diff --git a/defaults/main.yml b/defaults/main.yml index 0ffbdf2..3470a99 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,9 @@ # Default is true. nginx_enable: true +# Print NGINX configuration file to terminal after executing playbook. +nginx_debug_output: false + # Specify which version of NGINX you want to install. # Options are 'opensource' or 'plus'. # Default is 'opensource'. @@ -78,34 +81,108 @@ nginx_unit_modules: null # Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus. # Default is false. nginx_status_enable: false +nginx_status_port: 8080 # Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard. # Requires NGINX Plus. # Default is false. nginx_rest_api_enable: false +nginx_rest_api_location: /etc/nginx/conf.d/api.conf +nginx_rest_api_port: 8080 nginx_rest_api_write: false nginx_rest_api_dashboard: false # Enable uploading NGINX configuration files to your system. # Default for uploading files is false. # Default location of files is the files folder within the NGINX Ansible role. -nginx_main_push_enable: false -nginx_main_push_location: conf/nginx.conf -nginx_http_push_enable: false -nginx_http_push_location: conf/http/*.conf -nginx_stream_push_enable: false -nginx_stream_push_location: conf/stream/*.conf +# Upload the main NGINX configuration file. +nginx_main_upload_enable: false +nginx_main_upload_src: conf/nginx.conf +nginx_main_upload_dest: /etc/nginx +# Upload HTTP NGINX configuration files. +nginx_http_upload_enable: false +nginx_http_upload_src: conf/http/*.conf +nginx_http_upload_dest: /etc/nginx/conf.d +# Upload Stream NGINX configuration files. +nginx_stream_upload_enable: false +nginx_stream_upload_src: conf/stream/*.conf +nginx_stream_upload_dest: /etc/nginx/conf.d +# Upload HTML files. +nginx_html_upload_enable: false +nginx_html_upload_src: www/* +nginx_html_upload_dest: /usr/share/nginx/html +# Upload SSL certificates and keys. +nginx_ssl_upload_enable: false +nginx_ssl_crt_upload_src: ssl/*.crt +nginx_ssl_crt_upload_dest: /etc/ssl/certs/ +nginx_ssl_key_upload_src: ssl/*.key +nginx_ssl_key_upload_dest: /etc/ssl/private/ -# Configuration variables to create a templated NGINX configuration. +# Enable crating dynamic templated NGINX HTMK demo websites. +nginx_html_demo_template_enable: false +nginx_html_demo_template: + default: + template_file: www/index.html.j2 + html_file_name: index.html + html_file_location: /usr/share/nginx/html + app_name: default + +# Enable creating dynamic templated NGINX configuration files. # Defaults are the values found in a fresh NGINX installation. nginx_main_template_enable: false -nginx_main_template_user: nginx -nginx_main_template_worker_processes: auto -nginx_main_template_error_level: warn -nginx_main_template_worker_connections: 1024 +nginx_main_template: + template_file: nginx.conf.j2 + conf_file_name: nginx.conf + conf_file_location: /etc/nginx/ + user: nginx + worker_processes: auto + error_level: warn + worker_connections: 1024 + http_enable: true + http_settings: + keepalive_timeout: 65 + cache: false + rate_limit: false + keyval: false + stream_enable: false + +# Enable creating dynamic templated NGINX HTTP configuration files. +# Defaults will not produce a valid configuration. Instead they are meant to showcase +# the options available for templating. Each key represents a new configuration file. +# Comment out load_balancer or web_server depending on whether you wish to create a web server +# or load balancer configuration file. nginx_http_template_enable: false -nginx_http_template_keepalive_timeout: 65 -nginx_http_template_listen: 80 -nginx_http_template_server_name: localhost +nginx_http_template: + default: + template_file: http/default.conf.j2 + conf_file_name: default.conf + conf_file_location: /etc/nginx/conf.d/ + port: 8081 + server_name: localhost + error_page: /usr/share/nginx/html + ssl: + cert: ssl/default.crt + key: ssl/default.key + web_server: + html_file_location: /usr/share/nginx/html + html_file_name: index.html + http_demo_conf: false + load_balancer: + proxy_pass: backend + health_check_plus: false + upstreams: + upstream1: + name: backend + lb_method: least_conn + zone_name: backend + zone_size: 64k + sticky_cookie: false + servers: + server1: + address: localhost + port: 8081 + weight: 1 + +# Enable creating dynamic templated NGINX stream configuration files. nginx_stream_template_enable: false nginx_stream_template_listen: 12345 diff --git a/files/ssl/.gitkeep