peter.babic
/
ansible-role-nginx
Archived
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge commit 'ce97ab707448f9dc38c28faacaa89656dfc4251d' as 'roles/ansible-role-nginx'

Browse Source
pull/63/head
Ivan Grynenko 8 years ago
parent 91a115b78f 91b647d532
commit 77a83a697a
59 changed files with 513 additions and 1335 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      .gitignore
  2. 39
      .travis.yml
  3. 5
      LICENSE.md
  4. 136
      README.md
  5. 68
      defaults/main.yml
  6. 335
      group_vars/all.yml
  7. 10
      handlers/main.yml
  8. 2
      hosts
  9. 23
      meta/main.yml
  10. 54
      roles/ansible-role-apache/.travis.yml
  11. 124
      roles/ansible-role-apache/README.md
  12. 44
      roles/ansible-role-apache/defaults/main.yml
  13. 5
      roles/ansible-role-apache/handlers/main.yml
  14. 54
      roles/ansible-role-apache/tasks/configure-Debian.yml
  15. 24
      roles/ansible-role-apache/tasks/configure-RedHat.yml
  16. 19
      roles/ansible-role-apache/tasks/configure-Solaris.yml
  17. 24
      roles/ansible-role-apache/tasks/configure-Suse.yml
  18. 58
      roles/ansible-role-apache/tasks/main.yml
  19. 7
      roles/ansible-role-apache/tasks/setup-Debian.yml
  20. 7
      roles/ansible-role-apache/tasks/setup-RedHat.yml
  21. 6
      roles/ansible-role-apache/tasks/setup-Solaris.yml
  22. 6
      roles/ansible-role-apache/tasks/setup-Suse.yml
  23. 82
      roles/ansible-role-apache/templates/vhosts.conf.j2
  24. 15
      roles/ansible-role-apache/tests/Dockerfile.centos-6
  25. 27
      roles/ansible-role-apache/tests/Dockerfile.centos-7
  26. 11
      roles/ansible-role-apache/tests/Dockerfile.ubuntu-12.04
  27. 11
      roles/ansible-role-apache/tests/Dockerfile.ubuntu-14.04
  28. 13
      roles/ansible-role-apache/tests/test.yml
  29. 14
      roles/ansible-role-apache/vars/Debian.yml
  30. 20
      roles/ansible-role-apache/vars/RedHat.yml
  31. 19
      roles/ansible-role-apache/vars/Solaris.yml
  32. 18
      roles/ansible-role-apache/vars/Suse.yml
  33. 12
      roles/ansible-role-apache/vars/apache-22.yml
  34. 8
      roles/ansible-role-apache/vars/apache-24.yml
  35. 29
      roles/common/files/RPM-GPG-KEY-EPEL-7
  36. 28
      roles/common/files/RPM-GPG-KEY-NGINX
  37. 8
      roles/common/files/epel.repo
  38. 7
      roles/common/files/nginx.repo
  39. 12
      roles/common/tasks/main.yml
  40. 19
      roles/common/tasks/setup-RedHat.yml
  41. 60
      roles/wordpress/tasks/main.yml
  42. 90
      roles/wordpress/templates/wp-config.php
  43. 1
      site.retry
  44. 19
      site.yml
  45. 49
      tasks/main.yml
  46. 9
      tasks/setup-Debian.yml
  47. 13
      tasks/setup-FreeBSD.yml
  48. 14
      tasks/setup-RedHat.yml
  49. 14
      tasks/setup-Ubuntu.yml
  50. 32
      tasks/vhosts.yml
  51. 7
      templates/headers.conf.j2
  52. 63
      templates/nginx.conf.j2
  53. 5
      templates/nginx.repo.j2
  54. 33
      templates/vhosts.j2
  55. 1
      tests/inventory
  56. 6
      tests/test.yml
  57. 9
      vars/Debian.yml
  58. 9
      vars/FreeBSD.yml
  59. 9
      vars/RedHat.yml

2
.gitignore vendored
Unescape View File

@ -1,2 +0,0 @@
wordpress-nginx/hosts
.DS_Store

39
.travis.yml
Unescape View File

@ -0,0 +1,39 @@
---
sudo: required
language: python
python: "2.7"
env:
- SITE=test.yml
before_install:
- sudo apt-get update -qq
- sudo apt-get install -y curl
install:
# Install Ansible.
- pip install ansible
# Add ansible.cfg to pick up roles path.
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
script:
# Check the role/playbook's syntax.
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check"
# Run the role/playbook with ansible-playbook.
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo"
# Run the role/playbook again, checking to make sure it's idempotent.
- >
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# TODO - get the test working. Probably need to add a virtual host.
# Request a page via Nginx, to make sure Nginx is running and responds.
# - "curl http://localhost/"
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

5
LICENSE.md
Unescape View File

@ -1,5 +0,0 @@
Modified by David Beck (techiscool@gmail.com) 2015
Copyright (C) 2015 Eugene Varnavsky (varnavruz@gmail.com)
This work is licensed under the Creative Commons Attribution 3.0 Unported License.
To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US.

