--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/nginx/handlers/main.yml	Sat Mar 19 00:38:11 2016 +0800
@@ -0,0 +1,4 @@
+---
+- name: restart nginx
+  service: name=nginx state=restarted
+...

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/nginx/tasks/main.yml	Sat Mar 19 00:38:11 2016 +0800
@@ -0,0 +1,30 @@
+---
+- name: Install packages
+  apt: pkg={{ item }} state=present
+  with_items:
+    - nginx
+  tags: [packages]
+
+- name: Disable default site
+  file: path=/etc/nginx/sites-enabled/default state=absent
+  notify:
+    - restart nginx
+
+- name: Create a Diffie-Hellman key exchange parameters file
+  command: >
+    openssl dhparam
+    {% if ansible_virtualization_type == "virtualbox" %}-dsaparam{% endif %}
+    -out /etc/nginx/dh-2048.pem
+    2048
+  args:
+    creates: /etc/nginx/dh-2048.pem
+  notify:
+    - restart nginx
+
+- name: Allow HTTP and HTTPS
+  ufw: rule=allow name='{{ item }}'
+  with_items:
+    - Nginx HTTP
+    - Nginx HTTPS
+  tags: [ufw]
+...