From d9aebe7dee9bf0706c2eca1336ccd40aef55a7e8 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 7 Mar 2014 08:51:16 -0600 Subject: [PATCH 01/74] Initial commit. --- README.md | 31 +++++++++++++++++++++++++++++++ files/nginx.repo | 5 +++++ handlers/main.yml | 3 +++ meta/main.yml | 16 ++++++++++++++++ tasks/main.yml | 9 +++++++++ 5 files changed, 64 insertions(+) create mode 100644 README.md create mode 100644 files/nginx.repo create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..323ce66 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +# Ansible Role: Nginx + +Installs Nginx on RHEL/CentOS 6.x. + +This role installs the latest version of Nginx direct from the Nginx yum repository. + +## Requirements + +None. + +## Role Variables + +None. + +## Dependencies + +None. + +## Example Playbook + + - hosts: server + roles: + - { role: geerlingguy.nginx } + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by Jeff Geerling (@geerlingguy), author of Ansible for DevOps. You can find out more about the book at http://ansiblefordevops.com/, and learn about the author at http://jeffgeerling.com/. diff --git a/files/nginx.repo b/files/nginx.repo new file mode 100644 index 0000000..d11a88a --- /dev/null +++ b/files/nginx.repo @@ -0,0 +1,5 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/centos/6/$basearch/ +gpgcheck=0 +enabled=1 diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..16b766b --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart nginx + command: service nginx restart \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..7d7c8bf --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,16 @@ +--- +dependencies: [] + +galaxy_info: + author: geerlingguy + description: Nginx installation for Linux/UNIX. + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 1.4 + platforms: + - name: EL + versions: + - 6 + categories: + - development + - web diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..47e4f81 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: Enable nginx repo. + copy: src=nginx.repo dest=/etc/yum.repos.d/nginx.repo owner=root group=root mode=644 + +- name: Ensure nginx is installed. + yum: pkg=nginx state=installed enablerepo=nginx + +- name: Ensure nginx is started and enabled to start at boot. + service: name=nginx state=started enabled=yes From 8fc54601646cdd172d70a4b3d32dad9c3ab799fd Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 7 Mar 2014 09:07:04 -0600 Subject: [PATCH 02/74] Updated README with todos. --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 323ce66..e61824d 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,11 @@ None. roles: - { role: geerlingguy.nginx } +## TODO + + - Make everything more configurable. + - Make this role work with all flavors of linux (as supported by nginx repos). + ## License MIT / BSD From 3e9fbe032bb4dca872be003679af917e2d7a32df Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 21 Apr 2014 13:06:38 -0500 Subject: [PATCH 03/74] Updated README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e61824d..8512a2c 100644 --- a/README.md +++ b/README.md @@ -33,4 +33,4 @@ MIT / BSD ## Author Information -This role was created in 2014 by Jeff Geerling (@geerlingguy), author of Ansible for DevOps. You can find out more about the book at http://ansiblefordevops.com/, and learn about the author at http://jeffgeerling.com/. +This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). From 222479109fef3407cb1c6e3b31e6f2ad713fcba0 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 2 May 2014 22:18:10 -0500 Subject: [PATCH 04/74] Update Nginx role to be more customizable. --- README.md | 24 ++++++++++++++++++++---- tasks/main.yml | 7 +++++++ templates/nginx.conf.j2 | 34 ++++++++++++++++++++++++++++++++++ vars/main.yml | 6 ++++++ 4 files changed, 67 insertions(+), 4 deletions(-) create mode 100644 templates/nginx.conf.j2 create mode 100644 vars/main.yml diff --git a/README.md b/README.md index 8512a2c..d5df220 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Ansible Role: Nginx -Installs Nginx on RHEL/CentOS 6.x. +Installs Nginx on RedHat/CentOS linux servers. -This role installs the latest version of Nginx direct from the Nginx yum repository. +This role installs and configures the latest version of Nginx direct from the Nginx yum repository. You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. ## Requirements @@ -10,7 +10,24 @@ None. ## Role Variables -None. +Available variables are listed below, along with default values (see `vars/main.yml`): + + nginx_user: "nginx" + +The user under which Nginx will run. + + nginx_worker_processes: "1" + nginx_worker_connections: "1024" + +`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). + + nginx_client_max_body_size: "64m" + +This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low. + + nginx_keepalive_timeout: "65" + +The keepalive timeout. Should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests. ## Dependencies @@ -24,7 +41,6 @@ None. ## TODO - - Make everything more configurable. - Make this role work with all flavors of linux (as supported by nginx repos). ## License diff --git a/tasks/main.yml b/tasks/main.yml index 47e4f81..71f9d00 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -5,5 +5,12 @@ - name: Ensure nginx is installed. yum: pkg=nginx state=installed enablerepo=nginx +- name: Copy nginx configuration in place. + template: > + src=nginx.conf.j2 + dest=/etc/nginx/nginx.conf + owner=root group=root mode=644 + notify: restart nginx + - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 new file mode 100644 index 0000000..ae453fd --- /dev/null +++ b/templates/nginx.conf.j2 @@ -0,0 +1,34 @@ +user {{ nginx_user }}; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +worker_processes {{ nginx_worker_processes }}; + +events { + worker_connections {{ nginx_worker_connections }}; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server_names_hash_bucket_size 64; + + client_max_body_size {{ nginx_client_max_body_size }}; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main buffer=16k; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout {{ nginx_keepalive_timeout }}; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..0304377 --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,6 @@ +--- +nginx_user: "nginx" +nginx_worker_processes: "1" +nginx_worker_connections: "1024" +nginx_client_max_body_size: "64m" +nginx_keepalive_timeout: "65" From 299b70fc1ee38fc3d80e2ab0daecfe60856b515d Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 2 May 2014 22:24:54 -0500 Subject: [PATCH 05/74] Updated default connection limit. --- README.md | 2 +- vars/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d5df220..907bd2b 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ Available variables are listed below, along with default values (see `vars/main. The user under which Nginx will run. nginx_worker_processes: "1" - nginx_worker_connections: "1024" + nginx_worker_connections: "8192" `nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). diff --git a/vars/main.yml b/vars/main.yml index 0304377..fd8e88f 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1,6 @@ --- nginx_user: "nginx" nginx_worker_processes: "1" -nginx_worker_connections: "1024" +nginx_worker_connections: "8192" nginx_client_max_body_size: "64m" nginx_keepalive_timeout: "65" From 9b91816d3f0746f25f7d722a9418779a4a9bddc2 Mon Sep 17 00:00:00 2001 From: Richard Date: Wed, 30 Jul 2014 21:09:00 +0200 Subject: [PATCH 06/74] added support for Debian based os --- tasks/main.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tasks/main.yml b/tasks/main.yml index 71f9d00..6706d7a 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,9 +1,17 @@ --- - name: Enable nginx repo. copy: src=nginx.repo dest=/etc/yum.repos.d/nginx.repo owner=root group=root mode=644 + when: ansible_os_family == 'RedHat' - name: Ensure nginx is installed. yum: pkg=nginx state=installed enablerepo=nginx + when: ansible_os_family == 'RedHat' + +- name: Ensure nginx is installed. + apt: pkg=nginx state=installed update_cache=true + notify: + - restart nginx + when: ansible_os_family == 'Debian' - name: Copy nginx configuration in place. template: > From 45713939ee121b69b9094d8f2cd9768543c44028 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 3 Aug 2014 21:24:54 -0500 Subject: [PATCH 07/74] Cleanup - This nginx role now works across RedHat and Debian. --- README.md | 8 ++------ meta/main.yml | 6 ++++++ tasks/main.yml | 15 ++++++++------- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 907bd2b..8180a74 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Ansible Role: Nginx -Installs Nginx on RedHat/CentOS linux servers. +Installs Nginx on RedHat/CentOS or Debian/Ubuntu linux servers. -This role installs and configures the latest version of Nginx direct from the Nginx yum repository. You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. +This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. ## Requirements @@ -39,10 +39,6 @@ None. roles: - { role: geerlingguy.nginx } -## TODO - - - Make this role work with all flavors of linux (as supported by nginx repos). - ## License MIT / BSD diff --git a/meta/main.yml b/meta/main.yml index 7d7c8bf..033840b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -11,6 +11,12 @@ galaxy_info: - name: EL versions: - 6 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all categories: - development - web diff --git a/tasks/main.yml b/tasks/main.yml index 6706d7a..fe3ef2d 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,16 +1,17 @@ --- -- name: Enable nginx repo. - copy: src=nginx.repo dest=/etc/yum.repos.d/nginx.repo owner=root group=root mode=644 +- name: Enable nginx repo (RedHat). + copy: > + src=nginx.repo + dest=/etc/yum.repos.d/nginx.repo + owner=root group=root mode=644 when: ansible_os_family == 'RedHat' -- name: Ensure nginx is installed. +- name: Ensure nginx is installed (RedHat). yum: pkg=nginx state=installed enablerepo=nginx when: ansible_os_family == 'RedHat' -- name: Ensure nginx is installed. - apt: pkg=nginx state=installed update_cache=true - notify: - - restart nginx +- name: Ensure nginx is installed (Debian). + apt: pkg=nginx state=installed when: ansible_os_family == 'Debian' - name: Copy nginx configuration in place. From 8ef999d267934ae4854ac3b41d5bd6916995fa85 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 3 Aug 2014 21:27:16 -0500 Subject: [PATCH 08/74] Enable Travis CI testing. --- .travis.yml | 34 ++++++++++++++++++++++++++++++++++ tests/inventory | 1 + tests/test.yml | 5 +++++ 3 files changed, 40 insertions(+) create mode 100644 .travis.yml create mode 100644 tests/inventory create mode 100644 tests/test.yml diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..06cede8 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,34 @@ +--- +language: python +python: "2.7" + +env: + - SITE=test.yml + +before_install: + - sudo apt-get update -qq + - sudo apt-get install -y curl + +install: + # Install Ansible. + - pip install ansible + + # Add ansible.cfg to pick up roles path. + - "printf '[defaults]\nroles_path = ../' > ansible.cfg" + +script: + # Check the role/playbook's syntax. + - "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" + + # Run the role/playbook with ansible-playbook. + - "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" + + # Run the role/playbook again, checking to make sure it's idempotent. + - > + ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo + | grep -q 'changed=0.*failed=0' + && (echo 'Idempotence test: pass' && exit 0) + || (echo 'Idempotence test: fail' && exit 1) + + # Request a page via Nginx, to make sure Nginx is running and responds. + - "curl http://localhost/" diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..42bba2c --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - ansible-role-nginx From b8a84d2bd71774426004d957e131bf00a215b55b Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 3 Aug 2014 21:27:56 -0500 Subject: [PATCH 09/74] Add test integration status to README.md. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 8180a74..c94af6f 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # Ansible Role: Nginx +[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx) + Installs Nginx on RedHat/CentOS or Debian/Ubuntu linux servers. This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. From 1f48f9905f0689e97ddb3b3232c9cb574aa22196 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 3 Aug 2014 21:34:46 -0500 Subject: [PATCH 10/74] Make tests pass. --- tests/test.