136
README.md
Unescape View File

@ -1,34 +1,122 @@
## WordPress+Nginx+PHP-FPM+MariaDB Deployment
# Ansible Role: Nginx
- Requires Ansible 1.2 or newer
- Expects CentOS/RHEL 7.x host/s
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
RHEL7 version reflects changes in Red Hat Enterprise Linux and CentOS 7:
1. Network device naming scheme has changed
2. iptables is replaced with firewalld
3. MySQL is replaced with MariaDB
Installs Nginx on RedHat/CentOS or Debian/Ubuntu Linux, or FreeBSD servers.
These playbooks deploy a simple all-in-one configuration of the popular
WordPress blogging platform and CMS, frontend by the Nginx web server and the
PHP-FPM process manager. To use, copy the `hosts.example` file to `hosts` and
edit the `hosts` inventory file to include the names or URLs of the servers
you want to deploy.
This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems) or pkgng (on FreeBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website.
Then run the playbook, like this:
## Requirements
ansible-playbook -i hosts site.yml
None.
The playbooks will configure MariaDB, WordPress, Nginx, and PHP-FPM. When the run
is complete, you can hit access server to begin the WordPress configuration.
## Role Variables
### Ideas for Improvement
Available variables are listed below, along with default values (see `defaults/main.yml`):
Here are some ideas for ways that these playbooks could be extended:
nginx_vhosts: []
- Parameterize the WordPress deployment to handle multi-site configurations.
- Separate the components (PHP-FPM, MySQL, Nginx) onto separate hosts and
handle the configuration appropriately.
- Handle WordPress upgrades automatically.
A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
We would love to see contributions and improvements, so please fork this
repository on GitHub and send us your changes via pull requests.
nginx_vhosts:
- listen: "80 default_server"
server_name: "example.com"
root: "/var/www/example.com"
index: "index.php index.html index.htm"
error_page: ""
access_log: ""
error_log: ""
extra_parameters: |
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
An example of a fully-populated nginx_vhosts entry, using a `|` to declare a block of syntax for the `extra_parameters`.
nginx_remove_default_vhost: false
Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file.
nginx_upstreams: []
If you are configuring Nginx as a load balancer, you can define one or more upstream sets using this variable. In addition to defining at least one upstream, you would need to configure one of your server blocks to proxy requests through the defined upstream (e.g. `proxy_pass http://myapp1;`). See the commented example in `defaults/main.yml` for more information.
nginx_user: "nginx"
The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian.
nginx_worker_processes: "1"
nginx_worker_connections: "1024"
nginx_multi_accept: "off"
`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). You can set `nginx_multi_accept` to `on` if you want Nginx to accept all connections immediately.
nginx_error_log: "/var/log/nginx/error.log warn"
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
Configuration of the default error and access logs. Set to `off` to disable a log entirely.
nginx_sendfile: "on"
nginx_tcp_nopush: "on"
nginx_tcp_nodelay: "on"
TCP connection options. See [this blog post](https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html) for more information on these directives.
nginx_keepalive_timeout: "65"
nginx_keepalive_requests: "100"
Nginx keepalive settings. Timeout should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests.
nginx_client_max_body_size: "64m"
This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low.
nginx_server_names_hash_bucket_size: "64"
If you have many server names, or have very long server names, you might get an Nginx error on startup requiring this value to be increased.
nginx_proxy_cache_path: ""
Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations).
nginx_extra_http_options: ""
Extra lines to be inserted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), for example:
nginx_extra_http_options: |
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
nginx_default_release: ""
(For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx.
nginx_ppa_use: false
nginx_ppa_version: stable
(For Ubuntu only) Allows you to use the official Nginx PPA instead of the system's package. You can set the version to `stable` or `development`.
## Dependencies
None.
## Example Playbook
- hosts: server
roles:
- { role: geerlingguy.nginx }
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

68
defaults/main.yml
Unescape View File

@ -0,0 +1,68 @@
---
# Used only for Debian/Ubuntu installation, as the -t option for apt.
nginx_default_release: ""
# Use the official Nginx PPA for Ubuntu, and the version to use if so.
nginx_ppa_use: false
nginx_ppa_version: stable
# The name of the nginx apt/yum package to install.
nginx_package_name: "nginx"
nginx_worker_processes: "auto"
nginx_worker_connections: "1024"
nginx_multi_accept: "off"
nginx_error_log: "/var/log/nginx/error.log warn"
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
nginx_sendfile: "on"
nginx_tcp_nopush: "on"
nginx_tcp_nodelay: "on"
nginx_keepalive_timeout: "65"
nginx_keepalive_requests: "100"
nginx_client_max_body_size: "64m"
nginx_server_names_hash_bucket_size: "64"
nginx_proxy_cache_path: ""
nginx_extra_conf_options: ""
# Example extra main options, used within the main nginx's context:
# nginx_extra_conf_options: |
# env VARIABLE;
# include /etc/nginx/main.d/*.conf;
nginx_extra_http_options: ""
# Example extra http options, printed inside the main server http config:
# nginx_extra_http_options: |
# proxy_buffering off;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Scheme $scheme;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
nginx_remove_default_vhost: false
nginx_vhosts: []
# Example vhost below, showing all available options:
# - listen: "80 default_server" # default: "80 default_server"
# server_name: "example.com" # default: N/A
# root: "/var/www/example.com" # default: N/A
# index: "index.html index.htm" # default: "index.html index.htm"
#
# # Properties that are only added if defined:
# error_page: ""
# access_log: ""
# error_log: ""
# extra_parameters: "" # Can be used to add extra config blocks (multiline).
nginx_upstreams: []
# - name: myapp1
# strategy: "ip_hash" # "least_conn", etc.
# servers: {
# "srv1.example.com",
# "srv2.example.com weight=3",
# "srv3.example.com"
# }

