From cc5114dc4f520b89619934d1dd04ea13fef45c1b Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 15:37:58 +0000 Subject: [PATCH 1/8] Re-order template deploy & add validate: Re-ordering the tasks in this way (having the vhosts deployed first) allows the 'validate' param to collectively check the deployed Nginx config. Deploying vhosts after makes it hard to check their validity, as Nginx's config checking will operate on a "master" configuration that includes others (checking those included, also) but would error out when checking these individual configs if they do not contain a fully working Nginx config (which they often don't, due to their nature). --- tasks/main.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index d63dbac..582875e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -15,6 +15,9 @@ - include: setup-Debian.yml when: ansible_os_family == 'Debian' +# Vhost configuration +- include: vhosts.yml + # Nginx setup. - name: Copy nginx configuration in place. template: @@ -23,9 +26,8 @@ owner: root group: root mode: 0644 + validate: 'nginx -t -c %s' notify: restart nginx - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes - -- include: vhosts.yml From c5a21436b49b95f1e68e34f55b13090027c8963e Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 15:59:05 +0000 Subject: [PATCH 2/8] Adding the ability to define extra options: Defining a new variable (defaults to empty) that allows users to define extra configuration options in the top-level 'http' block. This allows for (optionally) finer grain control. --- README.md | 10 ++++++++++ defaults/main.yml | 2 ++ templates/nginx.conf.j2 | 4 ++++ 3 files changed, 16 insertions(+) diff --git a/README.md b/README.md index 6e92a26..f5982e3 100644 --- a/README.md +++ b/README.md @@ -77,6 +77,16 @@ This value determines the largest file upload possible, as uploads are passed th Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). + nginx_extra_options: "" +Optionally define extra parameters and their values to be insterted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), like so: + + nginx_extra_options: | + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Scheme $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + nginx_default_release: "" (For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx. diff --git a/defaults/main.yml b/defaults/main.yml index 3a075c0..c278611 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -19,6 +19,8 @@ nginx_client_max_body_size: "64m" nginx_proxy_cache_path: "" +nginx_extra_options: "" + nginx_remove_default_vhost: false nginx_vhosts: [] # Example vhost below, showing all available options: diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index c63c61d..a4cead9 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -36,6 +36,10 @@ http { proxy_cache_path {{ nginx_proxy_cache_path }}; {% endif %} +{% if nginx_extra_options %} + {{ nginx_extra_options }} +{% endif %} + {% for upstream in nginx_upstreams %} upstream {{ upstream.name }} { {% if upstream.strategy is defined %} From 3fc2135bc4e2c37e738c4ee3517f21f9940e32a0 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:11:35 +0000 Subject: [PATCH 3/8] Adding example 'nginx_extra_options' comment to defaults/main.yml --- defaults/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/defaults/main.yml b/defaults/main.yml index c278611..1aafa01 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,6 +20,13 @@ nginx_client_max_body_size: "64m" nginx_proxy_cache_path: "" nginx_extra_options: "" +# Example extra options +# nginx_extra_options: | +# proxy_buffering off; +# proxy_set_header X-Real-IP $remote_addr; +# proxy_set_header X-Scheme $scheme; +# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +# proxy_set_header Host $http_host; nginx_remove_default_vhost: false nginx_vhosts: [] From fe55597334ad4f9c50c2239a522a4e64b298118b Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:18:44 +0000 Subject: [PATCH 4/8] Correcting indentation for 'validate' param --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index 582875e..7b4a917 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -26,7 +26,7 @@ owner: root group: root mode: 0644 - validate: 'nginx -t -c %s' + validate: 'nginx -t -c %s' notify: restart nginx - name: Ensure nginx is started and enabled to start at boot. From cd5e355707d37f564fc94a1df34064a63bb45d6b Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:21:16 +0000 Subject: [PATCH 5/8] Cleaner indentation for 'nginx_extra_options' --- templates/nginx.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index a4cead9..35d66a3 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -37,7 +37,7 @@ http { {% endif %} {% if nginx_extra_options %} - {{ nginx_extra_options }} + {{ nginx_extra_options }} {% endif %} {% for upstream in nginx_upstreams %} From fd6b8c8e6b745874fba042fd95424287ed8f8423 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:36:11 +0000 Subject: [PATCH 6/8] Addning handler for Nginx config validation: Although the 'validate' param was added for the deployment of /etc/nginx.conf - this validation process will only be triggered upon changes. So, if a vhost config is updated, but the main config isn't, the collective config will not be verified. I've added a new handler 'validate nginx configuration' and added this to the 'notify' param as a first list item for vhost config changes. Unfortunately, this will not protect against the deployment of malformed configuration, however it will prevent the restart of Nginx in such a situation (as the 'validate nginx configuration' handler should error out before the 'restart nginx' handler is called). --- handlers/main.yml | 4 ++++ tasks/vhosts.yml | 9 +++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/handlers/main.yml b/handlers/main.yml index 92971d2..6f8e638 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,3 +1,7 @@ --- - name: restart nginx service: name=nginx state=restarted + +- name: validate nginx configuration + command: nginx -t -c /etc/nginx.conf + changed_when: False diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index 621ab6b..9cee3d3 100644 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -12,11 +12,16 @@ dest: "{{ nginx_vhost_path }}/vhosts.conf" mode: 0644 when: nginx_vhosts|length > 0 - notify: restart nginx + notify: + - validate nginx configuration + - restart nginx - name: Remove managed vhost config file (if no vhosts are configured). file: path: "{{ nginx_vhost_path }}/vhosts.conf" state: absent when: nginx_vhosts|length == 0 - notify: restart nginx + notify: + - validate nginx configuration + - restart nginx + From a248416a4d494117d19d41383753f6dbd7d77cf3 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 16:55:29 +0000 Subject: [PATCH 7/8] Ensuring all instances that notify 'restart nginx' also validate first --- tasks/main.yml | 4 +++- tasks/vhosts.yml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 7b4a917..bdc3f00 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -27,7 +27,9 @@ group: root mode: 0644 validate: 'nginx -t -c %s' - notify: restart nginx + notify: + - validate nginx configuration + - restart nginx - name: Ensure nginx is started and enabled to start at boot. service: name=nginx state=started enabled=yes diff --git a/tasks/vhosts.yml b/tasks/vhosts.yml index 9cee3d3..5a7bde8 100644 --- a/tasks/vhosts.yml +++ b/tasks/vhosts.yml @@ -4,7 +4,9 @@ path: "{{ nginx_default_vhost_path }}" state: absent when: nginx_remove_default_vhost - notify: restart nginx + notify: + - validate nginx configuration + - restart nginx - name: Add managed vhost config file (if any vhosts are configured). template: From bfa4fe79252050885a591a0efd1eabdfa5f87ec5 Mon Sep 17 00:00:00 2001 From: cmacrae Date: Tue, 22 Dec 2015 17:07:47 +0000 Subject: [PATCH 8/8] Correcting nginx config path in validate handler --- handlers/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/handlers/main.yml b/handlers/main.yml index 6f8e638..124c8ba 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -3,5 +3,5 @@ service: name=nginx state=restarted - name: validate nginx configuration - command: nginx -t -c /etc/nginx.conf + command: nginx -t -c /etc/nginx/nginx.conf changed_when: False