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/test.yml b/tests/test.yml index 42bba2c..65139b9 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,5 +1,7 @@ --- - hosts: localhost remote_user: root + vars: + nginx_user: root roles: - ansible-role-nginx From 8b2dadc8540a59219a2887fb8e753ee70c0da4b4 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 3 Aug 2014 21:37:48 -0500 Subject: [PATCH 11/74] Debugging for tests. --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index 06cede8..c995850 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,5 +30,8 @@ script: && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) + # Debugging. + - netstat -lntu + # Request a page via Nginx, to make sure Nginx is running and responds. - "curl http://localhost/" From 38a6c071e003983a79d284b722699a31c49d485d Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sun, 3 Aug 2014 21:42:42 -0500 Subject: [PATCH 12/74] Comment out curl call until we have example vhost. --- .travis.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index c995850..2d65016 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,8 +30,6 @@ script: && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1) - # Debugging. - - netstat -lntu - + # TODO - get the test working. Probably need to add a virtual host. # Request a page via Nginx, to make sure Nginx is running and responds. - - "curl http://localhost/" + # - "curl http://localhost/" From 736a95a012e8058c896c13b0e1e2a928fd5e314c Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 21 Aug 2014 15:41:31 -0500 Subject: [PATCH 13/74] Add option to remove default nginx vhost config. --- README.md | 7 ++++++- defaults/main.yml | 3 +++ tasks/main.yml | 7 +++++++ 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 defaults/main.yml diff --git a/README.md b/README.md index c94af6f..5ba9ece 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,12 @@ None. ## Role Variables -Available variables are listed below, along with default values (see `vars/main.yml`): +Available variables are listed below, along with default values (see `vars/main.yml` and `defaults/main.yml`): + + nginx_remove_default_vhost: false + nginx_default_vhost_path: /etc/nginx/sites-enabled/default + +Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file. The `nginx_default_vhost_path` variable defines the path to the default vhosts file. nginx_user: "nginx" diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..7543516 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,3 @@ +--- +nginx_remove_default_vhost: false +nginx_default_vhost_path: /etc/nginx/sites-enabled/default diff --git a/tasks/main.yml b/tasks/main.yml index fe3ef2d..5491d0b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -23,3 +23,10 @@ - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes + +- name: Remove default nginx config file (if configured). + file: > + path={{ nginx_default_vhost_path }} + state=absent + when: nginx_remove_default_vhost + notify: restart nginx \ No newline at end of file From 2d05eac2c30a836a8c3b056ab8475cd4024b73f3 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 8 Nov 2014 14:36:17 -0600 Subject: [PATCH 14/74] Update test. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 2d65016..24648b1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ install: - pip install ansible # Add ansible.cfg to pick up roles path. - - "printf '[defaults]\nroles_path = ../' > ansible.cfg" + - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" script: # Check the role/playbook's syntax. From 60bc2df30f3bbce4b401ed28ceed63e8e35310ed Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 11 Nov 2014 10:39:16 -0600 Subject: [PATCH 15/74] Add EL7 to supported platforms. --- meta/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/main.yml b/meta/main.yml index 033840b..efbe68f 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -11,6 +11,7 @@ galaxy_info: - name: EL versions: - 6 + - 7 - name: Debian versions: - all From 5f9562770654af215b0ade07a6212cac8ac9b887 Mon Sep 17 00:00:00 2001 From: Mirko Friedenhagen Date: Wed, 3 Dec 2014 21:11:18 +0100 Subject: [PATCH 16/74] Move vars to defaults as otherwise they may not be overridden. --- defaults/main.yml | 5 +++++ vars/main.yml | 5 ----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 7543516..1b4b0bb 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,8 @@ --- +nginx_user: "nginx" +nginx_worker_processes: "1" +nginx_worker_connections: "8192" +nginx_client_max_body_size: "64m" +nginx_keepalive_timeout: "65" nginx_remove_default_vhost: false nginx_default_vhost_path: /etc/nginx/sites-enabled/default diff --git a/vars/main.yml b/vars/main.yml index fd8e88f..ed97d53 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,6 +1 @@ --- -nginx_user: "nginx" -nginx_worker_processes: "1" -nginx_worker_connections: "8192" -nginx_client_max_body_size: "64m" -nginx_keepalive_timeout: "65" From 45b749af83b6d11e96c05a02c1de804a29833849 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 8 Dec 2014 22:07:57 -0600 Subject: [PATCH 17/74] Issue #5: Add 'nginx_proxy_cache_path' configuration option. --- README.md | 4 ++++ defaults/main.yml | 1 + templates/nginx.conf.j2 | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/README.md b/README.md index 5ba9ece..97ccdd1 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,10 @@ This value determines the largest file upload possible, as uploads are passed th The keepalive timeout. Should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests. + nginx_proxy_cache_path: "" + +Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). + ## Dependencies None. diff --git a/defaults/main.yml b/defaults/main.yml index 1b4b0bb..203357d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,3 +6,4 @@ nginx_client_max_body_size: "64m" nginx_keepalive_timeout: "65" nginx_remove_default_vhost: false nginx_default_vhost_path: /etc/nginx/sites-enabled/default +nginx_proxy_cache_path: "" diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index ae453fd..51407c9 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -30,5 +30,9 @@ http { #gzip on; +{% if nginx_proxy_cache_path %} + proxy_cache_path {{ nginx_proxy_cache_path }}; +{% endif %} + include /etc/nginx/conf.d/*.conf; } From fdc9a7da78245163182a130e653eeada0eb330ab Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 2 Jan 2015 11:47:26 -0600 Subject: [PATCH 18/74] Issue #6 and PR #8: Make nginx user more flexible. --- README.md | 4 ++-- defaults/main.yml | 1 - tasks/main.yml | 10 ++++++++++ tests/test.yml | 2 -- vars/Debian.yml | 2 ++ vars/RedHat.yml | 2 ++ vars/main.yml | 1 - 7 files changed, 16 insertions(+), 6 deletions(-) create mode 100644 vars/Debian.yml create mode 100644 vars/RedHat.yml delete mode 100644 vars/main.yml diff --git a/README.md b/README.md index 97ccdd1..0f128b0 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ None. ## Role Variables -Available variables are listed below, along with default values (see `vars/main.yml` and `defaults/main.yml`): +Available variables are listed below, along with default values (see `defaults/main.yml`): nginx_remove_default_vhost: false nginx_default_vhost_path: /etc/nginx/sites-enabled/default @@ -21,7 +21,7 @@ Whether to remove the 'default' virtualhost configuration supplied by Nginx. Use nginx_user: "nginx" -The user under which Nginx will run. +The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian. nginx_worker_processes: "1" nginx_worker_connections: "8192" diff --git a/defaults/main.yml b/defaults/main.yml index 203357d..0ade890 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,5 +1,4 @@ --- -nginx_user: "nginx" nginx_worker_processes: "1" nginx_worker_connections: "8192" nginx_client_max_body_size: "64m" diff --git a/tasks/main.yml b/tasks/main.yml index 5491d0b..9adccc5 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,14 @@ --- +# Variable setup. +- name: Include OS-specific variables. + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define nginx_user. + set_fact: + nginx_user: "{{ __nginx_user }}" + when: nginx_user is not defined + +# Nginx setup. - name: Enable nginx repo (RedHat). copy: > src=nginx.repo diff --git a/tests/test.yml b/tests/test.yml index 65139b9..42bba2c 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -1,7 +1,5 @@ --- - hosts: localhost remote_user: root - vars: - nginx_user: root roles: - ansible-role-nginx diff --git a/vars/Debian.yml b/vars/Debian.yml new file mode 100644 index 0000000..54bb631 --- /dev/null +++ b/vars/Debian.yml @@ -0,0 +1,2 @@ +--- +__nginx_user: "www-data" diff --git a/vars/RedHat.yml b/vars/RedHat.yml new file mode 100644 index 0000000..13d5b86 --- /dev/null +++ b/vars/RedHat.yml @@ -0,0 +1,2 @@ +--- +__nginx_user: "nginx" diff --git a/vars/main.yml b/vars/main.yml deleted file mode 100644 index ed97d53..0000000 --- a/vars/main.yml +++ /dev/null @@ -1 +0,0 @@ ---- From fabb2ecbc09ecf4d78e560349990de7764c75291 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 23 Jan 2015 10:57:06 -0600 Subject: [PATCH 19/74] Code style cleanup. --- tasks/main.yml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 9adccc5..6361211 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,10 +10,12 @@ # Nginx setup. - name: Enable nginx repo (RedHat). - copy: > - src=nginx.repo - dest=/etc/yum.repos.d/nginx.repo - owner=root group=root mode=644 + copy: + src: nginx.repo + dest: /etc/yum.repos.d/nginx.repo + owner: root + group: root + mode: 0644 when: ansible_os_family == 'RedHat' - name: Ensure nginx is installed (RedHat). @@ -25,18 +27,20 @@ when: ansible_os_family == 'Debian' - name: Copy nginx configuration in place. - template: > - src=nginx.conf.j2 - dest=/etc/nginx/nginx.conf - owner=root group=root mode=644 + template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: 0644 notify: restart nginx - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes - name: Remove default nginx config file (if configured). - file: > - path={{ nginx_default_vhost_path }} - state=absent + file: + path: "{{ nginx_default_vhost_path }}" + state: absent when: nginx_remove_default_vhost notify: restart nginx \ No newline at end of file From df35be0665d3cd3090b3ad63cd643107baf6f52f Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 23 Jan 2015 11:07:30 -0600 Subject: [PATCH 20/74] Fixes #9: Use major distro version for Nginx repo on RedHat. --- files/nginx.repo | 5 ----- tasks/main.yml | 4 ++-- 2 files changed, 2 insertions(+), 7 deletions(-) delete mode 100644 files/nginx.repo diff --git a/files/nginx.repo b/files/nginx.repo deleted file mode 100644 index d11a88a..0000000 --- a/files/nginx.repo +++ /dev/null @@ -1,5 +0,0 @@ -[nginx] -name=nginx repo -baseurl=http://nginx.org/packages/centos/6/$basearch/ -gpgcheck=0 -enabled=1 diff --git a/tasks/main.yml b/tasks/main.yml index 6361211..b55fa4f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -10,8 +10,8 @@ # Nginx setup. - name: Enable nginx repo (RedHat). - copy: - src: nginx.repo + template: + src: nginx.repo.j2 dest: /etc/yum.repos.d/nginx.repo owner: root group: root From 7e6a17cc4d7bb521f8cca020408d6b941e191f33 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 23 Jan 2015 11:08:05 -0600 Subject: [PATCH 21/74] Issue #9: Add nginx repo template. --- templates/nginx.repo.j2 | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 templates/nginx.repo.j2 diff --git a/templates/nginx.repo.j2 b/templates/nginx.repo.j2 new file mode 100644 index 0000000..9a853b7 --- /dev/null +++ b/templates/nginx.repo.j2 @@ -0,0 +1,5 @@ +[nginx] +name=nginx repo +baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/ +gpgcheck=0 +enabled=1 From 66922e9951088d2c615aa0fd59738fd37a9a0b59 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 20 Feb 2015 23:15:01 -0600 Subject: [PATCH 22/74] Fixes #10: Better organize os-specific tasks. --- handlers/main.yml | 2 +- tasks/main.yml | 18 ++++-------------- tasks/setup-Debian.yml | 3 +++ tasks/setup-RedHat.yml | 11 +++++++++++ 4 files changed, 19 insertions(+), 15 deletions(-) create mode 100644 tasks/setup-Debian.yml create mode 100644 