335
group_vars/all.yml
Unescape View File

@ -1,335 +0,0 @@
---
# Variables listed here are applicable to all host groups
server_hostname: web01.redyhost.com
mysql_root_password: Ff!2KDSUOs10[tXR*M</_#mgvlJCkz5W
mysql_databases:
- name: drupal8db
encoding: utf8
collation: utf8_general_ci
mysql_users:
- name: drupal8user
host: "127.0.0.1"
password: "dcSEMWpH]O2P"
priv: "drupal8db.*:ALL"
- name: drupal8user
host: "localshot"
password: "dcSEMWpH]O2P"
priv: "drupal8db.*:ALL"
php_date_timezone: "Australia/Melbourne"
# Default user password for vmuser
default_user_username: "vmuser"
default_user_password: #uVOInGP&p<jfd}bkelLMEH!ZNRg$xiz
# Whether to enable BigPipe. Put Yes to enable.
nginx_bigpipe_enable: ""
# DO NOT MODIFY BELOW THIS LINE.
ansible_ssh_private_key_file: /home/redyhost/.ssh/id_rsa_provisioning
wp_version: 4.3
wp_sha256sum: 3b0db3abe8504f15a33cf64188a493ec0de01eaa8d20e37c3d6a1d9fa0a40fb4
# These are the WordPress database settings
wp_db_name: wordpress
wp_db_user: wordpress
wp_db_password: secret
# MySQL settings
mysql_root_password_update: yes
mysql_bind_address: '127.0.0.1'
mysql_slow_query_log_enabled: yes
mysql_slow_query_log_file: /var/log/mysql-slow.log
mysql_pid_file: /var/lib/mysql/mysql.pid
mysql_slow_query_time: 2
mysql_max_allowed_packet: "256M"
mysql_innodb_buffer_pool_size: "1G"
mysql_innodb_log_buffer_size: "1G"
mysql_innodb_log_file_size: "1G"
mysql_innodb_flush_log_at_trx_commit: "2"
mysql_innodb_file_per_table: 1
mysql_innodb_log_buffer_size: "16M"
# This is used for the nginx server configuration, but access to the
# WordPress site is not restricted by a named host.
nginx_port: 80
server_hostname: server.example.com
# Listing Vhost domains, required to create docroot directories.
vhost_domains:
first:
name: '{{ server_hostname }}'
second:
name: '2-{{ server_hostname }}'
# Apache configuration behind Nginx reverse proxy.
apache_listen_ip: "127.0.0.1"
apache_listen_port: 82
apache_listen_port_ssl: 2443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_remove_default_vhost: false
apache_state: started
apache_vhosts_version: "2.4"
apache_enable_event_mpm: true
apache_packages:
- mod_ssl
- mod_security
apache_mods_disabled:
- php
- php7
apache_vhosts_ssl: []
apache_vhosts:
- servername: "www.{{ server_hostname }}"
serveralias: "{{ server_hostname }}"
documentroot: "/var/www/html/{{ server_hostname }}"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
ErrorLog "/var/log/httpd/{{ server_hostname }}_error.log"
ServerSignature Off
ProxyTimeout 600
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/html/{{ server_hostname }}/$1"
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedlog
CustomLog "/var/log/httpd/{{ server_hostname }}_access.log" combinedlog
<Proxy fcgi://localhost:9000>
ProxySet timeout=600
</Proxy>
- servername: "www.2{{ server_hostname }}"
serveralias: "2{{ server_hostname }}"
documentroot: "/var/www/html/2{{ server_hostname }}"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
ErrorLog "/var/log/httpd/2{{ server_hostname }}_error.log"
ServerSignature Off
ProxyTimeout 600
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/html/2{{ server_hostname }}/$1"
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedlog
CustomLog "/var/log/httpd/2{{ server_hostname }}_access.log" combinedlog
<Proxy fcgi://localhost:9000>
ProxySet timeout=600
</Proxy>
# Disable All Updates
# By default automatic updates are enabled, set this value to true to disable all automatic updates
auto_up_disable: false
#Define Core Update Level
# true = Development, minor, and major updates are all enabled
# false = Development, minor, and major updates are all disabled
# minor = Minor updates are enabled, development, and major updates are disabled
core_update_level: true
# Defines PHP values
php_enablerepo: "remi-php70"
# PHP-FPM configuration.
php_enable_php_fpm: true
php_fpm_pool_user: vmuser
php_fpm_pool_group: www-php
php_apc_shm_size: "128M"
php_post_max_size: "256M"
php_upload_max_filesize: "1024M"
php_max_input_vars: "4000"
# Interaction with which web server
php_webserver_daemon: "httpd"
php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE & ~E_WARNING"
php_packages:
- php
- php-cli
- php-common
- php-devel
- php-fpm
- php-gd
- php-imap
- php-ldap
- php-mbstring
- php-mcrypt
- php-memcached
- php-mysql
- php-opcache
- php-pdo
- php-pear
- php-pecl-apcu
- php-xml
- php-twig
- php-xmlrpc
- php-pecl-uploadprogress
# Drush
drush_keep_updated: yes
drush_force_update: yes
# Nginx vhosts configuration
nginx_vhosts:
- listen: "{{ nginx_port }}"
server_name: "{{ server_hostname }} www.{{ server_hostname }}"
root: "/var/www/html/{{ server_hostname }}"
open_file_cache: "max=2000 inactive=120s"
open_file_cache_valid: "240s"
open_file_cache_min_uses: "5"
open_file_cache_errors: "off"
client_max_body_size: "5m"
client_body_timeout: "60"
index: "index.php index.html index.htm"
error_page: "403 =404"
access_log: "/var/log/nginx/{{ server_hostname }}_access.log"
error_log: "/var/log/nginx/{{ server_hostname }}_error.log"
extra_parameters: |
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^/sites/default/files/ {
try_files $uri @rewrite;
}
location ~ \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css|svg)(\?[a-zA-Z0-9\.\-_,])?$ {
expires max;
log_not_found off;
add_header Cache-Control "public";
add_header X-Cache $upstream_cache_status;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Cache $upstream_cache_status;
add_header X-Loaded "/";
add_header X-Your-IP $remote_addr;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
add_header X-Cache $upstream_cache_status;
add_header X-Loaded "php";
add_header X-Your-IP $remote_addr;
}
location = /backup {
deny all;
}
location ~* \.(txt|log)$ {
allow 127.0.0.1;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location ~ ~$ {
access_log off;
log_not_found off;
deny all;
}
location ~ /\.ht {
deny all;
}
location @rewrite {
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1 last;
}
- listen: "{{ nginx_port }}"
server_name: "2{{ server_hostname }} www.2{{ server_hostname }}"
root: "/var/www/html/2{{ server_hostname }}"
open_file_cache: "max=2000 inactive=120s"
open_file_cache_valid: "240s"
open_file_cache_min_uses: "5"
open_file_cache_errors: "off"
client_max_body_size: "5m"
client_body_timeout: "60"
index: "index.php index.html index.htm"
error_page: "403 =404"
access_log: "/var/log/nginx/2{{ server_hostname }}_access.log"
error_log: "/var/log/nginx/2{{ server_hostname }}_error.log"
extra_parameters: |
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^/sites/default/files/ {
try_files $uri @rewrite;
}
location ~ \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css|svg)(\?[a-zA-Z0-9\.\-_,])?$ {
expires max;
log_not_found off;
add_header Cache-Control "public";
add_header X-Cache $upstream_cache_status;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
add_header X-Cache $upstream_cache_status;
add_header X-Loaded "/";
add_header X-Your-IP $remote_addr;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ apache_listen_port }};
add_header X-Cache $upstream_cache_status;
add_header X-Loaded "php";
add_header X-Your-IP $remote_addr;
}
location = /backup {
deny all;
}
location ~* \.(txt|log)$ {
allow 127.0.0.1;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
location ~ ~$ {
access_log off;
log_not_found off;
deny all;
}
location ~ /\.ht {
deny all;
}
location @rewrite {
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
rewrite ^/(.*)$ /index.php?q=$1 last;
}

