Configuring a Web Server on a VPS with Ansible

Automating infrastructure is a key practice in modern DevOps workflows. Ansible, a configuration management and automation tool, significantly simplifies the setup of servers, services, and applications. Ansible is used to configure web servers on virtual private servers (VPS), enabling reproducible and scalable deployments.

Introduction to Ansible and VPS

A VPS provides users with isolated virtual environments on a physical server. It's the go-to choice for web hosting, development environments, and production deployments. A VPS gives you full control over installed software, network configuration, and system updates because it gives you root access, which you don't get with shared hosting. However, this freedom comes with responsibility, and users must be prepared to set up and maintain their server environment.

Ansible, developed by Red Hat, is the best agentless automation tool on the market. It communicates over SSH. Its YAML-based playbooks define tasks, making it accessible and highly readable. Whether you're managing one server or thousands, Ansible provides a consistent and effective approach to automation.

Preparing the VPS for Ansible Deployment

Before configuring a web server, the VPS must be ready for Ansible-based automation. This preparation includes ensuring secure SSH access and installing required dependencies.

To begin, the remote VPS should have a non-root user with sudo privileges. This user will be used by Ansible to execute tasks securely.

Create a new user:

    adduser deployer
    usermod -aG sudo deployer

Enable SSH key authentication: Copy your public key to the server:

    ssh-copy-id deployer@your-vps-ip

On the control node (your local machine or Ansible host), ensure Ansible is installed. This can be done using pip or your package manager:

    pip install ansible

Create an inventory file (hosts.ini) that describes the VPS:

    [web]
    your-vps-ip ansible_user=deployer

Writing the Ansible Playbook

An Ansible playbook is a set of instructions for configuring the target machine. For setting up a web server, this playbook typically includes tasks such as installing a web server (like Nginx or Apache), configuring firewalls, and deploying a basic HTML site or dynamic application.

Here’s a basic example for installing Nginx:

    ---
    - name: Configure web server on VPS
      hosts: web
      become: yes
      tasks:
        - name: Update apt cache
          apt:
            update_cache: yes

        - name: Install Nginx
          apt:
            name: nginx
            state: present

        - name: Start and enable Nginx
          service:
            name: nginx
            state: started
            enabled: yes

        - name: Copy custom index.html
          copy:
            src: files/index.html
            dest: /var/www/html/index.html
            mode: '0644'

This playbook ensures that the latest version of Nginx is installed, running, and enabled on system boot. It also demonstrates how to copy static website content to the server.

Structuring Your Project Directory

A well-organized project directory simplifies maintenance and team collaboration. A standard structure might look like:

    webserver-ansible/
    ├── hosts.ini
    ├── site.yml
    ├── files/
    │   └── index.html
    ├── roles/
    │   └── nginx/
    │       ├── tasks/
    │       │   └── main.yml
    │       └── templates/
    └── vars/
        └── main.yml

Using roles promotes reusability and modular design. For example, the nginx role can later be reused to configure other servers.

Adding TLS/SSL with Let's Encrypt

Securing your web server with SSL is essential for modern websites. With Ansible, this process can be automated using community roles such as geerlingguy.certbot.

To use it, include the role in your requirements.yml:

    - src: geerlingguy.certbot

Install the role:

    ansible-galaxy install -r requirements.yml

Then define your tasks to obtain and configure an SSL certificate automatically:

    - name: Install and configure Let's Encrypt SSL
      hosts: web
      become: yes
      roles:
        - geerlingguy.certbot
      vars:
        certbot_email: "[email protected]"
        certbot_certs:
          - domains:
              - yourdomain.com

This step ensures your VPS web server is secured with HTTPS, improving SEO and user trust.

More articles on the topic of DevOps in our Blog:

    - Docker Cheat Sheet: Basic Commands to Get Started

    - How to Rename a Local and Remote Branch in Git

    - How to Create Your Own Docker Image

    - VPS performance problems or Why is my server slow?

Handling Firewall Configuration

Most VPS providers deploy their instances with minimal firewall settings. It is recommended to explicitly define firewall rules to limit exposed services.

Using ufw (Uncomplicated Firewall) via Ansible:

    - name: Configure UFW
      hosts: web
      become: yes
      tasks:
        - name: Allow HTTP
          ufw:
            rule: allow
            name: "Nginx Full"
            port: 80
            proto: tcp

        - name: Allow HTTPS
          ufw:
            rule: allow
            name: "Nginx Full"
            port: 443
            proto: tcp

        - name: Enable UFW
          ufw:
            state: enabled
            policy: deny

This will allow HTTP/HTTPS traffic and block all other ports by default.

Deploying a Dynamic Web Application

Beyond serving static content, web servers often host dynamic applications written in PHP, Python (e.g., Django, Flask), or Node.js. Ansible can automate these deployments as well.

For example, to deploy a Flask app:

    - name: Install Python and dependencies
      apt:
        name:
          - python3
          - python3-pip
        state: present

    - name: Install Flask
      pip:
        name: flask

    - name: Copy Flask app
      copy:
        src: files/app.py
        dest: /home/deployer/app.py

    - name: Run Flask app with systemd
      template:
        src: templates/flask.service.j2
        dest: /etc/systemd/system/flask.service
      notify: Restart Flask

With this configuration, Ansible automates the installation of all required components, copies the application, and sets it up as a system service.

Error Handling and Idempotency

One of Ansible’s most powerful features is idempotency. This means that applying the same playbook multiple times will not cause unintended changes. Tasks only run when needed, which prevents service disruption.

For better control, handlers can be used to perform actions only when notified. For instance, restarting a service only if a configuration file changes:

    handlers:
      - name: Restart Nginx
        service:
          name: nginx
          state: restarted

This approach ensures minimal downtime and more efficient deployment cycles.

Testing and Version Control

Managing Ansible playbooks through version control systems like Git is a best practice. It enables collaboration, history tracking, and CI/CD integration. For teams, it is also advisable to use test environments before deploying changes to production.

Testing can be done using tools like Molecule, which simulates deployments with containers to validate roles and playbooks.

Scaling to Multiple Servers

As projects grow, web servers may need to scale. With Ansible, you can extend your inventory to include multiple hosts and use groups to differentiate environments (e.g., staging, production).

Inventory example:

    [staging]
    staging-vps-ip

    [production]
    prod-vps-ip1
    prod-vps-ip2

Playbooks can then be executed on selected groups:

    ansible-playbook -i hosts.ini site.yml --limit production

This flexibility makes Ansible a robust tool for infrastructure as code, suitable for both simple and complex environments.

Conclusion

Ansible streamlines the process of configuring a web server on a VPS, enabling reproducible and secure deployments. Its declarative syntax, idempotent behavior, and scalability make it a favorite in DevOps toolkits. Whether you're launching a personal website or managing enterprise-grade applications, Ansible is the clear choice for automating server setup, reducing manual effort and minimizing errors.

Integrating Ansible into your VPS web hosting workflow saves time and aligns with modern infrastructure management practices. As your projects grow, the benefits of automation compound, making Ansible not just a convenience, but a necessity.