3v-Hosting Blog
8 min read
Automating infrastructure is a key practice in modern DevOps workflows. Ansible, a configuration management and automation tool, significantly simplifies the setup of servers, services, and applications. Ansible is used to configure web servers on virtual private servers (VPS), enabling reproducible and scalable deployments.
A VPS provides users with isolated virtual environments on a physical server. It's the go-to choice for web hosting, development environments, and production deployments. A VPS gives you full control over installed software, network configuration, and system updates because it gives you root access, which you don't get with shared hosting. However, this freedom comes with responsibility, and users must be prepared to set up and maintain their server environment.
Ansible, developed by Red Hat, is the best agentless automation tool on the market. It communicates over SSH. Its YAML-based playbooks define tasks, making it accessible and highly readable. Whether you're managing one server or thousands, Ansible provides a consistent and effective approach to automation.
Before configuring a web server, the VPS must be ready for Ansible-based automation. This preparation includes ensuring secure SSH access and installing required dependencies.
To begin, the remote VPS should have a non-root user with sudo privileges. This user will be used by Ansible to execute tasks securely.
Create a new user:
adduser deployer
usermod -aG sudo deployer
Enable SSH key authentication: Copy your public key to the server:
ssh-copy-id deployer@your-vps-ip
On the control node (your local machine or Ansible host), ensure Ansible is installed. This can be done using pip or your package manager:
pip install ansible
Create an inventory file (hosts.ini) that describes the VPS:
[web]
your-vps-ip ansible_user=deployer
An Ansible playbook is a set of instructions for configuring the target machine. For setting up a web server, this playbook typically includes tasks such as installing a web server (like Nginx or Apache), configuring firewalls, and deploying a basic HTML site or dynamic application.
Here’s a basic example for installing Nginx:
---
- name: Configure web server on VPS
hosts: web
become: yes
tasks:
- name: Update apt cache
apt:
update_cache: yes
- name: Install Nginx
apt:
name: nginx
state: present
- name: Start and enable Nginx
service:
name: nginx
state: started
enabled: yes
- name: Copy custom index.html
copy:
src: files/index.html
dest: /var/www/html/index.html
mode: '0644'
This playbook ensures that the latest version of Nginx is installed, running, and enabled on system boot. It also demonstrates how to copy static website content to the server.
A well-organized project directory simplifies maintenance and team collaboration. A standard structure might look like:
webserver-ansible/
├── hosts.ini
├── site.yml
├── files/
│ └── index.html
├── roles/
│ └── nginx/
│ ├── tasks/
│ │ └── main.yml
│ └── templates/
└── vars/
└── main.yml
Using roles promotes reusability and modular design. For example, the nginx role can later be reused to configure other servers.
Securing your web server with SSL is essential for modern websites. With Ansible, this process can be automated using community roles such as geerlingguy.certbot.
To use it, include the role in your requirements.yml:
- src: geerlingguy.certbot
Install the role:
ansible-galaxy install -r requirements.yml
Then define your tasks to obtain and configure an SSL certificate automatically:
- name: Install and configure Let's Encrypt SSL
hosts: web
become: yes
roles:
- geerlingguy.certbot
vars:
certbot_email: "your-email@example.com"
certbot_certs:
- domains:
- yourdomain.com
This step ensures your VPS web server is secured with HTTPS, improving SEO and user trust.
Most VPS providers deploy their instances with minimal firewall settings. It is recommended to explicitly define firewall rules to limit exposed services.
Using ufw (Uncomplicated Firewall) via Ansible:
- name: Configure UFW
hosts: web
become: yes
tasks:
- name: Allow HTTP
ufw:
rule: allow
name: "Nginx Full"
port: 80
proto: tcp
- name: Allow HTTPS
ufw:
rule: allow
name: "Nginx Full"
port: 443
proto: tcp
- name: Enable UFW
ufw:
state: enabled
policy: deny
This will allow HTTP/HTTPS traffic and block all other ports by default.
Beyond serving static content, web servers often host dynamic applications written in PHP, Python (e.g., Django, Flask), or Node.js. Ansible can automate these deployments as well.
For example, to deploy a Flask app:
- name: Install Python and dependencies
apt:
name:
- python3
- python3-pip
state: present
- name: Install Flask
pip:
name: flask
- name: Copy Flask app
copy:
src: files/app.py
dest: /home/deployer/app.py
- name: Run Flask app with systemd
template:
src: templates/flask.service.j2
dest: /etc/systemd/system/flask.service
notify: Restart Flask
With this configuration, Ansible automates the installation of all required components, copies the application, and sets it up as a system service.
One of Ansible’s most powerful features is idempotency. This means that applying the same playbook multiple times will not cause unintended changes. Tasks only run when needed, which prevents service disruption.
For better control, handlers can be used to perform actions only when notified. For instance, restarting a service only if a configuration file changes:
handlers:
- name: Restart Nginx
service:
name: nginx
state: restarted
This approach ensures minimal downtime and more efficient deployment cycles.
Managing Ansible playbooks through version control systems like Git is a best practice. It enables collaboration, history tracking, and CI/CD integration. For teams, it is also advisable to use test environments before deploying changes to production.
Testing can be done using tools like Molecule, which simulates deployments with containers to validate roles and playbooks.
As projects grow, web servers may need to scale. With Ansible, you can extend your inventory to include multiple hosts and use groups to differentiate environments (e.g., staging, production).
Inventory example:
[staging]
staging-vps-ip
[production]
prod-vps-ip1
prod-vps-ip2
Playbooks can then be executed on selected groups:
ansible-playbook -i hosts.ini site.yml --limit production
This flexibility makes Ansible a robust tool for infrastructure as code, suitable for both simple and complex environments.
Ansible streamlines the process of configuring a web server on a VPS, enabling reproducible and secure deployments. Its declarative syntax, idempotent behavior, and scalability make it a favorite in DevOps toolkits. Whether you're launching a personal website or managing enterprise-grade applications, Ansible is the clear choice for automating server setup, reducing manual effort and minimizing errors.
Integrating Ansible into your VPS web hosting workflow saves time and aligns with modern infrastructure management practices. As your projects grow, the benefits of automation compound, making Ansible not just a convenience, but a necessity.
MySQL is a popular open-source relational database management system used by many businesses and organizations. One of the common tasks in MySQL administration ...
At the first login to the server with the newly installed Linux OS, any of its distributions - it is necessary to start setting up your new server, but since th...
In case you periodically need to do automatic synchronization of files and folders, including on remote servers, the most indispensable tool for this is rsync. ...
Learn how IP addresses work: IPv4 vs IPv6, public and private IPs, DNS resolution, routing, security basics, and how IPs are used in real server and cloud infra...
Accelerating WordPress at the Nginx level: correct PHP-FPM settings, try_files, static files, caching, Brotli, wp-login protection, and secure headers for stabl...
Effective backup strategies for Docker applications: how to protect volumes, data, and configurations while avoiding common mistakes, and quickly restore servic...