10
handlers/main.yml
Unescape View File

@ -0,0 +1,10 @@
---
- name: restart nginx
service: name=nginx state=restarted
- name: validate nginx configuration
command: nginx -t -c /etc/nginx/nginx.conf
changed_when: False
- name: reload nginx
service: name=nginx state=reloaded

2
hosts
Unescape View File

@ -1,2 +0,0 @@
[lemp-server]
122.129.219.67:221

23
roles/ansible-role-apache/meta/main.yml → meta/main.yml
Unescape View File

@ -3,29 +3,28 @@ dependencies: []
galaxy_info:
author: geerlingguy
description: Apache 2.x for RedHat/CentOS/Debian/Ubuntu/Solaris/Suse.
description: Nginx installation for Linux and FreeBSD.
company: "Midwestern Mac, LLC"
license: "license (BSD, MIT)"
min_ansible_version: 1.9
min_ansible_version: 1.8
platforms:
- name: EL
versions:
- all
- 6
- 7
- name: Debian
versions:
- all
- name: Ubuntu
versions:
- precise
- raring
- saucy
- trusty
- xenial
- name: Suse
versions:
- all
- name: Solaris
- name: FreeBSD
versions:
- 11.3
- 10.3
- 10.2
- 10.1
- 10.0
- 9.3
galaxy_tags:
- development
- web

54
roles/ansible-role-apache/.travis.yml
Unescape View File

@ -1,54 +0,0 @@
---
sudo: required
env:
- distribution: centos
version: 6
init: /sbin/init
run_opts: ""
- distribution: centos
version: 7
init: /usr/lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- distribution: ubuntu
version: 14.04
init: /sbin/init
run_opts: ""
- distribution: ubuntu
version: 12.04
init: /sbin/init
run_opts: ""
services:
- docker
before_install:
# - sudo apt-get update
# Pull container
- 'sudo docker pull ${distribution}:${version}'
# Customize container
- 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests'
script:
- container_id=$(mktemp)
# Run container in detached state
- 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"'
# Ansible syntax check.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check'
# Test role.
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml'
# Test role idempotence.
- >
sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
# Clean up
- 'sudo docker stop "$(cat ${container_id})"'
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

124
roles/ansible-role-apache/README.md
Unescape View File

@ -1,124 +0,0 @@
# Ansible Role: Apache 2.x
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache)
An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris.
## Requirements
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`.
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info.
## Role Variables
Available variables are listed below, along with default values (see `defaults/main.yml`):
apache_enablerepo: ""
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role).
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults.
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role.
apache_remove_default_vhost: false
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file.
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
# Add other global settings on subsequent lines.
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration.
apache_vhosts:
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here).
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site:
- servername: "www.local.dev"
serveralias: "local.dev"
documentroot: "/var/www/html"
extra_parameters: |
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output.
apache_vhosts_ssl: []
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example:
apache_vhosts_ssl:
- {
servername: "local.dev",
documentroot: "/var/www/html",
certificate_file: "/home/vagrant/example.crt",
certificate_key_file: "/home/vagrant/example.key",
certificate_chain_file: "/path/to/certificate_chain.crt"
}
Other SSL directives can be managed with other SSL-related role variables.
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods.
apache_packages:
- [platform-specific]
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values).
apache_state: started
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run.
apache_ignore_missing_ssl_certificate: true
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates).
## Dependencies
None.
## Example Playbook
- hosts: webservers
vars_files:
- vars/main.yml
roles:
- { role: geerlingguy.apache }
*Inside `vars/main.yml`*:
apache_listen_port: 8080
apache_vhosts:
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"}
## License
MIT / BSD
## Author Information
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/).

44
roles/ansible-role-apache/defaults/main.yml
Unescape View File

@ -1,44 +0,0 @@
---
apache_enablerepo: ""
apache_listen_ip: "*"
apache_listen_port: 80
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration.
# Set this to `true` to remove that default.
apache_remove_default_vhost: false
apache_global_vhost_settings: |
DirectoryIndex index.php index.html
apache_vhosts:
# Additional properties: 'serveradmin, serveralias, extra_parameters'.
- servername: "local.dev"
documentroot: "/var/www/html"
apache_vhosts_ssl: []
# Additional properties: 'serveradmin, extra_parameters'.
# - servername: "local.dev",
# documentroot: "/var/www/html",
# certificate_file: "/path/to/certificate.crt",
# certificate_key_file: "/path/to/certificate.key",
# # Optional.
# certificate_chain_file: "/path/to/certificate_chain.crt"
apache_ignore_missing_ssl_certificate: true
apache_ssl_protocol: "All -SSLv2 -SSLv3"
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH"
# Only used on Debian/Ubuntu.
apache_mods_enabled:
- rewrite.load
- ssl.load
apache_mods_disabled: []
# Set initial apache state. Recommended values: `started` or `stopped`
apache_state: started

5
roles/ansible-role-apache/handlers/main.yml
Unescape View File

@ -1,5 +0,0 @@
---
- name: restart apache
service:
name: "{{ apache_service }}"
state: restarted

54
roles/ansible-role-apache/tasks/configure-Debian.yml
Unescape View File

@ -1,54 +0,0 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/ports.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Enable Apache mods.
file:
src: "{{ apache_server_root }}/mods-available/{{ item }}"
dest: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: link
with_items: "{{ apache_mods_enabled }}"
notify: restart apache
- name: Disable Apache mods.
file:
path: "{{ apache_server_root }}/mods-enabled/{{ item }}"
state: absent
with_items: "{{ apache_mods_disabled }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: "path={{ item.certificate_file }}"
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts
- name: Add vhost symlink in sites-enabled.
file:
src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}"
dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}"
state: link
notify: restart apache
when: apache_create_vhosts
- name: Remove default vhost in sites-enabled.
file:
path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}"
state: absent
notify: restart apache
when: apache_remove_default_vhost

