peter.babic
/
ansible-role-nginx
Archived
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' into add-repo

Browse Source
pull/97/head
YohanBrun 7 years ago committed by GitHub
parent fdd4e50a15 6962e03511
commit 253f9c2725
12 changed files with 229 additions and 58 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      .travis.yml
  2. 96
      README.md
  3. 12
      defaults/main.yml
  4. 3
      meta/main.yml
  5. 5
      tasks/main.yml
  6. 5
      tasks/setup-Archlinux.yml
  7. 25
      tasks/vhosts.yml
  8. 28
      templates/nginx.conf.j2
  9. 47
      templates/vhost.j2
  10. 33
      templates/vhosts.j2
  11. 13
      tests/test.yml
  12. 9
      vars/Archlinux.yml

11
.travis.yml
Unescape View File

@ -8,6 +8,10 @@ env:
- distro: ubuntu1204
script:
# Configure test script so we can run extra tests after playbook is run.
- export container_id=$(date +%s)
- export cleanup=false
# Download test shim.
- wget -O ${PWD}/tests/test.sh https://gist.githubusercontent.com/geerlingguy/73ef1e5ee45d8694570f334be385e181/raw/
- chmod +x ${PWD}/tests/test.sh
@ -15,5 +19,12 @@ script:
# Run tests.
- ${PWD}/tests/test.sh
# Setup test site.
- 'docker exec ${container_id} mkdir -p /var/www/test'
- 'docker exec ${container_id} bash -c "echo Success >| /var/www/test/index.html"'
# Make sure virtualhost exists.
- 'docker exec --tty ${container_id} env TERM=xterm curl http://test.dev/ | grep "Success"'
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

96
README.md
Unescape View File

@ -2,9 +2,9 @@
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
Installs Nginx on RedHat/CentOS or Debian/Ubuntu Linux, FreeBSD or OpenBSD servers.
Installs Nginx on RedHat/CentOS, Debian/Ubuntu, Archlinux, FreeBSD or OpenBSD servers.
This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems) or pkgng (on FreeBSD systems) or pkg_add (on OpenBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website.
This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems), apt (on Debian-based systems), pacman (Archlinux), pkgng (on FreeBSD systems) or pkg_add (on OpenBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website.
## Requirements
@ -16,16 +16,20 @@ Available variables are listed below, along with default values (see `defaults/m
nginx_vhosts: []
A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
A list of vhost definitions (server blocks) for Nginx virtual hosts. Each entry will create a separate config file named by `server_name`. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
nginx_vhosts:
- listen: "80 default_server"
- listen: "443 ssl http2"
server_name: "example.com"
server_name_redirect: "www.example.com"
root: "/var/www/example.com"
index: "index.php index.html index.htm"
error_page: ""
access_log: ""
error_log: ""
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "example.com.conf"
extra_parameters: |
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
@ -34,18 +38,27 @@ A list of vhost definitions (server blocks) for Nginx virtual hosts. If left emp
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
An example of a fully-populated nginx_vhosts entry, using a `|` to declare a block of syntax for the `extra_parameters`.
Please take note of the indentation in the above block. The first line should be a normal 2-space indent. All other lines should be indented normally relative to that line. In the generated file, the entire block will be 4-space indented. This style will ensure the config file is indented correctly.
nginx_remove_default_vhost: false
- listen: "80"
server_name: "example.com www.example.com"
return: "301 https://example.com$request_uri"
filename: "example.com.80.conf"
Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file.
An example of a secondary vhost which will redirect to the one shown above.
*Note: The `filename` defaults to the first domain in `server_name`, if you have two vhosts with the same domain, eg. a redirect, you need to manually set the `filename` so the second one doesn't override the first one*
nginx_vhosts_filename: "vhosts.conf"
nginx_remove_default_vhost: false
The filename to use to store vhosts configuration. If you run the role multiple times (e.g. include the role with `with_items`), you can change the name for each run, effectively creating a separate vhosts file per vhost configuration.
Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file.
nginx_upstreams: []
@ -124,6 +137,73 @@ Configures Nginx's [`log_format`](http://nginx.org/en/docs/http/ngx_http_log_mod
(For RedHat/CentOS only) Set this to `false` to disable the installation of the `nginx` yum repository. This could be necessary if you want the default OS stable packages, or if you use Satellite.
## Overriding configuration templates
If you can't customize via variables because an option isn't exposed, you can override the template used to generate the virtualhost configuration files or the `nginx.conf` file.
```yaml
nginx_conf_template: "nginx.conf.j2"
nginx_vhost_template: "vhost.j2"
```
If necessary you can also set the template on a per vhost basis.
```yaml
nginx_vhosts:
- listen: "80 default_server"
server_name: "site1.example.com"
root: "/var/www/site1.example.com"
index: "index.php index.html index.htm"
template: "{{ playbook_dir }}/templates/site1.example.com.vhost.j2"
- server_name: "site2.example.com"
root: "/var/www/site2.example.com"
index: "index.php index.html index.htm"
template: "{{ playbook_dir }}/templates/site2.example.com.vhost.j2"
```
You can either copy and modify the provided template, or extend it with [Jinja2 template inheritance](http://jinja.pocoo.org/docs/2.9/templates/#template-inheritance) and override the specific template block you need to change.
### Example: Configure gzip in nginx configuration
Set the `nginx_conf_template` to point to a template file in your playbook directory.
```yaml
nginx_conf_template: "{{ playbook_dir }}/templates/nginx.conf.j2"
```
Create the child template in the path you configured above and extend `geerlingguy.nginx` template file relative to your `playbook.yml`.
```
{% extends 'roles/geerlingguy.nginx/templates/nginx.conf.j2' %}
{% block http_gzip %}
gzip on;
gzip_proxied any;
gzip_static on;
gzip_http_version 1.0;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/xml+rss
application/xhtml+xml
application/x-font-ttf
application/x-font-opentype
image/svg+xml
image/x-icon;
gzip_buffers 16 8k;
gzip_min_length 512;
{% endblock %}
```
## Dependencies
None.