tasks/setup-RedHat.yml diff --git a/handlers/main.yml b/handlers/main.yml index 16b766b..92971d2 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,3 @@ --- - name: restart nginx - command: service nginx restart \ No newline at end of file + service: name=nginx state=restarted diff --git a/tasks/main.yml b/tasks/main.yml index b55fa4f..66ddc0c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -8,24 +8,14 @@ nginx_user: "{{ __nginx_user }}" when: nginx_user is not defined -# Nginx setup. -- name: Enable nginx repo (RedHat). - template: - src: nginx.repo.j2 - dest: /etc/yum.repos.d/nginx.repo - owner: root - group: root - mode: 0644 - when: ansible_os_family == 'RedHat' - -- name: Ensure nginx is installed (RedHat). - yum: pkg=nginx state=installed enablerepo=nginx +# Setup/install tasks. +- include: setup-RedHat.yml when: ansible_os_family == 'RedHat' -- name: Ensure nginx is installed (Debian). - apt: pkg=nginx state=installed +- include: setup-Debian.yml when: ansible_os_family == 'Debian' +# Nginx setup. - name: Copy nginx configuration in place. template: src: nginx.conf.j2 diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml new file mode 100644 index 0000000..7d30a27 --- /dev/null +++ b/tasks/setup-Debian.yml @@ -0,0 +1,3 @@ +--- +- name: Ensure nginx is installed. + apt: pkg=nginx state=installed diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml new file mode 100644 index 0000000..73f205e --- /dev/null +++ b/tasks/setup-RedHat.yml @@ -0,0 +1,11 @@ +--- +- name: Enable nginx repo. + template: + src: nginx.repo.j2 + dest: /etc/yum.repos.d/nginx.repo + owner: root + group: root + mode: 0644 + +- name: Ensure nginx is installed. + yum: pkg=nginx state=installed enablerepo=nginx From 6f04a8f2ed9fe4be96038205379fe717461bfbff Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 20 Feb 2015 23:17:13 -0600 Subject: [PATCH 23/74] Update default worker_connections to 1024, since that plays nice with default OS configs. --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0ade890..8b7c6dd 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,6 +1,6 @@ --- nginx_worker_processes: "1" -nginx_worker_connections: "8192" +nginx_worker_connections: "1024" nginx_client_max_body_size: "64m" nginx_keepalive_timeout: "65" nginx_remove_default_vhost: false From c6e3321a668b99908a053393f743006d17189346 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 20 Feb 2015 23:17:35 -0600 Subject: [PATCH 24/74] Spacing in default vars file. --- defaults/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index 8b7c6dd..4954679 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,8 @@ nginx_worker_processes: "1" nginx_worker_connections: "1024" nginx_client_max_body_size: "64m" nginx_keepalive_timeout: "65" + nginx_remove_default_vhost: false nginx_default_vhost_path: /etc/nginx/sites-enabled/default + nginx_proxy_cache_path: "" From 7360d9cb0b920e2159af27f77e64ea368ee27859 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 20 Feb 2015 23:34:31 -0600 Subject: [PATCH 25/74] Major vhosts cleanup in preparation for issue #11. --- README.md | 7 +++++-- defaults/main.yml | 3 ++- tasks/main.yml | 7 +------ tasks/vhosts.yml | 22 ++++++++++++++++++++++ templates/vhosts.j2 | 1 + vars/Debian.yml | 2 ++ vars/RedHat.yml | 2 ++ 7 files changed, 35 insertions(+), 9 deletions(-) create mode 100644 tasks/vhosts.yml create mode 100644 templates/vhosts.j2 diff --git a/README.md b/README.md index 0f128b0..0626e9f 100644 --- a/README.md +++ b/README.md @@ -14,10 +14,13 @@ None. Available variables are listed below, along with default values (see `defaults/main.yml`): + nginx_vhost_path: /etc/nginx/sites-enabled + +The path to the vhost configuration folder (where Nginx will look for server configurations). + nginx_remove_default_vhost: false - nginx_default_vhost_path: /etc/nginx/sites-enabled/default -Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file. The `nginx_default_vhost_path` variable defines the path to the default vhosts file. +Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file. nginx_user: "nginx" diff --git a/defaults/main.yml b/defaults/main.yml index 4954679..82ab704 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,6 +5,7 @@ nginx_client_max_body_size: "64m" nginx_keepalive_timeout: "65" nginx_remove_default_vhost: false -nginx_default_vhost_path: /etc/nginx/sites-enabled/default +nginx_vhosts: [] +# TODO - add example. nginx_proxy_cache_path: "" diff --git a/tasks/main.yml b/tasks/main.yml index 66ddc0c..d63dbac 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -28,9 +28,4 @@ - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes -- name: Remove default nginx config file (if configured). - file: - path: "{{ nginx_default_vhost_path }}" - state: absent - when: nginx_remove_default_vhost - notify: restart nginx \ No newline at end of file +- include: vhosts.yml diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml new file mode 100644 index 0000000..a41401e --- /dev/null +++ b/tasks/vhosts.yml @@ -0,0 +1,22 @@ +--- +- name: Remove default nginx vhost config file (if configured). + file: + path: "{{ nginx_default_vhost_path }}" + state: absent + when: nginx_remove_default_vhost + notify: restart nginx + +- name: Add managed vhost config file (if any vhosts are configured). + template: + src: vhosts.j2 + dest: "{{ nginx_vhost_path }}/vhosts" + mode: 0644 + when: nginx_vhosts + notify: restart nginx + +- name: Remove managed vhost config file (if no vhosts are configured). + file: + path: "{{ nginx_vhost_path }}/vhosts" + state: absent + when: not nginx_vhosts + notify: restart nginx diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 new file mode 100644 index 0000000..4640904 --- /dev/null +++ b/templates/vhosts.j2 @@ -0,0 +1 @@ +# TODO diff --git a/vars/Debian.yml b/vars/Debian.yml index 54bb631..b78b7c5 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,2 +1,4 @@ --- +nginx_vhost_path: /etc/nginx/sites-enabled +nginx_default_vhost_path: /etc/nginx/sites-enabled/default __nginx_user: "www-data" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 13d5b86..2412304 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,2 +1,4 @@ --- +nginx_vhost_path: /etc/nginx/conf.d +nginx_default_vhost_path: /etc/nginx/conf.d/default.conf __nginx_user: "nginx" From 90b6ddd1b38689ce15a13986eb6cd2fa607289e1 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 21 Feb 2015 00:02:51 -0600 Subject: [PATCH 26/74] Fixes #11: Add default/simple virtualhost configuration. --- README.md | 4 ++-- defaults/main.yml | 17 ++++++++++++++--- tasks/vhosts.yml | 4 ++-- templates/nginx.conf.j2 | 2 +- templates/vhosts.j2 | 25 ++++++++++++++++++++++++- 5 files changed, 43 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 0626e9f..7f9074d 100644 --- a/README.md +++ b/README.md @@ -14,9 +14,9 @@ None. Available variables are listed below, along with default values (see `defaults/main.yml`): - nginx_vhost_path: /etc/nginx/sites-enabled + nginx_vhosts: [] -The path to the vhost configuration folder (where Nginx will look for server configurations). +A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`. nginx_remove_default_vhost: false diff --git a/defaults/main.yml b/defaults/main.yml index 82ab704..41cf61a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,8 +4,19 @@ nginx_worker_connections: "1024" nginx_client_max_body_size: "64m" nginx_keepalive_timeout: "65" +nginx_proxy_cache_path: "" + nginx_remove_default_vhost: false nginx_vhosts: [] -# TODO - add example. - -nginx_proxy_cache_path: "" +# Example vhost below, showing all available options: +# - { +# listen: "80 default_server", # default: "80 default_server" +# server_name: "example.com", # default: N/A +# root: "/var/www/example.com", # default: N/A +# index: "index.html index.htm", # default: "index.html index.htm" +# +# # Properties that are only added if defined: +# error_page: "", +# access_log: "", +# extra_config: "" # Can be used to add extra config blocks (multiline). +# } diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index a41401e..5ee8ec2 100644 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -9,14 +9,14 @@ - name: Add managed vhost config file (if any vhosts are configured). template: src: vhosts.j2 - dest: "{{ nginx_vhost_path }}/vhosts" + dest: "{{ nginx_vhost_path }}/vhosts.conf" mode: 0644 when: nginx_vhosts notify: restart nginx - name: Remove managed vhost config file (if no vhosts are configured). file: - path: "{{ nginx_vhost_path }}/vhosts" + path: "{{ nginx_vhost_path }}/vhosts.conf" state: absent when: not nginx_vhosts notify: restart nginx diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 51407c9..f1967d9 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -34,5 +34,5 @@ http { proxy_cache_path {{ nginx_proxy_cache_path }}; {% endif %} - include /etc/nginx/conf.d/*.conf; + include {{ nginx_vhost_path }}/*; } diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 index 4640904..09bda35 100644 --- a/templates/vhosts.j2 +++ b/templates/vhosts.j2 @@ -1 +1,24 @@ -# TODO +{% for vhost in nginx_vhosts %} +server { + listen {{ vhost.listen | default('80 default_server') }}; + server_name {{ vhost.server_name }}; + + root {{ vhost.root }}; + index {{ vhost.index | default('index.html index.htm') }}; + + {% if vhost.error_page is defined %} + error_page {{ vhost.error_page }}; + {% endif %} + {% if vhost.access_log is defined %} + access_log {{ vhost.access_log }}; + {% endif %} + + {% if vhost.return is defined %} + return {{ vhost.return }}; + {% endif %} + + {% if vhost.extra_parameters is defined %} + {{ vhost.extra_parameters }}; + {% endif %} +} +{% endfor %} From 7d8a1ace36e833ef7ad033c00980f756eda4be45 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Sat, 21 Feb 2015 00:42:51 -0600 Subject: [PATCH 27/74] Fixes #12: Allow for load balancing configurations by adding upstream config. --- README.md | 6 +++++- defaults/main.yml | 11 +++++++++++ templates/nginx.conf.j2 | 11 +++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7f9074d..82fad2d 100644 --- a/README.md +++ b/README.md @@ -16,12 +16,16 @@ Available variables are listed below, along with default values (see `defaults/m nginx_vhosts: [] -A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`. +A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`. nginx_remove_default_vhost: false Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file. + nginx_upstreams: [] + +If you are configuring Nginx as a load balancer, you can define one or more upstream sets using this variable. In addition to defining at least one upstream, you would need to configure one of your server blocks to proxy requests through the defined upstream (e.g. `proxy_pass http://myapp1;`). See the commented example in `defaults/main.yml` for more information. + nginx_user: "nginx" The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian. diff --git a/defaults/main.yml b/defaults/main.yml index 41cf61a..d80a31a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,3 +20,14 @@ nginx_vhosts: [] # access_log: "", # extra_config: "" # Can be used to add extra config blocks (multiline). # } + +nginx_upstreams: [] +# - { +# name: myapp1, +# strategy: "ip_hash", # "least_conn", etc. +# servers: { +# "srv1.example.com", +# "srv2.example.com weight=3", +# "srv3.example.com" +# } +# } diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index f1967d9..044cc2d 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -34,5 +34,16 @@ http { proxy_cache_path {{ nginx_proxy_cache_path }}; {% endif %} +{% for upstream in nginx_upstreams %} + upstream {{ upstream.name }} { +{% if upstream.strategy is defined %} + {{ upstream.strategy }}; +{% endif %} +{% for server in upstream.servers %} + server {{ server }}; +{% endfor %} + } +{% endfor %} + include {{ nginx_vhost_path }}/*; } From 07868edf2e6441c20ca8629da1ad8a79f12c3e3f Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 24 Feb 2015 21:10:22 -0600 Subject: [PATCH 28/74] Added extra useful Nginx variables. --- README.md | 20 ++++++++++++++++---- defaults/main.yml | 12 +++++++++++- templates/nginx.conf.j2 | 10 ++++++---- 3 files changed, 33 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 82fad2d..fd87ae0 100644 --- a/README.md +++ b/README.md @@ -31,17 +31,29 @@ If you are configuring Nginx as a load