24
roles/ansible-role-apache/tasks/configure-RedHat.yml
Unescape View File

@ -1,24 +0,0 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts

19
roles/ansible-role-apache/tasks/configure-Solaris.yml
Unescape View File

@ -1,19 +0,0 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts

24
roles/ansible-role-apache/tasks/configure-Suse.yml
Unescape View File

@ -1,24 +0,0 @@
---
- name: Configure Apache.
lineinfile:
dest: "{{ apache_server_root }}/listen.conf"
regexp: "{{ item.regexp }}"
line: "{{ item.line }}"
state: present
with_items: "{{ apache_ports_configuration_items }}"
notify: restart apache
- name: Check whether certificates defined in vhosts exist.
stat: path={{ item.certificate_file }}
register: apache_ssl_certificates
with_items: "{{ apache_vhosts_ssl }}"
- name: Add apache vhosts configuration.
template:
src: "vhosts.conf.j2"
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}"
owner: root
group: root
mode: 0644
notify: restart apache
when: apache_create_vhosts

58
roles/ansible-role-apache/tasks/main.yml
Unescape View File

@ -1,58 +0,0 @@
---
# Include variables and define needed variables.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Define apache_packages.
set_fact:
apache_packages: "{{ __apache_packages | list }}"
when: apache_packages is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Suse.yml
when: ansible_os_family == 'Suse'
- include: setup-Debian.yml
when: ansible_os_family == 'Debian'
- include: setup-Solaris.yml
when: ansible_os_family == 'Solaris'
# Figure out what version of Apache is installed.
- name: Get installed version of Apache.
shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v"
changed_when: false
always_run: yes
register: _apache_version
- name: Create apache_version variable.
set_fact:
apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}"
- include_vars: apache-22.yml
when: "apache_version.split('.')[1] == '2'"
- include_vars: apache-24.yml
when: "apache_version.split('.')[1] == '4'"
# Configure Apache.
- include: configure-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: configure-Suse.yml
when: ansible_os_family == 'Suse'
- include: configure-Debian.yml
when: ansible_os_family == 'Debian'
- include: configure-Solaris.yml
when: ansible_os_family == 'Solaris'
- name: Ensure Apache has selected state and enabled on boot.
service:
name: "{{ apache_service }}"
state: "{{ apache_state }}"
enabled: yes

7
roles/ansible-role-apache/tasks/setup-Debian.yml
Unescape View File

@ -1,7 +0,0 @@
---
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=86400
- name: Ensure Apache is installed on Debian.
apt: "name={{ item }} state=installed"
with_items: "{{ apache_packages }}"

7
roles/ansible-role-apache/tasks/setup-RedHat.yml
Unescape View File

@ -1,7 +0,0 @@
---
- name: Ensure Apache is installed on RHEL.
yum:
name: "{{ item }}"
state: installed
enablerepo: "{{ apache_enablerepo }}"
with_items: "{{ apache_packages }}"

6
roles/ansible-role-apache/tasks/setup-Solaris.yml
Unescape View File

@ -1,6 +0,0 @@
---
- name: Ensure Apache is installed on Solaris.
pkg5:
name: "{{ item }}"
state: installed
with_items: "{{ apache_packages }}"

6
roles/ansible-role-apache/tasks/setup-Suse.yml
Unescape View File

@ -1,6 +0,0 @@
---
- name: Ensure Apache is installed on Suse.
zypper:
name: "{{ item }}"
state: installed
with_items: "{{ apache_packages }}"

82
roles/ansible-role-apache/templates/vhosts.conf.j2
Unescape View File

@ -1,82 +0,0 @@
{{ apache_global_vhost_settings }}
{# Set up VirtualHosts #}
{% for vhost in apache_vhosts %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot {{ vhost.documentroot }}
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Options -Indexes +FollowSymLinks
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
</VirtualHost>
{% endfor %}
{# Set up SSL VirtualHosts #}
{% for vhost in apache_vhosts_ssl %}
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %}
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}>
ServerName {{ vhost.servername }}
{% if vhost.serveralias is defined %}
ServerAlias {{ vhost.serveralias }}
{% endif %}
{% if vhost.documentroot is defined %}
DocumentRoot {{ vhost.documentroot }}
{% endif %}
SSLEngine on
SSLCipherSuite {{ apache_ssl_cipher_suite }}
SSLProtocol {{ apache_ssl_protocol }}
SSLHonorCipherOrder On
{% if apache_vhosts_version == "2.4" %}
SSLCompression off
{% endif %}
SSLCertificateFile {{ vhost.certificate_file }}
SSLCertificateKeyFile {{ vhost.certificate_key_file }}
{% if vhost.certificate_chain_file is defined %}
SSLCertificateChainFile {{ vhost.certificate_chain_file }}
{% endif %}
{% if vhost.serveradmin is defined %}
ServerAdmin {{ vhost.serveradmin }}
{% endif %}
{% if vhost.documentroot is defined %}
<Directory "{{ vhost.documentroot }}">
AllowOverride All
Options -Indexes +FollowSymLinks
{% if apache_vhosts_version == "2.2" %}
Order allow,deny
Allow from all
{% else %}
Require all granted
{% endif %}
</Directory>
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
</VirtualHost>
{% endif %}
{% endfor %}

15
roles/ansible-role-apache/tests/Dockerfile.centos-6
Unescape View File

@ -1,15 +0,0 @@
FROM centos:6
# Install Ansible
RUN yum -y update; yum clean all;
RUN yum -y install epel-release
RUN yum -y install git ansible sudo
RUN yum clean all
# Disable requiretty
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
# Install Ansible inventory file
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
CMD ["/usr/sbin/init"]

27
roles/ansible-role-apache/tests/Dockerfile.centos-7
Unescape View File

@ -1,27 +0,0 @@
FROM centos:7
# Install systemd -- See https://hub.docker.com/_/centos/
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs
RUN yum -y update; yum clean all; \
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
rm -f /lib/systemd/system/multi-user.target.wants/*; \
rm -f /etc/systemd/system/*.wants/*; \
rm -f /lib/systemd/system/local-fs.target.wants/*; \
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
rm -f /lib/systemd/system/basic.target.wants/*; \
rm -f /lib/systemd/system/anaconda.target.wants/*;
# Install Ansible
RUN yum -y install epel-release
RUN yum -y install git ansible sudo
RUN yum clean all
# Disable requiretty
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers
# Install Ansible inventory file
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts
VOLUME ["/sys/fs/cgroup"]
CMD ["/usr/sbin/init"]