b/files/ssl/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/files/www/.gitkeep b/files/www/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tasks/conf/debug-output.yml b/tasks/conf/debug-output.yml new file mode 100644 index 0000000..ec6576b --- /dev/null +++ b/tasks/conf/debug-output.yml @@ -0,0 +1,9 @@ +--- +- name: "(Setup: All OSs) Register NGINX configuration" + command: nginx -T + changed_when: false + register: nginx_configuration + +- name: "(Setup: All OSs) Print NGINX configuration" + debug: + var: nginx_configuration.stdout_lines diff --git a/tasks/conf/push-config.yml b/tasks/conf/push-config.yml deleted file mode 100644 index 2768398..0000000 --- a/tasks/conf/push-config.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: "(Setup: All NGINX) Upload NGINX Main Configuration File" - copy: - src: "{{ nginx_main_push_location }}" - dest: /etc/nginx/nginx.conf - backup: yes - notify: "(Handler: All OSs) Reload NGINX" - when: nginx_main_push_enable - -- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" - file: - path: /etc/nginx/conf.d/http - state: directory - when: nginx_http_push_enable - -- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" - copy: - src: "{{ item }}" - dest: /etc/nginx/conf.d/http - backup: yes - with_fileglob: - - "{{ nginx_http_push_location }}" - notify: "(Handler: All OSs) Reload NGINX" - when: nginx_http_push_enable - -- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" - file: - path: /etc/nginx/conf.d/stream - state: directory - when: nginx_stream_push_enable - -- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files" - copy: - src: "{{ item }}" - dest: /etc/nginx/conf.d/stream - backup: yes - with_fileglob: - - "{{ nginx_stream_push_location }}" - notify: "(Handler: All OSs) Reload NGINX" - when: nginx_stream_push_enable diff --git a/tasks/conf/setup-rest-api.yml b/tasks/conf/setup-rest-api.yml index 66f69e2..4b6a63f 100644 --- a/tasks/conf/setup-rest-api.yml +++ b/tasks/conf/setup-rest-api.yml @@ -1,11 +1,11 @@ --- - name: "(Setup: NGINX Plus) Setup NGINX Plus API" blockinfile: - path: "{{ (nginx_http_template_enable) | ternary('/etc/nginx/conf.d/http/api.conf','/etc/nginx/conf.d/api.conf') }}" + path: "{{ nginx_rest_api_location }}" create: yes block: | server { - listen 8080; + listen {{ nginx_rest_api_port }}; location /api { {% if nginx_rest_api_write %} api write=on; diff --git a/tasks/conf/setup-status.yml b/tasks/conf/setup-status.yml index fd4d96c..5a275d4 100644 --- a/tasks/conf/setup-status.yml +++ b/tasks/conf/setup-status.yml @@ -5,7 +5,7 @@ create: yes block: | server { - listen 127.0.0.1:80; + listen 127.0.0.1:{{ nginx_status_port }}; location /nginx_status { stub_status on; allow 127.0.0.1; @@ -21,7 +21,7 @@ create: yes block: | server { - listen 127.0.0.1:80; + listen 127.0.0.1:{{ nginx_status_port }}; location /status { status; allow 127.0.0.1; diff --git a/tasks/conf/template-config.yml b/tasks/conf/template-config.yml index c7ecef7..c3b8d80 100644 --- a/tasks/conf/template-config.yml +++ b/tasks/conf/template-config.yml @@ -1,25 +1,39 @@ --- +- name: "(Setup: All NGINX) Ensure HTML Directory Exists" + file: + path: "{{ item.value.html_file_location }}" + state: directory + with_dict: "{{ nginx_html_demo_template }}" + when: nginx_html_demo_template_enable + +- name: "(Setup: All NGINX) Dynamically Generate HTML Files" + template: + src: "{{ item.value.template_file }}" + dest: "{{ item.value.html_file_location }}/{{ item.value.html_file_name }}" + with_dict: "{{ nginx_html_demo_template }}" + when: nginx_html_demo_template_enable + - name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File" template: - src: nginx.conf.j2 - dest: /etc/nginx/nginx.conf + src: "{{ nginx_main_template.template_file }}" + dest: "{{ nginx_main_template.conf_file_location }}/{{ nginx_main_template.conf_file_name }}" backup: yes when: nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" file: - path: /etc/nginx/conf.d/http + path: "{{ item.value.conf_file_location }}" state: directory + with_dict: "{{ nginx_http_template }}" when: nginx_http_template_enable - name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" template: - src: "{{ item }}" - dest: /etc/nginx/conf.d/http/{{ item | basename | regex_replace('\.j2','') }} + src: "{{ item.value.template_file }}" + dest: "{{ item.value.conf_file_location }}/{{ item.value.conf_file_name }}" backup: yes - with_fileglob: - - "../templates/http/*.j2" + with_dict: "{{ nginx_http_template }}" when: nginx_http_template_enable notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/upload-config.yml b/tasks/conf/upload-config.yml new file mode 100644 index 0000000..8227e5c --- /dev/null +++ b/tasks/conf/upload-config.yml @@ -0,0 +1,81 @@ +--- +- name: "(Setup: All NGINX) Upload NGINX Main Configuration File" + copy: + src: "{{ nginx_main_upload_src }}" + dest: "{{ nginx_main_upload_dest }}" + backup: yes + notify: "(Handler: All OSs) Reload NGINX" + when: nginx_main_upload_enable + +- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" + file: + path: "{{ nginx_http_upload_dest }}" + state: directory + when: nginx_http_upload_enable + +- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" + copy: + src: "{{ item }}" + dest: "{{ nginx_http_upload_dest }}" + backup: yes + with_fileglob: "{{ nginx_http_upload_src }}" + notify: "(Handler: All OSs) Reload NGINX" + when: nginx_http_upload_enable + +- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" + file: + path: "{{ nginx_stream_upload_dest }}" + state: directory + when: nginx_stream_upload_enable + +- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files" + copy: + src: "{{ item }}" + dest: "{{ nginx_stream_upload_dest }}" + backup: yes + with_fileglob: "{{ nginx_stream_upload_src }}" + notify: "(Handler: All OSs) Reload NGINX" + when: nginx_stream_upload_enable + +- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists" + file: + path: "{{ nginx_html_upload_dest }}" + state: directory + when: nginx_html_upload_enable + +- name: "(Setup: All NGINX) Upload NGINX HTML Files" + copy: + src: "{{ item }}" + dest: "{{ nginx_html_upload_dest }}" + backup: yes + with_fileglob: "{{ nginx_html_upload_src }}" + notify: "(Handler: All OSs) Reload NGINX" + when: nginx_html_upload_enable + +- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists" + file: + path: "{{ nginx_ssl_crt_upload_dest }}" + state: directory + when: nginx_ssl_upload_enable + +- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists" + file: + path: "{{ nginx_ssl_key_upload_dest }}" + state: directory + when: nginx_ssl_upload_enable + +- name: "(Setup: All NGINX) Upload NGINX SSL Certificates" + copy: + src: "{{ item }}" + dest: "{{ nginx_ssl_crt_upload_dest }}" + backup: yes + with_fileglob: "{{ nginx_ssl_crt_upload_src }}" + when: nginx_ssl_upload_enable + +- name: "(Setup: All NGINX) Upload NGINX SSL Keys" + copy: + src: "{{ item }}" + dest: "{{ nginx_ssl_key_upload_dest }}" + backup: yes + with_fileglob: "{{ nginx_ssl_key_upload_src }}" + when: nginx_ssl_upload_enable diff --git a/tasks/main.yml b/tasks/main.yml index 1525a2c..1cc0987 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -19,8 +19,8 @@ - import_tasks: modules/install-modules.yml when: true in nginx_modules.values() - - import_tasks: conf/push-config.yml - when: nginx_main_push_enable or nginx_http_push_enable or nginx_stream_push_enable + - import_tasks: conf/upload-config.yml + when: nginx_main_upload_enable or nginx_http_upload_enable or nginx_stream_upload_enable or nginx_html_upload_enable or nginx_ssl_upload_enable - import_tasks: conf/template-config.yml when: nginx_main_template_enable or nginx_http_template_enable or nginx_stream_template_enable @@ -29,7 +29,10 @@ when: nginx_status_enable - import_tasks: conf/setup-rest-api.yml - when: nginx_rest_api_enable and nginx_type == "plus" + when: nginx_rest_api_enable + + - import_tasks: conf/debug-output.yml + when: nginx_debug_output when: nginx_enable diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml index ac39556..af36fbe 100644 --- a/tasks/plus/setup-license.yml +++ b/tasks/plus/setup-license.yml @@ -9,5 +9,5 @@ src: "{{ item }}" dest: /etc/ssl/nginx with_items: - - "{{ license.certificate }}" - - "{{ license.key }}" + - "{{ nginx_license.certificate }}" + - "{{ nginx_license.key }}" diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2 index 0005c36..09a22ce 100644 --- a/templates/http/default.conf.j2 +++ b/templates/http/default.conf.j2 @@ -1,44 +1,64 @@ +{% if item.value.upstreams is defined %} +{% for upstream in item.value.upstreams %} +upstream {{ item.value.upstreams[upstream].name }} { + {{ item.value.upstreams[upstream].lb_method }}; + zone {{ item.value.upstreams[upstream].zone_name }} {{ item.value.upstreams[upstream].zone_size }}; +{% for server in item.value.upstreams[upstream].servers %} + server {{ item.value.upstreams[upstream].servers[server].address }}:{{ item.value.upstreams[upstream].servers[server].port }} weight={{ item.value.upstreams[upstream].servers[server].weight|default("1") }}; +{% endfor %} +{% if item.value.upstreams[upstream].sticky_cookie %} + sticky cookie srv_id expires=1h path=/; +{% endif %} +} +{% endfor %} +{% endif %} + server { - listen {{ nginx_http_template_listen }}; - server_name {{ nginx_http_template_server_name }}; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - +{% if item.value.ssl is defined %} + listen 443 ssl; + ssl_certificate /etc/ssl/certs/{{ item.value.ssl.cert }}; + ssl_certificate_key /etc/ssl/private/{{ item.value.ssl.key }}; +{% else %} + listen {{ item.value.port }}; +{% endif %} + server_name {{ item.value.server_name }}; +{% if item.value.load_balancer is defined %} location / { - root /usr/share/nginx/html; - index index.html index.htm; + proxy_pass http://{{ item.value.load_balancer.proxy_pass }}; +{% if item.value.load_balancer.health_check_plus %} + health_check; +{% endif %} + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } - - #error_page 404 /404.html; - +{% endif %} +{% if item.value.web_server is defined %} + location / { + root {{ item.value.web_server.html_file_location }}; + index {{ item.value.web_server.html_file_name }}; + } +{% if item.value.web_server.http_demo_conf %} + sub_filter_once off; + sub_filter 'server_hostname' '$hostname'; + sub_filter 'server_address' '$server_addr:$server_port'; + sub_filter 'server_url' '$request_uri'; + sub_filter 'remote_addr' '$remote_addr:$remote_port'; + sub_filter 'server_date' '$time_local'; + sub_filter 'client_browser' '$http_user_agent'; + sub_filter 'request_id' '$request_id'; + sub_filter 'nginx_version' '$nginx_version'; + sub_filter 'document_root' '$document_root'; + sub_filter 'proxied_for_ip' '$http_x_forwarded_for'; +{% endif %} +{% endif %} +{% if item.value.error_page is defined %} # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { - root /usr/share/nginx/html; + root {{ item.value.error_page }}; } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} +{% endif %} } diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 2548773..3decb9d 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -1,15 +1,15 @@ -user {{ nginx_main_template_user }}; -worker_processes {{ nginx_main_template_worker_processes }}; +user {{ nginx_main_template.user }}; +worker_processes {{ nginx_main_template.worker_processes }}; -error_log /var/log/nginx/error.log {{ nginx_main_template_error_level }}; +error_log /var/log/nginx/error.log {{ nginx_main_template.error_level }}; pid /var/run/nginx.pid; events { - worker_connections {{ nginx_main_template_worker_connections }}; + worker_connections {{ nginx_main_template.worker_connections }}; } -{% if nginx_http_template_enable %} +{% if nginx_main_template.http_enable %} http { include /etc/nginx/mime.types; default_type application/octet-stream; @@ -23,15 +23,24 @@ http { sendfile on; #tcp_nopush on; - keepalive_timeout {{ nginx_http_template_keepalive_timeout }}; + keepalive_timeout {{ nginx_main_template.http_settings.keepalive_timeout }}; #gzip on; - - include /etc/nginx/conf.d/http/*.conf; +{% if nginx_main_template.http_settings.cache %} + proxy_cache_path /tmp/cache keys_zone=one:10m; +{% endif %} +{% if nginx_main_template.http_settings.rate_limit %} + limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; +{% endif %} +{% if nginx_main_template.http_settings.keyval %} + keyval_zone zone={{nginx_main_template.http_settings.keyval.zone}}:32k state=one.keyval; + keyval $arg_text $text zone=one; +{% endif %} + include /etc/nginx/conf.d/*.conf; } {% endif %} -{% if nginx_stream_template_enable %} +{% if nginx_main_template.stream_enable %} stream { include /etc/nginx/conf.d/stream/*.conf; } diff --git a/templates/stream/default.conf.j2 b/templates/stream/stream.conf.j2 similarity index 100% rename from templates/stream/default.conf.j2 rename to templates/stream/stream.conf.j2 diff --git a/templates/www/index.html.j2 b/templates/www/index.html.j2 new file mode 100644 index 0000000..4e92ddf --- /dev/null +++ b/templates/www/index.html.j2 @@ -0,0 +1,101 @@ + + +
+Web Server name: {{ item.value.name }}
+Server name: {{ ansible_hostname }}
+Server address: {{ ansible_eth0.ipv4.address }}
+User Agent: client_browser
+URI: server_url
+Doc Root: document_root
+Date: server_date
+NGINX Front-End Load Balancer IP:remote_addr
+Client IP: proxied_for_ip
+NGINX Version: nginx_version
+