Merge 534785f752 into b7c27f41f7

8 years ago · 16c51afb7f
parent b7c27f41f7 534785f752
commit 16c51afb7f
19 changed files with 29 additions and 2 deletions
--- a/README.md
+++ b/README.md
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -9,7 +9,7 @@ nginx_ppa_version: stable
 # The name of the nginx apt/yum package to install.
 nginx_package_name: "nginx"

-nginx_worker_processes: "1"
+nginx_worker_processes: "auto"
 nginx_worker_connections: "1024"
 nginx_multi_accept: "off"

--- a/handlers/main.yml
+++ b/handlers/main.yml
--- a/meta/main.yml
+++ b/meta/main.yml
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -35,5 +35,15 @@
  notify:
    - reload nginx

+- name: Copy headers config file in place.
+  template:
+    src: headers.conf.j2
+    dest: "{{ nginx_conf_path }}"
+    owner: root
+    group: "{{ root_group }}"
+    mode: 0644
+  notify:
+    - reload nginx
+
 - name: Ensure nginx is started and enabled to start at boot.
  service: name=nginx state=started enabled=yes
--- a/tasks/setup-Debian.yml
+++ b/tasks/setup-Debian.yml
--- a/tasks/setup-FreeBSD.yml
+++ b/tasks/setup-FreeBSD.yml
--- a/tasks/setup-RedHat.yml
+++ b/tasks/setup-RedHat.yml
--- a/tasks/setup-Ubuntu.yml
+++ b/tasks/setup-Ubuntu.yml
--- a/tasks/vhosts.yml
+++ b/tasks/vhosts.yml
@ -1,4 +1,8 @@
 ---
+- name: Creates Nginx conf directories
+  file: path={{ nginx_vhost_path }} state=directory mode=0755 recurse=yes
+  when: nginx_vhosts|length > 0
+
 - name: Remove default nginx vhost config file (if configured).
  file:
    path: "{{ nginx_default_vhost_path }}"
@ -16,6 +20,12 @@
  notify:
    - reload nginx

+- name: Creates Nginx vhost directory
+  file: path=/var/www/html/{{ server_hostname }} state=directory owner={{ php_fpm_pool_user }} group={{ php_fpm_pool_group }} mode=0755 recurse=yes
+  when: nginx_vhosts|length > 0
+  notify:
+    - reload nginx
+
 - name: Remove managed vhost config file (if no vhosts are configured).
  file:
    path: "{{ nginx_vhost_path }}/{{ nginx_vhosts_filename }}"
--- a/templates/headers.conf.j2
+++ b/templates/headers.conf.j2
@ -0,0 +1,7 @@
+{% if nginx_bigpipe_enable %}
+  add_header X-Accel-Buffering: no;
+{% endif %}
+add_header X-Frame-Options SAMEORIGIN;
+add_header X-Content-Type-Options nosniff;
+add_header X-XSS-Protection "1; mode=block";
+add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@ -35,7 +35,7 @@ http {
    keepalive_timeout  {{ nginx_keepalive_timeout }};
    keepalive_requests {{ nginx_keepalive_requests }};

-    #gzip  on;
+    gzip  on;

 {% if nginx_proxy_cache_path %}
    proxy_cache_path {{ nginx_proxy_cache_path }};
--- a/templates/nginx.repo.j2
+++ b/templates/nginx.repo.j2
--- a/templates/vhosts.j2
+++ b/templates/vhosts.j2
--- a/tests/inventory
+++ b/tests/inventory
--- a/tests/test.yml
+++ b/tests/test.yml
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
--- a/vars/FreeBSD.yml
+++ b/vars/FreeBSD.yml
--- a/vars/RedHat.yml
+++ b/vars/RedHat.yml