11
roles/ansible-role-apache/tests/Dockerfile.ubuntu-12.04
Unescape View File

@ -1,11 +0,0 @@
FROM ubuntu:12.04
RUN apt-get update
# Install Ansible
RUN apt-get install -y software-properties-common python-software-properties git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

11
roles/ansible-role-apache/tests/Dockerfile.ubuntu-14.04
Unescape View File

@ -1,11 +0,0 @@
FROM ubuntu:14.04
RUN apt-get update
# Install Ansible
RUN apt-get install -y software-properties-common git
RUN apt-add-repository -y ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible
# Install Ansible inventory file
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts

13
roles/ansible-role-apache/tests/test.yml
Unescape View File

@ -1,13 +0,0 @@
---
- hosts: all
vars:
apache_listen_port_ssl: 443
apache_create_vhosts: true
apache_vhosts_filename: "vhosts.conf"
apache_vhosts:
- servername: "example.com"
documentroot: "/var/www/vhosts/example_com"
roles:
- role_under_test

14
roles/ansible-role-apache/vars/Debian.yml
Unescape View File

@ -1,14 +0,0 @@
---
apache_service: apache2
apache_daemon: apache2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2
__apache_packages:
- apache2
- apache2-utils
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"

20
roles/ansible-role-apache/vars/RedHat.yml
Unescape View File

@ -1,20 +0,0 @@
---
apache_service: httpd
apache_daemon: httpd
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/httpd
apache_conf_path: /etc/httpd/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- httpd
- httpd-devel
- mod_ssl
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

19
roles/ansible-role-apache/vars/Solaris.yml
Unescape View File

@ -1,19 +0,0 @@
---
apache_service: apache24
apache_daemon: httpd
apache_daemon_path: /usr/apache2/2.4/bin/
apache_server_root: /etc/apache2/2.4/
apache_conf_path: /etc/apache2/2.4/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- web/server/apache-24
- web/server/apache-24/module/apache-ssl
- web/server/apache-24/module/apache-security
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

18
roles/ansible-role-apache/vars/Suse.yml
Unescape View File

@ -1,18 +0,0 @@
---
apache_service: apache2
apache_daemon: httpd2
apache_daemon_path: /usr/sbin/
apache_server_root: /etc/apache2
apache_conf_path: /etc/apache2/conf.d
apache_vhosts_version: "2.2"
__apache_packages:
- apache2
- openssh
apache_ports_configuration_items:
- regexp: "^Listen "
line: "Listen {{ apache_listen_port }}"
- regexp: "^#?NameVirtualHost "
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"

12
roles/ansible-role-apache/vars/apache-22.yml
Unescape View File

@ -1,12 +0,0 @@
---
apache_vhosts_version: "2.2"
apache_default_vhost_filename: 000-default
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}
- {
regexp: "^#?NameVirtualHost ",
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}"
}

8
roles/ansible-role-apache/vars/apache-24.yml
Unescape View File

@ -1,8 +0,0 @@
---
apache_vhosts_version: "2.4"
apache_default_vhost_filename: 000-default.conf
apache_ports_configuration_items:
- {
regexp: "^Listen ",
line: "Listen {{ apache_listen_port }}"
}

29
roles/common/files/RPM-GPG-KEY-EPEL-7
Unescape View File

@ -1,29 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm
jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP
vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM
jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5
S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ
n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB
9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95
T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj
GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf
uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB
tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB
AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk
5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q
ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu
MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re
9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax
CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv
HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB
VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q
thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc
ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4
vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw==
=hdPa
-----END PGP PUBLIC KEY BLOCK-----

28
roles/common/files/RPM-GPG-KEY-NGINX
Unescape View File

@ -1,28 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (FreeBSD)
mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH
W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I
QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE
fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt
97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5
XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg
a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoBQJOTjJiAhsDBQkJ
ZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCr9b2Ce9m/YpvjB/98uV4t
94d0oEh5XlqEZzVMrcTgPQ3BZt05N5xVuYaglv7OQtdlErMXmRWaFZEqDaMHdniC
sF63jWMd29vC4xpzIfmsLK3ce9oYo4t9o4WWqBUdf0Ff1LMz1dfLG2HDtKPfYg3C
8NESud09zuP5NohaE8Qzj/4p6rWDiRpuZ++4fnL3Dt3N6jXILwr/TM/Ma7jvaXGP
DO3kzm4dNKp5b5bn2nT2QWLPnEKxvOg5Zoej8l9+KFsUnXoWoYCkMQ2QTpZQFNwF
xwJGoAz8K3PwVPUrIL6b1lsiNovDgcgP0eDgzvwLynWKBPkRRjtgmWLoeaS9FAZV
ccXJMmANXJFuCf26iQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S
YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx
JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/
Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk
RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J
SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf
Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6
cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f
YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y
Va3l3WuB+rgKjsQ=
=A015
-----END PGP PUBLIC KEY BLOCK-----

8
roles/common/files/epel.repo
Unescape View File

@ -1,8 +0,0 @@
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

7
roles/common/files/nginx.repo
Unescape View File

@ -1,7 +0,0 @@
[nginx]
name=Nginx repo - $basearch
baseurl=http://nginx.org/packages/centos/7/$basearch
failovermethod=priority
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NGINX

12
roles/common/tasks/main.yml
Unescape View File

@ -1,12 +0,0 @@
---
# Setup/install tasks.
- include: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- hostname: name={{ server_hostname }}
- name: Creates custom users
user: name=vmuser comment=DefaultUser groups=wheel password={{ default_user_password }} shell=/bin/bash createhome=yes
- name: Creates custom PHP users
user: name=www-php comment=DefaultPHPUser shell=/sbin/nologin createhome=no