12
defaults/main.yml
Unescape View File

@ -14,9 +14,12 @@ nginx_ppa_version: stable
nginx_repo_use: false
nginx_repo_version: ""
# The name of the nginx apt/yum package to install.
# The name of the nginx package to install.
nginx_package_name: "nginx"
nginx_conf_template: "nginx.conf.j2"
nginx_vhost_template: "vhost.j2"
nginx_worker_processes: "{{ ansible_processor_vcpus | default(ansible_processor_count) }}"
nginx_worker_connections: "1024"
nginx_multi_accept: "off"
@ -55,19 +58,22 @@ nginx_extra_http_options: ""
# proxy_set_header Host $http_host;
nginx_remove_default_vhost: false
nginx_vhosts_filename: "vhosts.conf"
nginx_vhosts: []
# Example vhost below, showing all available options:
# - listen: "80 default_server" # default: "80 default_server"
# - listen: "80" # default: "80"
# server_name: "example.com" # default: N/A
# root: "/var/www/example.com" # default: N/A
# index: "index.html index.htm" # default: "index.html index.htm"
# filename: "example.com.conf" # Can be used to set the filename of the vhost file.
#
# # Properties that are only added if defined:
# server_name_redirect: "www.example.com" # default: N/A
# error_page: ""
# access_log: ""
# error_log: ""
# extra_parameters: "" # Can be used to add extra config blocks (multiline).
# template: "" # Can be used to override the `nginx_vhost_template` per host.
# state: "absent" # To remove the vhost configuration.
nginx_upstreams: []
# - name: myapp1

3
meta/main.yml
Unescape View File

@ -18,6 +18,9 @@ galaxy_info:
- name: Ubuntu
versions:
- all
- name: Archlinux
versions:
- all
- name: FreeBSD
versions:
- 10.3

5
tasks/main.yml
Unescape View File

@ -24,13 +24,16 @@
- include: setup-OpenBSD.yml
when: ansible_os_family == 'OpenBSD'
- include: setup-Archlinux.yml
when: ansible_os_family == 'Archlinux'
# Vhost configuration.
- include: vhosts.yml
# Nginx setup.
- name: Copy nginx configuration in place.
template:
src: nginx.conf.j2
src: "{{ nginx_conf_template }}"
dest: "{{ nginx_conf_file_path }}"
owner: root
group: "{{ root_group }}"

5
tasks/setup-Archlinux.yml
Unescape View File

@ -0,0 +1,5 @@
---
- name: Ensure nginx is installed.
pacman:
name: "{{ nginx_package_name }}"
state: installed

25
tasks/vhosts.yml
Unescape View File

@ -12,17 +12,28 @@
state: directory
notify: reload nginx
- name: Add managed vhost config file (if any vhosts are configured).
- name: Add managed vhost config files.
template:
src: vhosts.j2
dest: "{{ nginx_vhost_path }}/{{ nginx_vhosts_filename }}"
src: "{{ item.template|default(nginx_vhost_template) }}"
dest: "{{ nginx_vhost_path }}/{{ item.filename|default(item.server_name.split(' ')[0] ~ '.conf') }}"
force: yes
owner: root
group: root
mode: 0644
when: nginx_vhosts|length > 0
when: item.state|default('present') != 'absent'
with_items: "{{ nginx_vhosts }}"
notify: reload nginx
- name: Remove managed vhost config file (if no vhosts are configured).
- name: Remove managed vhost config files.
file:
path: "{{ nginx_vhost_path }}/{{ nginx_vhosts_filename }}"
path: "{{ nginx_vhost_path }}/{{ item.filename|default(item.server_name.split(' ')[0] ~ '.conf') }}"
state: absent
when: item.state|default('present') == 'absent'
with_items: "{{ nginx_vhosts }}"
notify: reload nginx
- name: Remove legacy vhosts.conf file.
file:
path: "{{ nginx_vhost_path }}/vhosts.conf"
state: absent
when: nginx_vhosts|length == 0
notify: reload nginx

