Best Practices with Ansible: Nginx Deployment on Ubuntu

Ansible remains one of the most popular tools for automating server configuration. In 2025, using Ansible with clear structure and real use cases like Nginx deployment helps you keep your setup repeatable and error-free. This post shares tested Ansible best practices with real-life examples on Ubuntu 24.04.

Ansible best practices 2025

Use Clear Ansible Inventory Structure

Keep your inventory files organized. Use a directory with group files instead of a single flat file.

# inventory/hosts.ini
[webservers]
vpspreprod ansible_host=192.168.1.100 ansible_user=deploy

Split variables into group and host level when needed:

# inventory/group_vars/webservers.yml
nginx_port: 80

Keep Playbooks Simple and Modular

Avoid putting everything in one file. Use roles to split logic into tasks, handlers, templates, and vars.

# playbooks/nginx.yml
- name: Deploy Nginx on Ubuntu 24.04
  hosts: webservers
  become: true
  roles:
    - nginx

Example: Deploy Nginx Role

# roles/nginx/tasks/main.yml
- name: Install Nginx
  apt:
    name: nginx
    state: present
    update_cache: true

- name: Start and enable Nginx
  service:
    name: nginx
    state: started
    enabled: true

Use a template for the Nginx config (this is a simple nginx config):

# roles/nginx/templates/nginx.conf
server {
    listen {{ nginx_port }};
    location / {
        return 200 'Nginx is running';
    }
}

Then apply it with:

- name: Upload custom nginx config
  template:
    src: nginx.conf
    dest: /etc/nginx/sites-available/default
    mode: 0644
  notify: Reload nginx

Handlers respond to changes:

# roles/nginx/handlers/main.yml
- name: Reload nginx
  service:
    name: nginx
    state: reloaded

Use Ansible Vault for Secrets

Avoid putting plain passwords in your code. Encrypt sensitive files:

ansible-vault encrypt secrets.yml

Then include them:

- name: Include secrets
  vars_files:
    - secrets.yml

Test Your Playbooks Locally First

Use a local VM or container that matches your VPS. Test everything before touching production. Use tags to test only parts of your playbook:

ansible-playbook playbooks/nginx.yml --tags "config"

Run with --check for Dry Runs

Use the --check flag to preview changes without applying them:

ansible-playbook playbooks/nginx.yml --check

Keep Ansible Updated

Ubuntu 24.04 ships with recent versions of Python and system libraries. Use Ansible >= 9 for best compatibility.

pip install --upgrade ansible

Final Tips

  • Set up SSH keys for the target VPS
  • Avoid hardcoding IPs in playbooks
  • Document your roles and variables
  • Reuse roles across environments

Following these practices helps you stay ready for scaling and makes your work easier to share or hand over. Whether you’re deploying one VPS or many, using roles, vaults, and clean playbooks keeps things smooth.

,
K'

Hi, I’m Kaliex, a DevOps Engineer with a deep passion for GNU/Linux and open-source technology. My path in tech has been driven by a love for the freedom and flexibility that open-source brings. Over the years, I’ve focused on DevOps, where I help make software development smoother, faster, and more efficient.

You Might Also Like

CakePHP 4.0 🍓 Strawberry is out, a new Chapter for PHP dev

Why is React so popular?

Useful .zshrc aliases

Leave a Reply