19
roles/common/tasks/setup-RedHat.yml
Unescape View File

@ -1,19 +0,0 @@
- name: Copy the NGINX repository definition
copy: src=nginx.repo dest=/etc/yum.repos.d/
- name: Copy the EPEL repository definition
copy: src=epel.repo dest=/etc/yum.repos.d/
- name: Create the GPG key for NGINX
copy: src=RPM-GPG-KEY-NGINX dest=/etc/pki/rpm-gpg
- name: Create the GPG key for EPEL
copy: src=RPM-GPG-KEY-EPEL-7 dest=/etc/pki/rpm-gpg
- name: Creates Docroot vhost directory
file: path=/var/www/html/{{ item.value.name }} state=directory owner={{ default_user_username }} group={{ php_fpm_pool_group }} mode=0755 recurse=yes
when: nginx_vhosts|length > 0
with_dict: "{{ vhost_domains }}"
notify:
- reload nginx
- reload apache

60
roles/wordpress/tasks/main.yml
Unescape View File

@ -1,60 +0,0 @@
---
- name: Download WordPress
get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz
sha256sum="{{ wp_sha256sum }}"
- name: Extract archive
command: chdir=/srv/ /bin/tar xvf wordpress-{{ wp_version }}.tar.gz creates=/srv/wordpress
- name: Add group "wordpress"
group: name=wordpress
- name: Add user "wordpress"
user: name=wordpress group=wordpress home=/srv/wordpress/
- name: Fetch random salts for WordPress config
local_action: command curl https://api.wordpress.org/secret-key/1.1/salt/
register: "wp_salt"
sudo: no
- name: Create WordPress database
mysql_db: name={{ wp_db_name }} state=present
- name: Create WordPress database user
mysql_user: name={{ wp_db_user }} password={{ wp_db_password }} priv={{ wp_db_name }}.*:ALL host='localhost' state=present
- name: Copy WordPress config file
template: src=wp-config.php dest=/srv/wordpress/
- name: Change ownership of WordPress installation
file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes
- name: install SEManage
yum: pkg=policycoreutils-python state=present
- name: set the SELinux policy for the Wordpress directory
command: semanage fcontext -a -t httpd_sys_content_t "/srv/wordpress(/.*)?"
- name: set the SELinux policy for wp-config.php
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-config\.php"
- name: set the SELinux policy for wp-content directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content(/.*)?"
- name: set the SELinux policy for the *.php files
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/.*\.php"
- name: set the SELinux policy for the Upgrade directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/upgrade(/.*)?"
- name: set the SELinux policy for the Uploads directory
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/uploads(/.*)?"
- name: set the SELinux policy for the wp-includes php files
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-includes/.*\.php"
- name: set the SELinux on all the Files
command: restorecon -Rv /srv/wordpress
- name: Start php-fpm Service
service: name=php-fpm state=started enabled=yes

90
roles/wordpress/templates/wp-config.php
Unescape View File

@ -1,90 +0,0 @@
<?php
/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information
* by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don't have to use the web site, you can just copy this file
* to "wp-config.php" and fill in the values.
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', '{{ wp_db_name }}');
/** MySQL database username */
define('DB_USER', '{{ wp_db_user }}');
/** MySQL database password */
define('DB_PASSWORD', '{{ wp_db_password }}');
/** MySQL hostname */
define('DB_HOST', 'localhost');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
/**#@+
* Authentication Unique Keys and Salts.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
{{ wp_salt.stdout }}
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress. A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German
* language support.
*/
define('WPLANG', '');
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*/
define('WP_DEBUG', false);
/** Disable Automatic Updates Completely */
define( 'AUTOMATIC_UPDATER_DISABLED', {{auto_up_disable}} );
/** Define AUTOMATIC Updates for Components. */
define( 'WP_AUTO_UPDATE_CORE', {{core_update_level}} );
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

1
site.retry
Unescape View File

@ -1 +0,0 @@
122.129.219.67

19
site.yml
Unescape View File

@ -1,19 +0,0 @@
---
- name: MariaDB, Nginx, and PHP-FPM
hosts: lemp-server
remote_user: root
# sudo: yes
roles:
- common
- ansible-role-mysql
- ansible-role-nginx
- ansible-role-memcached
- ansible-role-php
- ansible-role-apache
- ansible-role-apache-php-fpm
- ansible-role-postfix
- ansible-role-git
- ansible-role-composer
- ansible-role-drush
- ansible-role-drupal-console

49
tasks/main.yml
Unescape View File

@ -0,0 +1,49 @@
---
# Variable setup.
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- name: Define nginx_user.
set_fact:
nginx_user: "{{ __nginx_user }}"
when: nginx_user is not defined
# Setup/install tasks.
- include: setup-RedHat.yml
when: ansible_os_family == 'RedHat'
- include: setup-Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
- include: setup-Debian.yml
when: ansible_os_family == 'Debian'
- include: setup-FreeBSD.yml
when: ansible_os_family == 'FreeBSD'
# Vhost configuration.
- include: vhosts.yml
# Nginx setup.
- name: Copy nginx configuration in place.
template:
src: nginx.conf.j2
dest: "{{ nginx_conf_file_path }}"
owner: root
group: "{{ root_group }}"
mode: 0644
notify:
- reload nginx
- name: Copy headers config file in place.
template:
src: headers.conf.j2
dest: "{{ nginx_conf_path }}"
owner: root
group: "{{ root_group }}"
mode: 0644
notify:
- reload nginx
- name: Ensure nginx is started and enabled to start at boot.
service: name=nginx state=started enabled=yes

9
tasks/setup-Debian.yml
Unescape View File

@ -0,0 +1,9 @@
---
- name: Update apt cache.
apt: update_cache=yes cache_valid_time=86400
- name: Ensure nginx is installed.
apt:
name: "{{ nginx_package_name }}"
state: installed
default_release: "{{ nginx_default_release }}"

13
tasks/setup-FreeBSD.yml
Unescape View File

@ -0,0 +1,13 @@
---
- name: Update pkg cache.
shell: pkg update -f
- name: Ensure nginx is installed.
pkgng:
name: "{{ nginx_package_name }}"
state: present
- name: Create logs directory.
file:
path: /var/log/nginx
state: directory

14
tasks/setup-RedHat.yml
Unescape View File

@ -0,0 +1,14 @@
---
- name: Enable nginx repo.
template:
src: nginx.repo.j2
dest: /etc/yum.repos.d/nginx.repo
owner: root
group: root
mode: 0644
- name: Ensure nginx is installed.
yum:
name: "{{ nginx_package_name }}"
state: installed
enablerepo: nginx