balancer, you can define one or more upst The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian. nginx_worker_processes: "1" - nginx_worker_connections: "8192" + nginx_worker_connections: "1024" `nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). - nginx_client_max_body_size: "64m" + nginx_error_log: "/var/log/nginx/error.log warn" + nginx_access_log: "/var/log/nginx/access.log main buffer=16k" -This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low. +Configuration of the default error and access logs. Set to `off` to disable a log entirely. + + nginx_sendfile: "on" + nginx_tcp_nopush: "on" + nginx_tcp_nodelay: "on" + +TCP connection options. See [this blog post](https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html) for more information on these directives. nginx_keepalive_timeout: "65" + nginx_keepalive_requests: "100" -The keepalive timeout. Should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests. +Nginx keepalive settings. Timeout should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests. + + nginx_client_max_body_size: "64m" + +This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low. nginx_proxy_cache_path: "" diff --git a/defaults/main.yml b/defaults/main.yml index d80a31a..8f9eb26 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,8 +1,18 @@ --- nginx_worker_processes: "1" nginx_worker_connections: "1024" -nginx_client_max_body_size: "64m" + +nginx_error_log: "/var/log/nginx/error.log warn" +nginx_access_log: "/var/log/nginx/access.log main buffer=16k" + +nginx_sendfile: "on" +nginx_tcp_nopush: "on" +nginx_tcp_nodelay: "on" + nginx_keepalive_timeout: "65" +nginx_keepalive_requests: "100" + +nginx_client_max_body_size: "64m" nginx_proxy_cache_path: "" diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 044cc2d..a43202c 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -1,6 +1,6 @@ user {{ nginx_user }}; -error_log /var/log/nginx/error.log warn; +error_log {{ nginx_error_log }}; pid /var/run/nginx.pid; worker_processes {{ nginx_worker_processes }}; @@ -21,12 +21,14 @@ http { '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log main buffer=16k; + access_log {{ nginx_access_log }}; - sendfile on; - #tcp_nopush on; + sendfile {{ nginx_sendfile }}; + tcp_nopush {{ nginx_tcp_nopush }}; + tcp_nodelay {{ nginx_tcp_nodelay }}; keepalive_timeout {{ nginx_keepalive_timeout }}; + keepalive_requests {{ nginx_keepalive_requests }}; #gzip on; From d1828e9c393174a191ba02950608452b88f6eb4a Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 25 Feb 2015 07:59:24 -0600 Subject: [PATCH 29/74] Fixes #13: Allow configuration of default_release parameter for apt installation. --- defaults/main.yml | 3 +++ tasks/setup-Debian.yml | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 8f9eb26..11e5c6b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,4 +1,7 @@ --- +# Used only for Debian/Ubuntu installation, as the -t option for apt. +nginx_default_release: "" + nginx_worker_processes: "1" nginx_worker_connections: "1024" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 7d30a27..ced11b6 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,3 +1,6 @@ --- - name: Ensure nginx is installed. - apt: pkg=nginx state=installed + apt: + pkg: nginx + state: installed + default_release: "{{ nginx_default_release }}" From 14765e52bfa2941df128c571e5ed6d19cd26ed2d Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Wed, 25 Feb 2015 08:02:18 -0600 Subject: [PATCH 30/74] Issue #13: Document new nginx_default_release variable in README. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index fd87ae0..00bfb8a 100644 --- a/README.md +++ b/README.md @@ -59,6 +59,10 @@ This value determines the largest file upload possible, as uploads are passed th Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). + nginx_default_release: "" + +(For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx. + ## Dependencies None. From c02bf089a47027a097095a7f0c6313769ac661b7 Mon Sep 17 00:00:00 2001 From: Mark Wilde Date: Wed, 29 Apr 2015 12:58:08 +0100 Subject: [PATCH 31/74] Added additional nginx_conf_path for Debian For Debian systems both conf.d and sites-enabled should be included by default. Redhat systems have not been changed. Issues came up using Kibana on Ubuntu as it installs kibana.conf in the conf.d folder. --- templates/nginx.conf.j2 | 7 ++++++- vars/Debian.yml | 3 ++- vars/RedHat.yml | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index a43202c..2f40470 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -47,5 +47,10 @@ http { } {% endfor %} - include {{ nginx_vhost_path }}/*; +{% if nginx_conf_path is defined %} + include {{ nginx_conf_path }}; +{% endif %} +{% if nginx_vhost_path is defined %} + include {{ nginx_vhost_path }}; +{% endif %} } diff --git a/vars/Debian.yml b/vars/Debian.yml index b78b7c5..77881d1 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,4 +1,5 @@ --- -nginx_vhost_path: /etc/nginx/sites-enabled +nginx_conf_path: /etc/nginx/conf.d/*.conf +nginx_vhost_path: /etc/nginx/sites-enabled/* nginx_default_vhost_path: /etc/nginx/sites-enabled/default __nginx_user: "www-data" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 2412304..e727d4c 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,4 +1,4 @@ --- -nginx_vhost_path: /etc/nginx/conf.d +nginx_vhost_path: /etc/nginx/conf.d/* nginx_default_vhost_path: /etc/nginx/conf.d/default.conf __nginx_user: "nginx" From 3e8df12f7afaaa9863bb361e0f41ab1b9a9eedcf Mon Sep 17 00:00:00 2001 From: Mark Wilde Date: Fri, 1 May 2015 10:18:07 +0100 Subject: [PATCH 32/74] Updated nginx_vhost_path to move /* --- templates/nginx.conf.j2 | 2 +- vars/Debian.yml | 2 +- vars/RedHat.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 2f40470..cace955 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -51,6 +51,6 @@ http { include {{ nginx_conf_path }}; {% endif %} {% if nginx_vhost_path is defined %} - include {{ nginx_vhost_path }}; + include {{ nginx_vhost_path }}/*; {% endif %} } diff --git a/vars/Debian.yml b/vars/Debian.yml index 77881d1..d84af98 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,5 +1,5 @@ --- nginx_conf_path: /etc/nginx/conf.d/*.conf -nginx_vhost_path: /etc/nginx/sites-enabled/* +nginx_vhost_path: /etc/nginx/sites-enabled nginx_default_vhost_path: /etc/nginx/sites-enabled/default __nginx_user: "www-data" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index e727d4c..2412304 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,4 +1,4 @@ --- -nginx_vhost_path: /etc/nginx/conf.d/* +nginx_vhost_path: /etc/nginx/conf.d nginx_default_vhost_path: /etc/nginx/conf.d/default.conf __nginx_user: "nginx" From c9ab6ef7e72de64526d38bf72a86da23ee98cd48 Mon Sep 17 00:00:00 2001 From: Eriksen Costa Date: Tue, 12 May 2015 17:18:50 -0300 Subject: [PATCH 33/74] Fix nginx_vhosts comment The key used in the vhosts.j2 template is extra_parameters. --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 11e5c6b..8c51fc6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -31,7 +31,7 @@ nginx_vhosts: [] # # Properties that are only added if defined: # error_page: "", # access_log: "", -# extra_config: "" # Can be used to add extra config blocks (multiline). +# extra_parameters: "" # Can be used to add extra config blocks (multiline). # } nginx_upstreams: [] From 0ae5084e532640966221f2ee77f52004d3f331dd Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Tue, 12 May 2015 17:47:15 -0700 Subject: [PATCH 34/74] PR #14: Change use of nginx_conf_path and nginx_vhost_path to match naming convention. --- templates/nginx.conf.j2 | 6 ++---- vars/Debian.yml | 2 +- vars/RedHat.yml | 1 + 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index cace955..be9b993 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -47,10 +47,8 @@ http { } {% endfor %} -{% if nginx_conf_path is defined %} - include {{ nginx_conf_path }}; -{% endif %} -{% if nginx_vhost_path is defined %} + include {{ nginx_conf_path }}/*; +{% if nginx_conf_path != nginx_vhost_path %} include {{ nginx_vhost_path }}/*; {% endif %} } diff --git a/vars/Debian.yml b/vars/Debian.yml index d84af98..b1bad08 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,5 +1,5 @@ --- -nginx_conf_path: /etc/nginx/conf.d/*.conf +nginx_conf_path: /etc/nginx/conf.d nginx_vhost_path: /etc/nginx/sites-enabled nginx_default_vhost_path: /etc/nginx/sites-enabled/default __nginx_user: "www-data" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 2412304..fb9049e 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,4 +1,5 @@ --- +nginx_conf_path: /etc/nginx/conf.d nginx_vhost_path: /etc/nginx/conf.d nginx_default_vhost_path: /etc/nginx/conf.d/default.conf __nginx_user: "nginx" From d209cbe89ac3f19968e7292fa678606bd17ba133 Mon Sep 17 00:00:00 2001 From: Igor Loskutov Date: Sat, 16 May 2015 17:30:31 +0700 Subject: [PATCH 35/74] restore compartability with geerlingguy-kibana --- templates/nginx.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index be9b993..c63c61d 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -47,8 +47,8 @@ http { } {% endfor %} - include {{ nginx_conf_path }}/*; + include {{ nginx_conf_path }}/*.conf; {% if nginx_conf_path != nginx_vhost_path %} - include {{ nginx_vhost_path }}/*; + include {{ nginx_vhost_path }}/*.conf; {% endif %} } From c5672bf89bd18dae3f2654f15926d3ee1489f6d9 Mon Sep 17 00:00:00 2001 From: Chris Fritz Date: Thu, 6 Aug 2015 20:05:31 +0900 Subject: [PATCH 36/74] Remove unnecessary semicolon from vhosts config Remove semicolon after `{{ vhost.extra_parameters }}` to allow support for blocks like `location ~ \.php$ { ... }`. --- templates/vhosts.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 index 09bda35..4f9e198 100644 --- a/templates/vhosts.j2 +++ b/templates/vhosts.j2 @@ -18,7 +18,7 @@ server { {% endif %} {% if vhost.extra_parameters is defined %} - {{ vhost.extra_parameters }}; + {{ vhost.extra_parameters }} {% endif %} } {% endfor %} From fc88ba2570344c0a7f090fdb34154c961f6001a3 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 24 Aug 2015 13:52:44 -0500 Subject: [PATCH 37/74] Fixes #24: Update apt cache if it hasn't been updated in a day. --- tasks/setup-Debian.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index ced11b6..27e28d5 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -1,4 +1,7 @@ --- +- name: Update apt cache. + apt: update_cache=yes cache_valid_time=86400 + - name: Ensure nginx is installed. apt: pkg: nginx From a08f8cda11c669c0925dbd21b62c2008d70d86b8 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 3 Sep 2015 16:24:58 -0500 Subject: [PATCH 38/74] Fixes #20: Add example of a complete nginx_vhosts entry with extra_parameters. --- README.md | 18 ++++++++++++++++++ defaults/main.yml | 20 ++++++++------------ 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 00bfb8a..6e92a26 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,24 @@ Available variables are listed below, along with default values (see `defaults/m A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`. + nginx_vhosts: + - listen: "80 default_server" + server_name: "example.com" + root: "/var/www/example.com" + index: "index.php index.html index.htm" + error_page: "" + access_log: "" + extra_parameters: | + location ~ \.php$ { + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include fastcgi_params; + } + +An example of a fully-populated nginx_vhosts entry, using a `|` to declare a block of syntax for the `extra_parameters`. + nginx_remove_default_vhost: false Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file. diff --git a/defaults/main.yml b/defaults/main.yml index 8c51fc6..3a075c0 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -22,25 +22,21 @@ nginx_proxy_cache_path: "" nginx_remove_default_vhost: false nginx_vhosts: [] # Example vhost below, showing all available options: -# - { -# listen: "80 default_server", # default: "80 default_server" -# server_name: "example.com", # default: N/A -# root: "/var/www/example.com", # default: N/A -# index: "index.html index.htm", # default: "index.html index.htm" +# - listen: "80 default_server" # default: "80 default_server" +# server_name: "example.com" # default: N/A +# root: "/var/www/example.com" # default: N/A +# index: "index.html index.htm" # default: "index.html index.htm" # # # Properties that are only added if defined: -# error_page: "", -# access_log: "", +# error_page: "" +# access_log: "" # extra_parameters: "" # Can be used to add extra config blocks (multiline). -# } nginx_upstreams: [] -# - { -# name: myapp1, -# strategy: "ip_hash", # "least_conn", etc. +# - name: myapp1 +# strategy: "ip_hash" # "least_conn", etc. # servers: { # "srv1.example.com", # "srv2.example.com weight=3", # "srv3.example.com" # } -# } From 73d7140752a435bc789f5566e6263d0621c1114a Mon Sep 17 00:00:00 2001 From: Asa Gage Date: Thu, 10 Dec 2015 09:00:39 -0500 Subject: [PATCH 39/74] updating vhost conditional expressions to check count of list members --- tasks/vhosts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index 5ee8ec2..621ab6b 100644 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -11,12 +11,12 @@ src: vhosts.j2 dest: "{{ nginx_vhost_path }}/vhosts.conf" mode: 0644 - when: nginx_vhosts + when: nginx_vhosts|length > 0 notify: restart nginx - name: Remove managed vhost config file (if no vhosts are configured). file: path: "{{ nginx_vhost_path }}/vhosts.conf" state: absent - when: not nginx_vhosts + when: nginx_vhosts|length == 0 notify: restart nginx From cc5114dc4f520b89619934d1dd04ea13fef45c1b Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 15:37:58 +0000 Subject: [PATCH 40/74] Re-order template deploy & add validate: Re-ordering the tasks in this way (having the vhosts deployed first) allows the 'validate' param to collectively check the deployed Nginx config. Deploying vhosts after makes it hard to check their validity, as Nginx's config checking will operate on a "master" configuration that includes others (checking those included, also) but would error out when checking these individual configs if they do not contain a fully working Nginx config (which they often don't, due to their nature). --- tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index d63dbac..582875e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -15,6 +15,9 @@ - include: setup-Debian.yml when: ansible_os_family == 'Debian' +# Vhost configuration +- include: vhosts.yml + # Nginx setup. - name: Copy nginx configuration in place. template: @@ -23,9 +26,8 @@ owner: root group: root mode: 0644 + validate: 'nginx -t -c %s' notify: restart nginx - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes - -- include: vhosts.yml From c5a21436b49b95f1e68e34f55b13090027c8963e Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 15:59:05 +0000 Subject: [PATCH 41/74] Adding the ability to define extra options: Defining a new variable (defaults to empty) that allows users to define extra configuration options in the top-level 'http' block. This allows for (optionally) finer grain control. --- README.md | 10 ++++++++++ defaults/main.yml | 2 ++ templates/nginx.conf.j2 | 4 ++++ 3 files changed, 16 insertions(+) diff --git a/README.md b/README.md index 6e92a26..f5982e3 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,16 @@ This value determines the largest file upload possible, as uploads are passed th Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). + nginx_extra_options: "" +Optionally define extra parameters and their values to be insterted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), like so: + + nginx_extra_options: | + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + nginx_default_release: "" (For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx. diff --git a/defaults/main.yml b/defaults/main.yml index 3a075c0..c278611 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -19,6 +19,8 @@ nginx_client_max_body_size: "64m" nginx_proxy_cache_path: "" +nginx_extra_options: "" + nginx_remove_default_vhost: false nginx_vhosts: [] # Example vhost below, showing all available options: diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index c63c61d..a4cead9 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -36,6 +36,10 @@ http { proxy_cache_path {{ nginx_proxy_cache_path }}; {% endif %} +{% if nginx_extra_options %} + {{ nginx_extra_options }} +{% endif %} + {% for upstream in nginx_upstreams %} upstream {{ upstream.name }} { {% if upstream.strategy is defined %} From 3fc2135bc4e2c37e738c4ee3517f21f9940e32a0 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:11:35 +0000 Subject: [PATCH 42/74] Adding example 'nginx_extra_options' comment to defaults/main.yml --- defaults/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index c278611..1aafa01 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,6 +20,13 @@ nginx_client_max_body_size: "64m" nginx_proxy_cache_path: "" nginx_extra_options: "" +# Example extra options +# nginx_extra_options: | +# proxy_buffering off; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Scheme $scheme; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header Host $http_host; nginx_remove_default_vhost: false nginx_vhosts: [] From fe55597334ad4f9c50c2239a522a4e64b298118b Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:18:44 +0000 Subject: [PATCH 43/74] Correcting indentation for 'validate' param --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index 582875e..7b4a917 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -26,7 +26,7 @@ owner: root group: root mode: 0644 - validate: 'nginx -t -c %s' + validate: 'nginx -t -c %s' notify: restart nginx - name: Ensure nginx is started and enabled to start at boot. From cd5e355707d37f564fc94a1df34064a63bb45d6b Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:21:16 +0000 Subject: [PATCH 44/74] Cleaner indentation for 'nginx_extra_options' --- templates/nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index a4cead9..35d66a3 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -37,7 +37,7 @@ http { {% endif %} {% if nginx_extra_options %} - {{ nginx_extra_options }} + {{ nginx_extra_options }} {% endif %} {% for upstream in nginx_upstreams %} From fd6b8c8e6b745874fba042fd95424287ed8f8423 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:36:11 +0000 Subject: [PATCH 45/74] Addning handler for Nginx config validation: Although the 'validate' param was added for the deployment of /etc/nginx.conf - this validation process will only be triggered upon changes. So, if a vhost config is updated, but the main config isn't, the collective config will not be verified. I've added a new handler 'validate nginx configuration' and added this to the 'notify' param as a first list item for vhost config changes. Unfortunately, this will not protect against the deployment of malformed configuration, however it will prevent the restart of Nginx in such a situation (as the 'validate nginx configuration' handler should error out before the 'restart nginx' handler is called). --- handlers/main.yml | 4 ++++ tasks/vhosts.yml | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 92971d2..6f8e638 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,7 @@ --- - name: restart nginx service: name=nginx state=restarted + +- name: validate nginx configuration + command: nginx -t -c /etc/nginx.conf + changed_when: False diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index 621ab6b..9cee3d3 100644 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -12,11 +12,16 @@ dest: "{{ nginx_vhost_path }}/vhosts.conf" mode: 0644 when: nginx_vhosts|length > 0 - notify: restart nginx + notify: + - validate nginx configuration + - restart nginx - name: Remove managed vhost config file (if no vhosts are configured). file: path: "{{ nginx_vhost_path }}/vhosts.conf" state: absent when: nginx_vhosts|length == 0 - notify: restart nginx + notify: + - validate nginx configuration + - restart nginx + From a248416a4d494117d19d41383753f6dbd7d77cf3 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:55:29 +0000 Subject: [PATCH 46/74] Ensuring all instances that notify 'restart nginx' also validate first --- tasks/main.yml | 4 +++- tasks/vhosts.yml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 7b4a917..bdc3f00 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -27,7 +27,9 @@ group: root mode: 0644 validate: 'nginx -t -c %s' - notify: restart nginx + notify: + - validate nginx configuration + - restart nginx - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index 9cee3d3..5a7bde8 100644 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -4,7 +4,9 @@ path: "{{ nginx_default_vhost_path }}" state: absent when: nginx_remove_default_vhost - notify: restart nginx + notify: + - validate nginx configuration + - restart nginx - name: Add managed vhost config file (if any vhosts are configured). template: From bfa4fe79252050885a591a0efd1eabdfa5f87ec5 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 17:07:47 +0000 Subject: [PATCH 47/74] Correcting nginx config path in validate handler --- handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index 6f8e638..124c8ba 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,5 +3,5 @@ service: name=nginx state=restarted - name: validate nginx configuration - command: nginx -t -c /etc/nginx.conf + command: nginx -t -c /etc/nginx/nginx.conf changed_when: False From 19ddc34cbbafa165d4fd2fd73f7cd09b75c08349 Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Fri, 25 Dec 2015 19:42:17 +0000 Subject: [PATCH 48/74] Only add root if it's defined --- templates/vhosts.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 index 4f9e198..94611bf 100644 --- a/templates/vhosts.j2 +++ b/templates/vhosts.j2 @@ -3,7 +3,10 @@ server { listen {{ vhost.listen | default('80 default_server') }}; server_name {{ vhost.server_name }}; + {% if vhost.root is defined %} root {{ vhost.root }}; + {% endif %} + index {{ vhost.index | default('index.html index.htm') }}; {% if vhost.error_page is defined %} From 3de8c915a08e753f588ac4527e3725a2aa6a9199 Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Mon, 28 Dec 2015 13:09:41 +0000 Subject: [PATCH 49/74] Add error_log --- templates/vhosts.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 index 4f9e198..17adf4d 100644 --- a/templates/vhosts.j2 +++ b/templates/vhosts.j2 @@ -12,6 +12,9 @@ server { {% if vhost.access_log is defined %} access_log {{ vhost.access_log }}; {% endif %} + {% if vhost.error_log is defined %} + error_log {{ vhost.error_log }} error; + {% endif %} {% if vhost.return is defined %} return {{ vhost.return }}; From 74fe80b1cb8388dacef78b2f075360aaf809101a Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Mon, 28 Dec 2015 13:10:15 +0000 Subject: [PATCH 50/74] Document error_log --- defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/defaults/main.yml b/defaults/main.yml index 3a075c0..5ffe4be 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -30,6 +30,7 @@ nginx_vhosts: [] # # Properties that are only added if defined: # error_page: "" # access_log: "" +# error_log: "" # extra_parameters: "" # Can be used to add extra config blocks (multiline). nginx_upstreams: [] From bd881c0bc7ad3098a18cde603e96ceeea5d79418 Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Mon, 28 Dec 2015 13:16:30 +0000 Subject: [PATCH 51/74] Document error_log --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6e92a26..48737ed 100644 --- a/README.md +++ b/README.md @@ -25,6 +25,7 @@ A list of vhost definitions (server blocks) for Nginx virtual hosts. If left emp index: "index.php index.html index.htm" error_page: "" access_log: "" + error_log: "" extra_parameters: | location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; From 984880098266ef2b7c34686a46fa94f30ba66856 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 28 Dec 2015 09:57:11 -0600 Subject: [PATCH 52/74] PR #36 follow-up: clean up and reformat docs. --- README.md | 5 +++-- defaults/main.yml | 4 ++-- tasks/main.yml | 2 +- templates/nginx.conf.j2 | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f0026e9..dfbbeb1 100644 --- a/README.md +++ b/README.md @@ -79,14 +79,15 @@ This value determines the largest file upload possible, as uploads are passed th Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). nginx_extra_options: "" -Optionally define extra parameters and their values to be insterted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), like so: + +Extra lines to be inserted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), for example: nginx_extra_options: | proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; + proxy_set_header Host $http_host; nginx_default_release: "" diff --git