28
templates/nginx.conf.j2
Unescape View File

@ -3,18 +3,25 @@ user {{ nginx_user }};
error_log {{ nginx_error_log }};
pid {{ nginx_pidfile }};
{% block worker %}
worker_processes {{ nginx_worker_processes }};
{% endblock %}
{% if nginx_extra_conf_options %}
{{ nginx_extra_conf_options }}
{% endif %}
{% block events %}
events {
worker_connections {{ nginx_worker_connections }};
multi_accept {{ nginx_multi_accept }};
}
{% if nginx_extra_conf_options %}
{{ nginx_extra_conf_options }}
{% endif %}
{% endblock %}
http {
{% block http_begin %}{% endblock %}
{% block http_basic %}
include {{ nginx_mime_file_path }};
default_type application/octet-stream;
@ -34,16 +41,20 @@ http {
keepalive_requests {{ nginx_keepalive_requests }};
server_tokens {{ nginx_server_tokens }};
#gzip on;
{% if nginx_proxy_cache_path %}
proxy_cache_path {{ nginx_proxy_cache_path }};
{% endif %}
{% endblock %}
{% block http_gzip %}
# gzip on;
{% endblock %}
{% if nginx_extra_http_options %}
{{ nginx_extra_http_options|indent(4, False) }}
{% endif %}
{% block http_upstream %}
{% for upstream in nginx_upstreams %}
upstream {{ upstream.name }} {
{% if upstream.strategy is defined %}
@ -57,9 +68,14 @@ http {
{% endif %}
}
{% endfor %}
{% endblock %}
{% block http_includes %}
include {{ nginx_conf_path }}/*.conf;
{% if nginx_conf_path != nginx_vhost_path %}
include {{ nginx_vhost_path }}/*;
{% endif %}
{% endblock %}
{% block http_end %}{% endblock %}
}

47
templates/vhost.j2
Unescape View File

@ -0,0 +1,47 @@
{% block server_redirect %}
{% if item.server_name_redirect is defined %}
server {
listen {{ item.listen | default('80') }};
server_name {{ item.server_name_redirect }};
return 301 $scheme://{{ item.server_name.split(' ')[0] }}$request_uri;
}
{% endif %}
{% endblock %}
server {
{% block server_begin %}{% endblock %}
{% block server_basic -%}
listen {{ item.listen | default('80') }};
{% if item.server_name is defined %}
server_name {{ item.server_name }};
{% endif %}
{% if item.root is defined %}
root {{ item.root }};
{% endif %}
index {{ item.index | default('index.html index.htm') }};
{% if item.error_page is defined %}
error_page {{ item.error_page }};
{% endif %}
{% if item.access_log is defined %}
access_log {{ item.access_log }};
{% endif %}
{% if item.error_log is defined %}
error_log {{ item.error_log }} error;
{% endif %}
{% if item.return is defined %}
return {{ item.return }};
{% endif %}
{% endblock %}
{% block server_end %}{% endblock %}
{% if item.extra_parameters is defined %}
{{ item.extra_parameters|indent(4) }}
{% endif %}
}

33
templates/vhosts.j2
Unescape View File

@ -1,33 +0,0 @@
{% for vhost in nginx_vhosts %}
server {
listen {{ vhost.listen | default('80 default_server') }};
{% if vhost.server_name is defined %}
server_name {{ vhost.server_name }};
{% endif %}
{% if vhost.root is defined %}
root {{ vhost.root }};
{% endif %}
index {{ vhost.index | default('index.html index.htm') }};
{% if vhost.error_page is defined %}
error_page {{ vhost.error_page }};
{% endif %}
{% if vhost.access_log is defined %}
access_log {{ vhost.access_log }};
{% endif %}
{% if vhost.error_log is defined %}
error_log {{ vhost.error_log }} error;
{% endif %}
{% if vhost.return is defined %}
return {{ vhost.return }};
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters|indent(4) }}
{% endif %}
}
{% endfor %}

13
tests/test.yml
Unescape View File

@ -3,6 +3,19 @@
vars:
nginx_use_ppa: true
nginx_remove_default_vhost: true
nginx_vhosts:
- server_name: "test.dev"
root: "/var/www/test"
pre_tasks:
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian'
changed_when: false
- name: Install dependencies.
package: name=curl state=present
roles:
- role_under_test

9
vars/Archlinux.yml
Unescape View File

@ -0,0 +1,9 @@
---
root_group: root
nginx_conf_path: /etc/nginx/conf.d
nginx_conf_file_path: /etc/nginx/nginx.conf
nginx_mime_file_path: /etc/nginx/mime.types
nginx_pidfile: /run/nginx.pid
nginx_vhost_path: /etc/nginx/sites-enabled
nginx_default_vhost_path: /etc/nginx/sites-enabled/default
__nginx_user: "http"