14
tasks/setup-Ubuntu.yml
Unescape View File

@ -0,0 +1,14 @@
---
- name: Add PPA for Nginx.
apt_repository:
repo: 'ppa:nginx/{{ nginx_ppa_version }}'
state: present
update_cache: yes
register: nginx_ppa_added
when: nginx_ppa_use
- name: Ensure nginx will reinstall if the PPA was just added.
apt:
name: nginx
state: absent
when: nginx_ppa_added.changed

32
tasks/vhosts.yml
Unescape View File

@ -0,0 +1,32 @@
---
- name: Remove default nginx vhost config file (if configured).
file:
path: "{{ nginx_default_vhost_path }}"
state: absent
when: nginx_remove_default_vhost
notify:
- reload nginx
- name: Add managed vhost config file (if any vhosts are configured).
template:
src: vhosts.j2
dest: "{{ nginx_vhost_path }}/vhosts.conf"
mode: 0644
when: nginx_vhosts|length > 0
notify:
- reload nginx
- name: Creates Nginx vhost directory
file: path=/var/www/html/{{ server_hostname }} state=directory owner={{ php_fpm_pool_user }} group={{ php_fpm_pool_group }} mode=0755 recurse=yes
when: nginx_vhosts|length > 0
notify:
- reload nginx
- name: Remove managed vhost config file (if no vhosts are configured).
file:
path: "{{ nginx_vhost_path }}/vhosts.conf"
state: absent
when: nginx_vhosts|length == 0
notify:
- reload nginx

7
templates/headers.conf.j2
Unescape View File

@ -0,0 +1,7 @@
{% if nginx_bigpipe_enable %}
add_header X-Accel-Buffering: no;
{% endif %}
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

63
templates/nginx.conf.j2
Unescape View File

@ -0,0 +1,63 @@
user {{ nginx_user }};
error_log {{ nginx_error_log }};
pid {{ nginx_pidfile }};
worker_processes {{ nginx_worker_processes }};
events {
worker_connections {{ nginx_worker_connections }};
multi_accept {{ nginx_multi_accept }};
}
{% if nginx_extra_conf_options %}
{{ nginx_extra_conf_options }}
{% endif %}
http {
include {{ nginx_mime_file_path }};
default_type application/octet-stream;
server_names_hash_bucket_size {{ nginx_server_names_hash_bucket_size }};
client_max_body_size {{ nginx_client_max_body_size }};
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log {{ nginx_access_log }};
sendfile {{ nginx_sendfile }};
tcp_nopush {{ nginx_tcp_nopush }};
tcp_nodelay {{ nginx_tcp_nodelay }};
keepalive_timeout {{ nginx_keepalive_timeout }};
keepalive_requests {{ nginx_keepalive_requests }};
gzip on;
{% if nginx_proxy_cache_path %}
proxy_cache_path {{ nginx_proxy_cache_path }};
{% endif %}
{% if nginx_extra_http_options %}
{{ nginx_extra_http_options }}
{% endif %}
{% for upstream in nginx_upstreams %}
upstream {{ upstream.name }} {
{% if upstream.strategy is defined %}
{{ upstream.strategy }};
{% endif %}
{% for server in upstream.servers %}
server {{ server }};
{% endfor %}
}
{% endfor %}
include {{ nginx_conf_path }}/*.conf;
{% if nginx_conf_path != nginx_vhost_path %}
include {{ nginx_vhost_path }}/*;
{% endif %}
}

5
templates/nginx.repo.j2
Unescape View File

@ -0,0 +1,5 @@
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/
gpgcheck=0
enabled=1

33
templates/vhosts.j2
Unescape View File

@ -0,0 +1,33 @@
{% for vhost in nginx_vhosts %}
server {
listen {{ vhost.listen | default('80') }};
{% if vhost.server_name is defined %}
server_name {{ vhost.server_name }};
{% endif %}
{% if vhost.root is defined %}
root {{ vhost.root }};
{% endif %}
index {{ vhost.index | default('index.html index.htm') }};
{% if vhost.error_page is defined %}
error_page {{ vhost.error_page }};
{% endif %}
{% if vhost.access_log is defined %}
access_log {{ vhost.access_log }};
{% endif %}
{% if vhost.error_log is defined %}
error_log {{ vhost.error_log }} error;
{% endif %}
{% if vhost.return is defined %}
return {{ vhost.return }};
{% endif %}
{% if vhost.extra_parameters is defined %}
{{ vhost.extra_parameters }}
{% endif %}
}
{% endfor %}

1
tests/inventory
Unescape View File

@ -0,0 +1 @@
localhost

6
tests/test.yml
Unescape View File

@ -0,0 +1,6 @@
---
- hosts: localhost
remote_user: root
roles:
- role: ansible-role-nginx
nginx_use_ppa: true

9
vars/Debian.yml
Unescape View File

@ -0,0 +1,9 @@
---
root_group: root
nginx_conf_path: /etc/nginx/conf.d
nginx_conf_file_path: /etc/nginx/nginx.conf
nginx_mime_file_path: /etc/nginx/mime.types
nginx_pidfile: /run/nginx.pid
nginx_vhost_path: /etc/nginx/sites-enabled
nginx_default_vhost_path: /etc/nginx/sites-enabled/default
__nginx_user: "www-data"

9
vars/FreeBSD.yml
Unescape View File

@ -0,0 +1,9 @@
---
root_group: wheel
nginx_conf_path: /usr/local/etc/nginx/conf.d
nginx_conf_file_path: /usr/local/etc/nginx/nginx.conf
nginx_mime_file_path: /usr/local/etc/nginx/mime.types
nginx_pidfile: /var/run/nginx.pid
nginx_vhost_path: /usr/local/etc/nginx/sites-enabled
nginx_default_vhost_path: /usr/local/etc/nginx/sites-enabled/default
__nginx_user: "www"

9
vars/RedHat.yml
Unescape View File

@ -0,0 +1,9 @@
---
root_group: root
nginx_conf_path: /etc/nginx/conf.d
nginx_conf_file_path: /etc/nginx/nginx.conf
nginx_mime_file_path: /etc/nginx/mime.types
nginx_pidfile: /var/run/nginx.pid
nginx_vhost_path: /etc/nginx/conf.d
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
__nginx_user: "nginx"