a/defaults/main.yml b/defaults/main.yml index 20fe724..e383993 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,13 +20,13 @@ nginx_client_max_body_size: "64m" nginx_proxy_cache_path: "" nginx_extra_options: "" -# Example extra options +# Example extra options, printed inside the main server http config: # nginx_extra_options: | # proxy_buffering off; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Scheme $scheme; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header Host $http_host; +# proxy_set_header Host $http_host; nginx_remove_default_vhost: false nginx_vhosts: [] diff --git a/tasks/main.yml b/tasks/main.yml index bdc3f00..4822ec6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -15,7 +15,7 @@ - include: setup-Debian.yml when: ansible_os_family == 'Debian' -# Vhost configuration +# Vhost configuration. - include: vhosts.yml # Nginx setup. diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 35d66a3..a4cead9 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -37,7 +37,7 @@ http { {% endif %} {% if nginx_extra_options %} - {{ nginx_extra_options }} + {{ nginx_extra_options }} {% endif %} {% for upstream in nginx_upstreams %} From 357ab200f755483e95e2ae4d5b97f483beade3b5 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 28 Dec 2015 10:01:42 -0600 Subject: [PATCH 53/74] PR #36 follow-up: rename var to nginx_extra_http_options. --- README.md | 4 ++-- defaults/main.yml | 6 +++--- templates/nginx.conf.j2 | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index dfbbeb1..effc254 100644 --- a/README.md +++ b/README.md @@ -78,11 +78,11 @@ This value determines the largest file upload possible, as uploads are passed th Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). - nginx_extra_options: "" + nginx_extra_http_options: "" Extra lines to be inserted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), for example: - nginx_extra_options: | + nginx_extra_http_options: | proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; diff --git a/defaults/main.yml b/defaults/main.yml index e383993..74b900c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -19,9 +19,9 @@ nginx_client_max_body_size: "64m" nginx_proxy_cache_path: "" -nginx_extra_options: "" -# Example extra options, printed inside the main server http config: -# nginx_extra_options: | +nginx_extra_http_options: "" +# Example extra http options, printed inside the main server http config: +# nginx_extra_http_options: | # proxy_buffering off; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Scheme $scheme; diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index a4cead9..7675281 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -36,8 +36,8 @@ http { proxy_cache_path {{ nginx_proxy_cache_path }}; {% endif %} -{% if nginx_extra_options %} - {{ nginx_extra_options }} +{% if nginx_extra_http_options %} + {{ nginx_extra_http_options }} {% endif %} {% for upstream in nginx_upstreams %} From 5294d77fa31359cfc6e810cffcc562b369566102 Mon Sep 17 00:00:00 2001 From: Aleksandr Vinokurov Date: Fri, 22 Jan 2016 12:26:39 +0300 Subject: [PATCH 54/74] Remove new config validation, Fix #41 NOTE: current nginx config validation process breaks SELinux context for pid file, as described in #41 Restart of nginx is not needed for configuration changes and is replaced with reload, which will validate config before applying it, leaving running nginx process untouched in case of any validation errors. Restart handler left in support. --- handlers/main.yml | 3 +++ tasks/main.yml | 4 +--- tasks/vhosts.yml | 9 +++------ 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 124c8ba..3f6d024 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -5,3 +5,6 @@ - name: validate nginx configuration command: nginx -t -c /etc/nginx/nginx.conf changed_when: False + +- name: reload nginx + service: name=nginx state=reloaded diff --git a/tasks/main.yml b/tasks/main.yml index 4822ec6..116e75e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -26,10 +26,8 @@ owner: root group: root mode: 0644 - validate: 'nginx -t -c %s' notify: - - validate nginx configuration - - restart nginx + - reload nginx - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index 5a7bde8..583ff77 100644 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -5,8 +5,7 @@ state: absent when: nginx_remove_default_vhost notify: - - validate nginx configuration - - restart nginx + - reload nginx - name: Add managed vhost config file (if any vhosts are configured). template: @@ -15,8 +14,7 @@ mode: 0644 when: nginx_vhosts|length > 0 notify: - - validate nginx configuration - - restart nginx + - reload nginx - name: Remove managed vhost config file (if no vhosts are configured). file: @@ -24,6 +22,5 @@ state: absent when: nginx_vhosts|length == 0 notify: - - validate nginx configuration - - restart nginx + - reload nginx From 3063875875100edc879361d29ca32f883f4fa488 Mon Sep 17 00:00:00 2001 From: Frederik Wille Date: Mon, 8 Feb 2016 17:52:09 +0100 Subject: [PATCH 55/74] add official nginx ppa for ubuntu adds ppa:nginx to apt repositories when nginx_use_ppa is set to yes (default no) nginx_ppa_version can be either "stable" or "development" this will reinstall nginx if ppa was just added to ensure that the ppa version will be installed --- defaults/main.yml | 3 +++ tasks/main.yml | 3 +++ tasks/setup-Ubuntu.yml | 11 +++++++++++ tests/test.yml | 3 ++- 4 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 tasks/setup-Ubuntu.yml diff --git a/defaults/main.yml b/defaults/main.yml index 74b900c..f5ca355 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -50,3 +50,6 @@ nginx_upstreams: [] # "srv2.example.com weight=3", # "srv3.example.com" # } + +nginx_ppa_version: stable +nginx_use_ppa: false diff --git a/tasks/main.yml b/tasks/main.yml index 116e75e..f2cbd25 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -12,6 +12,9 @@ - include: setup-RedHat.yml when: ansible_os_family == 'RedHat' +- include: setup-Ubuntu.yml + when: ansible_distribution == 'Ubuntu' + - include: setup-Debian.yml when: ansible_os_family == 'Debian' diff --git a/tasks/setup-Ubuntu.yml b/tasks/setup-Ubuntu.yml new file mode 100644 index 0000000..011d177 --- /dev/null +++ b/tasks/setup-Ubuntu.yml @@ -0,0 +1,11 @@ +--- + - name: Add PPA for Nginx. + apt_repository: repo='ppa:nginx/{{ nginx_ppa_version }}' state=present update_cache=yes + register: added_ppa + when: nginx_use_ppa + + - name: ensure nginx is not installed when the ppa was just added + apt: + pkg: nginx + state: absent + when: added_ppa.changed diff --git a/tests/test.yml b/tests/test.yml index 42bba2c..5b55b97 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -2,4 +2,5 @@ - hosts: localhost remote_user: root roles: - - ansible-role-nginx + - role: ansible-role-nginx + nginx_use_ppa: true From 790badecb36e18426d513a4f538f37fdedab0d5e Mon Sep 17 00:00:00 2001 From: Marcin Wolny Date: Thu, 11 Feb 2016 12:48:09 +0100 Subject: [PATCH 56/74] Define nginx's global options and package name. --- defaults/main.yml | 10 ++++++++++ tasks/setup-Debian.yml | 2 +- templates/nginx.conf.j2 | 4 ++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 74b900c..78cd367 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,6 +2,10 @@ # Used only for Debian/Ubuntu installation, as the -t option for apt. nginx_default_release: "" +# Distros like Debian/Ubuntu ships nginx package with different flavors, e.g. +# full, light or extras. +nginx_package_name: "nginx" + nginx_worker_processes: "1" nginx_worker_connections: "1024" @@ -19,6 +23,12 @@ nginx_client_max_body_size: "64m" nginx_proxy_cache_path: "" +nginx_extra_conf_options: "" +# Example extra main options, used within the main nginx's context: +# nginx_extra_conf_options: | +# env VARIABLE; +# include /etc/nginx/main.d/*.conf; + nginx_extra_http_options: "" # Example extra http options, printed inside the main server http config: # nginx_extra_http_options: | diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 27e28d5..2a72a15 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -4,6 +4,6 @@ - name: Ensure nginx is installed. apt: - pkg: nginx + pkg: "{{ nginx_package_name }}" state: installed default_release: "{{ nginx_default_release }}" diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 7675281..c8149ad 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -9,6 +9,10 @@ events { worker_connections {{ nginx_worker_connections }}; } +{% if nginx_extra_conf_options %} +{{ nginx_extra_conf_options }} +{% endif %} + http { include /etc/nginx/mime.types; default_type application/octet-stream; From aebf9c6c630bb307158221a62c95bac5dc7abafc Mon Sep 17 00:00:00 2001 From: Colin Hoglund Date: Wed, 17 Feb 2016 13:52:17 -0500 Subject: [PATCH 57/74] changing Debian pidfile --- templates/nginx.conf.j2 | 2 +- vars/Debian.yml | 1 + vars/RedHat.yml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 7675281..8a252f0 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -1,7 +1,7 @@ user {{ nginx_user }}; error_log {{ nginx_error_log }}; -pid /var/run/nginx.pid; +pid {{ nginx_pidfile }}; worker_processes {{ nginx_worker_processes }}; diff --git a/vars/Debian.yml b/vars/Debian.yml index b1bad08..7e4d549 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,5 +1,6 @@ --- nginx_conf_path: /etc/nginx/conf.d +nginx_pidfile: /run/nginx.pid nginx_vhost_path: /etc/nginx/sites-enabled nginx_default_vhost_path: /etc/nginx/sites-enabled/default __nginx_user: "www-data" diff --git a/vars/RedHat.yml b/vars/RedHat.yml index fb9049e..91164ce 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,5 +1,6 @@ --- nginx_conf_path: /etc/nginx/conf.d +nginx_pidfile: /var/run/nginx.pid nginx_vhost_path: /etc/nginx/conf.d nginx_default_vhost_path: /etc/nginx/conf.d/default.conf __nginx_user: "nginx" From c4816d0c08a6a523fb6bd6b4c81cca674e459242 Mon Sep 17 00:00:00 2001 From: techraf Date: Mon, 29 Feb 2016 23:04:05 +0900 Subject: [PATCH 58/74] Restore nginx's default search pattern for sites-enabled --- templates/nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 7675281..cb5b2b1 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -53,6 +53,6 @@ http { include {{ nginx_conf_path }}/*.conf; {% if nginx_conf_path != nginx_vhost_path %} - include {{ nginx_vhost_path }}/*.conf; + include {{ nginx_vhost_path }}/*; {% endif %} } From cf69810612c4c46c9b44abb633141fda7f3a9554 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 29 Feb 2016 14:58:02 -0600 Subject: [PATCH 59/74] PR #46 follow-up. --- defaults/main.yml | 3 +-- tasks/setup-Debian.yml | 2 +- tasks/setup-RedHat.yml | 5 ++++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 78cd367..caa5b67 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,8 +2,7 @@ # Used only for Debian/Ubuntu installation, as the -t option for apt. nginx_default_release: "" -# Distros like Debian/Ubuntu ships nginx package with different flavors, e.g. -# full, light or extras. +# The name of the nginx apt/yum package to install. nginx_package_name: "nginx" nginx_worker_processes: "1" diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml index 2a72a15..43f9ab8 100644 --- a/tasks/setup-Debian.yml +++ b/tasks/setup-Debian.yml @@ -4,6 +4,6 @@ - name: Ensure nginx is installed. apt: - pkg: "{{ nginx_package_name }}" + name: "{{ nginx_package_name }}" state: installed default_release: "{{ nginx_default_release }}" diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml index 73f205e..a1563b7 100644 --- a/tasks/setup-RedHat.yml +++ b/tasks/setup-RedHat.yml @@ -8,4 +8,7 @@ mode: 0644 - name: Ensure nginx is installed. - yum: pkg=nginx state=installed enablerepo=nginx + yum: + name: "{{ nginx_package_name }}" + state: installed + enablerepo: nginx From 8ee00b9266d44f7e537dd6314d0f0009ce1662cb Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Mon, 29 Feb 2016 14:58:50 -0600 Subject: [PATCH 60/74] Update role for Ansible Galaxy 2.x notifications. --- .travis.yml | 4 ++++ meta/main.yml | 24 ++++++++++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/.travis.yml b/.travis.yml index 24648b1..13d7de0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ --- +sudo: required language: python python: "2.7" @@ -33,3 +34,6 @@ script: # TODO - get the test working. Probably need to add a virtual host. # Request a page via Nginx, to make sure Nginx is running and responds. # - "curl http://localhost/" + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ diff --git a/meta/main.yml b/meta/main.yml index efbe68f..c39d00b 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -6,18 +6,18 @@ galaxy_info: description: Nginx installation for Linux/UNIX. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" - min_ansible_version: 1.4 + min_ansible_version: 1.8 platforms: - - name: EL - versions: - - 6 - - 7 - - name: Debian - versions: - - all - - name: Ubuntu - versions: - - all - categories: + - name: EL + versions: + - 6 + - 7 + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: - development - web From 5f6b023f68b570abb4974d773d2d3f6d038f66f6 Mon Sep 17 00:00:00 2001 From: Levent YALCIN Date: Thu, 17 Mar 2016 14:46:59 +0000 Subject: [PATCH 61/74] multi_accept option added --- defaults/main.yml | 1 + templates/nginx.conf.j2 | 1 + 2 files changed, 2 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index caa5b67..c592c83 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,7 @@ nginx_package_name: "nginx" nginx_worker_processes: "1" nginx_worker_connections: "1024" +nginx_multi_accept: "off" nginx_error_log: "/var/log/nginx/error.log warn" nginx_access_log: "/var/log/nginx/access.log main buffer=16k" diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index a0467f5..5060fbd 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -7,6 +7,7 @@ worker_processes {{ nginx_worker_processes }}; events { worker_connections {{ nginx_worker_connections }}; + multi_accept {{ nginx_multi_accept }}; } {% if nginx_extra_conf_options %} From 666e88f2a9fc246b71591fd19db4c3594f13ef09 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Thu, 17 Mar 2016 10:03:04 -0500 Subject: [PATCH 62/74] PR #50 follow-up: Document new variable. --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index effc254..cf7d998 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,9 @@ The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-da nginx_worker_processes: "1" nginx_worker_connections: "1024" + nginx_multi_accept: "off" -`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). +`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). You can set `nginx_multi_accept` to `on` if you want Nginx to accept all connections immediately. nginx_error_log: "/var/log/nginx/error.log warn" nginx_access_log: "/var/log/nginx/access.log main buffer=16k" From e81825546577cfb300efbcaec32aae4716561385 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 25 Mar 2016 22:15:25 -0500 Subject: [PATCH 63/74] PR #45: Clean up var names and document new feature. --- README.md | 5 +++++ defaults/main.yml | 7 ++++--- tasks/setup-Ubuntu.yml | 21 ++++++++++++--------- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index cf7d998..8da8bd2 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,11 @@ Extra lines to be inserted in the top-level `http` block in `nginx.conf`. The va (For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx. + nginx_ppa_use: false + nginx_ppa_version: stable + +(For Ubuntu only) Allows you to use the official Nginx PPA instead of the system's package. You can set the version to `stable` or `development`. + ## Dependencies None. diff --git a/defaults/main.yml b/defaults/main.yml index 35262f6..7c7c893 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,6 +2,10 @@ # Used only for Debian/Ubuntu installation, as the -t option for apt. nginx_default_release: "" +# Use the official Nginx PPA for Ubuntu, and the version to use if so. +nginx_ppa_use: false +nginx_ppa_version: stable + # The name of the nginx apt/yum package to install. nginx_package_name: "nginx" @@ -60,6 +64,3 @@ nginx_upstreams: [] # "srv2.example.com weight=3", # "srv3.example.com" # } - -nginx_ppa_version: stable -nginx_use_ppa: false diff --git a/tasks/setup-Ubuntu.yml b/tasks/setup-Ubuntu.yml index 011d177..920dc0b 100644 --- a/tasks/setup-Ubuntu.yml +++ b/tasks/setup-Ubuntu.yml @@ -1,11 +1,14 @@ --- - - name: Add PPA for Nginx. - apt_repository: repo='ppa:nginx/{{ nginx_ppa_version }}' state=present update_cache=yes - register: added_ppa - when: nginx_use_ppa +- name: Add PPA for Nginx. + apt_repository: + repo: 'ppa:nginx/{{ nginx_ppa_version }}' + state: present + update_cache: yes + register: nginx_ppa_added + when: nginx_ppa_use - - name: ensure nginx is not installed when the ppa was just added - apt: - pkg: nginx - state: absent - when: added_ppa.changed +- name: Ensure nginx will reinstall if the PPA was just added. + apt: + name: nginx + state: absent + when: nginx_ppa_added.changed From 102949fcb8f040486eee5c61b53e495392995799 Mon Sep 17 00:00:00 2001 From: Benjamin Smith Date: Tue, 29 Mar 2016 12:35:06 -0400 Subject: [PATCH 64/74] make the "server_name" directive optional --- templates/vhosts.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 index 60f8f01..04dbf9e 100644 --- a/templates/vhosts.j2 +++ b/templates/vhosts.j2 @@ -1,7 +1,10 @@ {% for vhost in nginx_vhosts %} server { listen {{ vhost.listen | default('80 default_server') }}; + + {% if vhost.server_name is defined %} server_name {{ vhost.server_name }}; + {% endif %} {% if vhost.root is defined %} root {{ vhost.root }}; From 295584baf8d4437bf74992de8e140ed012f4b00c Mon Sep 17 00:00:00 2001 From: Benjamin Smith Date: Tue, 29 Mar 2016 13:15:33 -0400 Subject: [PATCH 65/74] update jinja templates to not leave whitespace from jinja control structures --- templates/nginx.conf.j2 | 17 +++++++++-------- templates/vhosts.j2 | 22 ++++++++++++++-------- 2 files changed, 23 insertions(+), 16 deletions(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index d2b0fd4..9df22ab 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -10,9 +10,9 @@ events { multi_accept {{ nginx_multi_accept }}; } -{% if nginx_extra_conf_options %} +{% if nginx_extra_conf_options -%} {{ nginx_extra_conf_options }} -{% endif %} +{%- endif %} http { include /etc/nginx/mime.types; @@ -37,27 +37,28 @@ http { #gzip on; -{% if nginx_proxy_cache_path %} +{%- if nginx_proxy_cache_path -%} proxy_cache_path {{ nginx_proxy_cache_path }}; {% endif %} -{% if nginx_extra_http_options %} +{%- if nginx_extra_http_options -%} {{ nginx_extra_http_options }} {% endif %} -{% for upstream in nginx_upstreams %} +{%- for upstream in nginx_upstreams -%} upstream {{ upstream.name }} { -{% if upstream.strategy is defined %} +{%- if upstream.strategy is defined -%} {{ upstream.strategy }}; {% endif %} -{% for server in upstream.servers %} +{%- for server in upstream.servers -%} server {{ server }}; {% endfor %} } {% endfor %} include {{ nginx_conf_path }}/*.conf; -{% if nginx_conf_path != nginx_vhost_path %} +{%- if nginx_conf_path != nginx_vhost_path -%} include {{ nginx_vhost_path }}/*; {% endif %} + } diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 index 60f8f01..81f67f4 100644 --- a/templates/vhosts.j2 +++ b/templates/vhosts.j2 @@ -1,30 +1,36 @@ -{% for vhost in nginx_vhosts %} +{% for vhost in nginx_vhosts -%} server { + listen {{ vhost.listen | default('80 default_server') }}; server_name {{ vhost.server_name }}; - {% if vhost.root is defined %} + {%- if vhost.root is defined -%} root {{ vhost.root }}; {% endif %} - index {{ vhost.index | default('index.html index.htm') }}; + {%- if vhost.index is defined -%} + index {{ vhost.index }}; + {% endif %} - {% if vhost.error_page is defined %} + {%- if vhost.error_page is defined -%} error_page {{ vhost.error_page }}; {% endif %} - {% if vhost.access_log is defined %} + + {%- if vhost.access_log is defined -%} access_log {{ vhost.access_log }}; {% endif %} - {% if vhost.error_log is defined %} + + {%- if vhost.error_log is defined -%} error_log {{ vhost.error_log }} error; {% endif %} - {% if vhost.return is defined %} + {%- if vhost.return is defined -%} return {{ vhost.return }}; {% endif %} - {% if vhost.extra_parameters is defined %} + {%- if vhost.extra_parameters is defined -%} {{ vhost.extra_parameters }} {% endif %} + } {% endfor %} From 3d71531209b7a9ed6f55194d59cb12374bc1d420 Mon Sep 17 00:00:00 2001 From: Bartek Rutkowski Date: Fri, 22 Apr 2016 20:29:39 +0100 Subject: [PATCH 66/74] Add FreeBSD support. --- meta/main.yml | 9 ++++++++- tasks/main.yml | 7 +++++-- tasks/setup-FreeBSD.yml | 13 +++++++++++++ templates/nginx.conf.j2 | 2 +- vars/Debian.yml | 3 +++ vars/FreeBSD.yml | 9 +++++++++ vars/RedHat.yml | 3 +++ 7 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 tasks/setup-FreeBSD.yml create mode 100644 vars/FreeBSD.yml diff --git a/meta/main.yml b/meta/main.yml index c39d00b..fab65e4 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -3,7 +3,7 @@ dependencies: [] galaxy_info: author: geerlingguy - description: Nginx installation for Linux/UNIX. + description: Nginx installation for Linux and FreeBSD. company: "Midwestern Mac, LLC" license: "license (BSD, MIT)" min_ansible_version: 1.8 @@ -18,6 +18,13 @@ galaxy_info: - name: Ubuntu versions: - all + - name: FreeBSD + versions: + - 10.3 + - 10.2 + - 10.1 + - 10.0 + - 9.3 galaxy_tags: - development - web diff --git a/tasks/main.yml b/tasks/main.yml index f2cbd25..2363838 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -18,6 +18,9 @@ - include: setup-Debian.yml when: ansible_os_family == 'Debian' +- include: setup-FreeBSD.yml + when: ansible_os_family == 'FreeBSD' + # Vhost configuration. - include: vhosts.yml @@ -25,9 +28,9 @@ - name: Copy nginx configuration in place. template: src: nginx.conf.j2 - dest: /etc/nginx/nginx.conf + dest: "{{ nginx_conf_file_path }}" owner: root - group: root + group: "{{ root_group }}" mode: 0644 notify: - reload nginx diff --git a/tasks/setup-FreeBSD.yml b/tasks/setup-FreeBSD.yml new file mode 100644 index 0000000..dedd05b --- /dev/null +++ b/tasks/setup-FreeBSD.yml @@ -0,0 +1,13 @@ +--- +- name: Update pkg cache. + shell: pkg update -f + +- name: Ensure nginx is installed. + pkgng: + name: "{{ nginx_package_name }}" + state: present + +- name: Create logs directory. + file: + path: /var/log/nginx + state: directory \ No newline at end of file diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index d2b0fd4..8213eec 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -15,7 +15,7 @@ events { {% endif %} http { - include /etc/nginx/mime.types; + include {{ nginx_mime_file_path }}; default_type application/octet-stream; server_names_hash_bucket_size 64; diff --git a/vars/Debian.yml b/vars/Debian.yml index 7e4d549..cb12770 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -1,5 +1,8 @@ --- +root_group: root nginx_conf_path: /etc/nginx/conf.d +nginx_conf_file_path: /etc/nginx/nginx.conf +nginx_mime_file_path: /etc/nginx/mime.types nginx_pidfile: /run/nginx.pid nginx_vhost_path: /etc/nginx/sites-enabled nginx_default_vhost_path: /etc/nginx/sites-enabled/default diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml new file mode 100644 index 0000000..bd2425d --- /dev/null +++ b/vars/FreeBSD.yml @@ -0,0 +1,9 @@ +--- +root_group: wheel +nginx_conf_path: /usr/local/etc/nginx/conf.d +nginx_conf_file_path: /usr/local/etc/nginx/nginx.conf +nginx_mime_file_path: /usr/local/etc/nginx/mime.types +nginx_pidfile: /var/run/nginx.pid +nginx_vhost_path: /usr/local/etc/nginx/sites-enabled +nginx_default_vhost_path: /usr/local/etc/nginx/sites-enabled/default +__nginx_user: "www" \ No newline at end of file diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 91164ce..0138f8d 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,5 +1,8 @@ --- +root_group: root nginx_conf_path: /etc/nginx/conf.d +nginx_conf_file_path: /etc/nginx/nginx.conf +nginx_mime_file_path: /etc/nginx/mime.types nginx_pidfile: /var/run/nginx.pid nginx_vhost_path: /etc/nginx/conf.d nginx_default_vhost_path: /etc/nginx/conf.d/default.conf From cbbcc8db162190ba70d54a1438022b0d4514cadc Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 29 Apr 2016 19:45:54 -0500 Subject: [PATCH 67/74] Whitespace fixes and follow-up for PR #54. --- README.md | 4 ++-- tasks/setup-FreeBSD.yml | 2 +- vars/FreeBSD.