<VirtualHost *:80>
+ServerName serverc.lab.example.com
+Redirect "/" "https://serverc.lab.example.com"
+</VirtualHost>

web-review/templates/hvirtual.conf.j2

@@ -0,0 +1,18 @@
+<VirtualHost *:443>
+ServerName virtual.lab.example.com
+SSLEngine On
+SSLProtocol all -SSLv2 -SSLv3
+SSLCipherSuite HIGH:MEDIUM:!aNull:!MD5
+SSLHonorCipherOrder on
+SSLCertificateFile /etc/pki/tls/certs/virtual.lab.example.com.crt
+SSLCertificateKeyFile /etc/pki/tls/private/virtual.lab.example.com.key
+SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
+DocumentRoot /srv/virtual/www
+</VirtualHost>
+<Directory /srv/virtual/www>
+Require all granted
+</Directory>
+<VirtualHost *:80>
+ServerName virtual.lab.example.com
+Redirect "/" "https://virtual.lab.example.com"
+</VirtualHost>

web-review/templates/index.html.j2

@@ -0,0 +1,9 @@
+<html>
+   <head>
+       <title>Welcome to serverc.lab.example.com !</title>
+   </head>
+   <body>
+   <h1>Success! The serverc.lab.example.com virtual host is working!</h1>
+   <p>This site is hosted on serverc.lab.example.com.</p>
+</body>
+</html>

web-review/templates/nginx.conf.j2

@@ -0,0 +1,15 @@
+server {
+    listen 80 ;
+    server_name serverc.lab.example.com;
+    return 301 https://$host$request_uri;
+}
+server {
+    listen 443 ssl;
+    server_name serverc.lab.example.com;
+    ssl_certificate /etc/pki/tls/certs/serverc.lab.example.com.crt;
+    ssl_certificate_key /etc/pki/tls/private/serverc.lab.example.com.key;
+    location / {
+        root /srv/nginx/www/;
+        index index.html index.htm;
+    }
+}

web-review/templates/nvirtual.conf.j2

@@ -0,0 +1,15 @@
+server {
+    listen 80 ;
+    server_name virtual.lab.example.com;
+    return 301 https://$host$request_uri;
+}
+server {
+    listen 443 ssl;
+    server_name virtual.lab.example.com;
+    ssl_certificate /etc/pki/tls/certs/virtual.lab.example.com.crt;
+    ssl_certificate_key /etc/pki/tls/private/virtual.lab.example.com.key;
+    location / {
+        root /srv/virtual/www/;
+        index index.html index.htm;
+    }
+}

web-review/templates/virtual.html.j2

@@ -0,0 +1,9 @@
+<html>
+   <head>
+       <title>Welcome to virtual.lab.example.com !</title>
+   </head>
+   <body>
+   <h1>Success! The virtual.lab.example.com virtual host is working!</h1>
+   <p>This site is hosted on serverc.lab.example.com.</p>
+</body>
+</html>