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 8da8bd2..89a387f 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx) -Installs Nginx on RedHat/CentOS or Debian/Ubuntu linux servers. +Installs Nginx on RedHat/CentOS or Debian/Ubuntu Linux, or FreeBSD servers. -This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. +This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems) or pkgng (on FreeBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. ## Requirements diff --git a/tasks/setup-FreeBSD.yml b/tasks/setup-FreeBSD.yml index dedd05b..7aa8837 100644 --- a/tasks/setup-FreeBSD.yml +++ b/tasks/setup-FreeBSD.yml @@ -10,4 +10,4 @@ - name: Create logs directory. file: path: /var/log/nginx - state: directory \ No newline at end of file + state: directory diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml index bd2425d..b032f98 100644 --- a/vars/FreeBSD.yml +++ b/vars/FreeBSD.yml @@ -6,4 +6,4 @@ nginx_mime_file_path: /usr/local/etc/nginx/mime.types nginx_pidfile: /var/run/nginx.pid nginx_vhost_path: /usr/local/etc/nginx/sites-enabled nginx_default_vhost_path: /usr/local/etc/nginx/sites-enabled/default -__nginx_user: "www" \ No newline at end of file +__nginx_user: "www" From 1d3ac0840d594d623b7d6ce97dafea1c8353f21f Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 6 May 2016 11:13:17 -0500 Subject: [PATCH 68/74] Fixes #28: Make server_names_hash_bucket_size configurable. --- README.md | 4 ++++ defaults/main.yml | 2 ++ templates/nginx.conf.j2 | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 89a387f..854fa32 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,10 @@ Nginx keepalive settings. Timeout should be set higher (10s+) if you have more p This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low. + nginx_server_names_hash_bucket_size: "64" + +If you have many server names, or have very long server names, you might get an Nginx error on startup requiring this value to be increased. + nginx_proxy_cache_path: "" Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). diff --git a/defaults/main.yml b/defaults/main.yml index 7c7c893..620dc09 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -25,6 +25,8 @@ nginx_keepalive_requests: "100" nginx_client_max_body_size: "64m" +nginx_server_names_hash_bucket_size: "64" + nginx_proxy_cache_path: "" nginx_extra_conf_options: "" diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 8213eec..e9499e7 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -18,7 +18,7 @@ http { include {{ nginx_mime_file_path }}; default_type application/octet-stream; - server_names_hash_bucket_size 64; + server_names_hash_bucket_size {{ nginx_server_names_hash_bucket_size }}; client_max_body_size {{ nginx_client_max_body_size }}; From 4fb38405f9a61f69306ac5cb6d01db28b38b9a80 Mon Sep 17 00:00:00 2001 From: Jeff Geerling Date: Fri, 6 May 2016 16:44:36 -0500 Subject: [PATCH 69/74] Revert "prevent whitespace from jinja control structures from making it into templates" --- templates/nginx.conf.j2 | 17 ++++++++--------- templates/vhosts.j2 | 22 ++++++++-------------- 2 files changed, 16 insertions(+), 23 deletions(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 65e0dbd..e9499e7 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -10,9 +10,9 @@ events { multi_accept {{ nginx_multi_accept }}; } -{% if nginx_extra_conf_options -%} +{% if nginx_extra_conf_options %} {{ nginx_extra_conf_options }} -{%- endif %} +{% endif %} http { include {{ nginx_mime_file_path }}; @@ -37,28 +37,27 @@ http { #gzip on; -{%- if nginx_proxy_cache_path -%} +{% if nginx_proxy_cache_path %} proxy_cache_path {{ nginx_proxy_cache_path }}; {% endif %} -{%- if nginx_extra_http_options -%} +{% if nginx_extra_http_options %} {{ nginx_extra_http_options }} {% endif %} -{%- for upstream in nginx_upstreams -%} +{% for upstream in nginx_upstreams %} upstream {{ upstream.name }} { -{%- if upstream.strategy is defined -%} +{% if upstream.strategy is defined %} {{ upstream.strategy }}; {% endif %} -{%- for server in upstream.servers -%} +{% for server in upstream.servers %} server {{ server }}; {% endfor %} } {% endfor %} include {{ nginx_conf_path }}/*.conf; -{%- if nginx_conf_path != nginx_vhost_path -%} +{% if nginx_conf_path != nginx_vhost_path %} include {{ nginx_vhost_path }}/*; {% endif %} - } diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 index 74f45f2..04dbf9e 100644 --- a/templates/vhosts.j2 +++ b/templates/vhosts.j2 @@ -1,39 +1,33 @@ -{% for vhost in nginx_vhosts -%} +{% for vhost in nginx_vhosts %} server { - listen {{ vhost.listen | default('80 default_server') }}; {% if vhost.server_name is defined %} server_name {{ vhost.server_name }}; {% endif %} - {%- if vhost.root is defined -%} + {% if vhost.root is defined %} root {{ vhost.root }}; {% endif %} - {%- if vhost.index is defined -%} - index {{ vhost.index }}; - {% endif %} + index {{ vhost.index | default('index.html index.htm') }}; - {%- if vhost.error_page is defined -%} + {% if vhost.error_page is defined %} error_page {{ vhost.error_page }}; {% endif %} - - {%- if vhost.access_log is defined -%} + {% if vhost.access_log is defined %} access_log {{ vhost.access_log }}; {% endif %} - - {%- if vhost.error_log is defined -%} + {% if vhost.error_log is defined %} error_log {{ vhost.error_log }} error; {% endif %} - {%- if vhost.return is defined -%} + {% if vhost.return is defined %} return {{ vhost.return }}; {% endif %} - {%- if vhost.extra_parameters is defined -%} + {% if vhost.extra_parameters is defined %} {{ vhost.extra_parameters }} {% endif %} - } {% endfor %} From a8cefea244d785c6906e2027a83092e6e5eb8963 Mon Sep 17 00:00:00 2001 From: Ivan Grynenko Date: Sun, 12 Jun 2016 13:00:20 +1000 Subject: [PATCH 70/74] Updated as subtree with my customisations. --- README.md | 0 defaults/main.yml | 2 +- handlers/main.yml | 0 meta/main.yml | 0 tasks/main.yml | 0 tasks/setup-Debian.yml | 0 tasks/setup-FreeBSD.yml | 0 tasks/setup-RedHat.yml | 0 tasks/setup-Ubuntu.yml | 0 tasks/vhosts.yml | 6 ++++++ templates/nginx.conf.j2 | 2 +- templates/nginx.repo.j2 | 0 templates/vhosts.j2 | 0 tests/inventory | 0 tests/test.yml | 0 vars/Debian.yml | 0 vars/FreeBSD.yml | 0 vars/RedHat.yml | 0 18 files changed, 8 insertions(+), 2 deletions(-) mode change 100644 => 100755 README.md mode change 100644 => 100755 defaults/main.yml mode change 100644 => 100755 handlers/main.yml mode change 100644 => 100755 meta/main.yml mode change 100644 => 100755 tasks/main.yml mode change 100644 => 100755 tasks/setup-Debian.yml mode change 100644 => 100755 tasks/setup-FreeBSD.yml mode change 100644 => 100755 tasks/setup-RedHat.yml mode change 100644 => 100755 tasks/setup-Ubuntu.yml mode change 100644 => 100755 tasks/vhosts.yml mode change 100644 => 100755 templates/nginx.conf.j2 mode change 100644 => 100755 templates/nginx.repo.j2 mode change 100644 => 100755 templates/vhosts.j2 mode change 100644 => 100755 tests/inventory mode change 100644 => 100755 tests/test.yml mode change 100644 => 100755 vars/Debian.yml mode change 100644 => 100755 vars/FreeBSD.yml mode change 100644 => 100755 vars/RedHat.yml diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/defaults/main.yml b/defaults/main.yml old mode 100644 new mode 100755 index 620dc09..8c9f67e --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,7 +9,7 @@ nginx_ppa_version: stable # The name of the nginx apt/yum package to install. nginx_package_name: "nginx" -nginx_worker_processes: "1" +nginx_worker_processes: "auto" nginx_worker_connections: "1024" nginx_multi_accept: "off" diff --git a/handlers/main.yml b/handlers/main.yml old mode 100644 new mode 100755 diff --git a/meta/main.yml b/meta/main.yml old mode 100644 new mode 100755 diff --git a/tasks/main.yml b/tasks/main.yml old mode 100644 new mode 100755 diff --git a/tasks/setup-Debian.yml b/tasks/setup-Debian.yml old mode 100644 new mode 100755 diff --git a/tasks/setup-FreeBSD.yml b/tasks/setup-FreeBSD.yml old mode 100644 new mode 100755 diff --git a/tasks/setup-RedHat.yml b/tasks/setup-RedHat.yml old mode 100644 new mode 100755 diff --git a/tasks/setup-Ubuntu.yml b/tasks/setup-Ubuntu.yml old mode 100644 new mode 100755 diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml old mode 100644 new mode 100755 index 583ff77..560b455 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -16,6 +16,12 @@ notify: - reload nginx +- name: Creates Nginx vhost directory + file: path=/var/www/html/{{ server_hostname }} state=directory owner={{ nginx_user }} group={{ nginx_user }} mode=0775 recurse=yes + when: nginx_vhosts|length > 0 + notify: + - reload nginx + - name: Remove managed vhost config file (if no vhosts are configured). file: path: "{{ nginx_vhost_path }}/vhosts.conf" diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 old mode 100644 new mode 100755 index e9499e7..86eda73 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -35,7 +35,7 @@ http { keepalive_timeout {{ nginx_keepalive_timeout }}; keepalive_requests {{ nginx_keepalive_requests }}; - #gzip on; + gzip on; {% if nginx_proxy_cache_path %} proxy_cache_path {{ nginx_proxy_cache_path }}; diff --git a/templates/nginx.repo.j2 b/templates/nginx.repo.j2 old mode 100644 new mode 100755 diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 old mode 100644 new mode 100755 diff --git a/tests/inventory b/tests/inventory old mode 100644 new mode 100755 diff --git a/tests/test.yml b/tests/test.yml old mode 100644 new mode 100755 diff --git a/vars/Debian.yml b/vars/Debian.yml old mode 100644 new mode 100755 diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml old mode 100644 new mode 100755 diff --git a/vars/RedHat.yml b/vars/RedHat.yml old mode 100644 new mode 100755 From f6a03f8812e39f64b0dc08c004057453e18a7e91 Mon Sep 17 00:00:00 2001 From: Ivan Grynenko Date: Sun, 12 Jun 2016 13:53:40 +1000 Subject: [PATCH 71/74] Added vmuser user and updated vars for nginx vhost directory. --- tasks/vhosts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index 560b455..6af3173 100755 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -17,7 +17,7 @@ - reload nginx - name: Creates Nginx vhost directory - file: path=/var/www/html/{{ server_hostname }} state=directory owner={{ nginx_user }} group={{ nginx_user }} mode=0775 recurse=yes + file: path=/var/www/html/{{ server_hostname }} state=directory owner={{ php_fpm_pool_user }} group={{ php_fpm_pool_group }} mode=0755 recurse=yes when: nginx_vhosts|length > 0 notify: - reload nginx From bcc1e84553dcbb2cb63f0e990b386269b5c87940 Mon Sep 17 00:00:00 2001 From: Ivan Grynenko Date: Mon, 13 Jun 2016 13:31:43 +1000 Subject: [PATCH 72/74] Adding bigpipe support to nginx. --- tasks/main.yml | 10 ++++++++++ templates/headers.conf.j2 | 7 +++++++ 2 files changed, 17 insertions(+) create mode 100644 templates/headers.conf.j2 diff --git a/tasks/main.yml b/tasks/main.yml index 2363838..b260532 100755 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -35,5 +35,15 @@ notify: - reload nginx +- name: Copy headers config file in place. + template: + src: headers.conf.j2 + dest: "{{ nginx_conf_file_path }}/conf.d" + owner: root + group: "{{ root_group }}" + mode: 0644 + notify: + - reload nginx + - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes diff --git a/templates/headers.conf.j2 b/templates/headers.conf.j2 new file mode 100644 index 0000000..3dc3b46 --- /dev/null +++ b/templates/headers.conf.j2 @@ -0,0 +1,7 @@ +{% if nginx_bigpipe_enable %} + add_header X-Accel-Buffering: no; +{% endif %} +add_header X-Frame-Options SAMEORIGIN; +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; From eaa42967a3e36f5cb259cc981ae3893aa245867a Mon Sep 17 00:00:00 2001 From: Ivan Grynenko Date: Mon, 13 Jun 2016 13:36:41 +1000 Subject: [PATCH 73/74] Fixing nginx con path and setting hostname. --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index b260532..d0d9ef8 100755 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -38,7 +38,7 @@ - name: Copy headers config file in place. template: src: headers.conf.j2 - dest: "{{ nginx_conf_file_path }}/conf.d" + dest: "{{ nginx_conf_path }}" owner: root group: "{{ root_group }}" mode: 0644 From 91b647d5324ae4117f38c1890ba7bea442e3036c Mon Sep 17 00:00:00 2001 From: Ivan Grynenko Date: Tue, 14 Jun 2016 11:15:44 +1000 Subject: [PATCH 74/74] Fixing default server for Nginx in Ubuntu --- templates/vhosts.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/vhosts.j2 b/templates/vhosts.j2 index 04dbf9e..20bcf6f 100755 --- a/templates/vhosts.j2 +++ b/templates/vhosts.j2 @@ -1,6 +1,6 @@ {% for vhost in nginx_vhosts %} server { - listen {{ vhost.listen | default('80 default_server') }}; + listen {{ vhost.listen | default('80') }}; {% if vhost.server_name is defined %} server_name {{ vhost.server_name }};