Add basic assertions (#319)

This commit is contained in:
Alessandro Fael Garcia 2020-09-15 21:27:06 +02:00 committed by GitHub
parent 856a9c93bf
commit 17b5c87d71
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
79 changed files with 1053 additions and 955 deletions

View File

@ -20,7 +20,7 @@ Steps to reproduce the behavior:
A clear and concise description of what you expected to happen. A clear and concise description of what you expected to happen.
**Your environment:** **Your environment:**
- Version of the NGINX Role or specific commit - Version of the NGINX role or specific commit
- Version of Ansible - Version of Ansible
- Target deployment platform - Target deployment platform

View File

@ -4,7 +4,7 @@ Describe the use case and detail of the change. If this PR addresses an issue on
### Checklist ### Checklist
Before creating a PR, run through this checklist and mark each as complete. Before creating a PR, run through this checklist and mark each as complete.
- [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/master/CONTRIBUTING.md) document - [ ] I have read the [CONTRIBUTING](https://github.com/nginxinc/ansible-role-nginx/blob/main/CONTRIBUTING.md) document
- [ ] I have added Molecule tests that prove my fix is effective or that my feature works - [ ] I have added Molecule tests that prove my fix is effective or that my feature works
- [ ] I have checked that all Molecule tests pass after adding my changes - [ ] I have checked that all Molecule tests pass after adding my changes
- [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`) - [ ] I have updated any relevant documentation (`defaults/main/*.yml`, `README.md` and `CHANGELOG.md`)

View File

@ -6,7 +6,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Specific Version" - name: "(Debian/Ubuntu) Install Specific Version"
env: env:
scenario: default scenario: default
- name: "(Alpine) Install Specific Version" - name: "(Alpine Linux) Install Specific Version"
env: env:
scenario: default_alpine scenario: default_alpine
- name: "(CentOS) Install Specific Version" - name: "(CentOS) Install Specific Version"
@ -15,7 +15,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Modules" - name: "(Debian/Ubuntu) Install Modules"
env: env:
scenario: module scenario: module
- name: "(Alpine) Install Modules" - name: "(Alpine Linux) Install Modules"
env: env:
scenario: module_alpine scenario: module_alpine
- name: "(CentOS) Install Modules" - name: "(CentOS) Install Modules"
@ -24,7 +24,7 @@ jobs:
- name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration" - name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration"
env: env:
scenario: stable_push scenario: stable_push
- name: "(Alpine) Install Stable Branch and Push Configuration" - name: "(Alpine Linux) Install Stable Branch and Push Configuration"
env: env:
scenario: stable_push_alpine scenario: stable_push_alpine
- name: "(CentOS) Install Stable Branch and Push Configuration" - name: "(CentOS) Install Stable Branch and Push Configuration"
@ -33,7 +33,7 @@ jobs:
- name: "(Debian/Ubuntu) Use Template Setting" - name: "(Debian/Ubuntu) Use Template Setting"
env: env:
scenario: template scenario: template
- name: "(Alpine) Use Template Setting" - name: "(Alpine Linux) Use Template Setting"
env: env:
scenario: template_alpine scenario: template_alpine
- name: "(CentOS) Use Template Setting" - name: "(CentOS) Use Template Setting"
@ -42,7 +42,7 @@ jobs:
- name: "(Debian/Ubuntu) Install NGINX Unit" - name: "(Debian/Ubuntu) Install NGINX Unit"
env: env:
scenario: unit scenario: unit
- name: "(Alpine) Install NGINX Unit" - name: "(Alpine Linux) Install NGINX Unit"
env: env:
scenario: unit_alpine scenario: unit_alpine
- name: "(CentOS) Install NGINX Unit" - name: "(CentOS) Install NGINX Unit"
@ -51,7 +51,7 @@ jobs:
- name: "(Debian/Ubuntu) Install from Source" - name: "(Debian/Ubuntu) Install from Source"
env: env:
scenario: source scenario: source
- name: "(Alpine) Install from Source" - name: "(Alpine Linux) Install from Source"
env: env:
scenario: source_alpine scenario: source_alpine
- name: "(CentOS) Install from Source" - name: "(CentOS) Install from Source"

View File

@ -4,21 +4,32 @@
BREAKING CHANGES: BREAKING CHANGES:
* The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/master/vars/main.yml). * The process to install modules has changed. You will now have to use a list variable, `nginx_modules`, instead of manually setting the modules you want to install to `true` or `false`. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml).
* Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead. * Modules can no longer be added to your NGINX config using this role. Please use the [`nginx_config`](https://github.com/nginxinc/ansible-role-nginx-config) role instead.
* Changed `nginx_configure` default value from `true` to `false` to further promote the adoption of the [NGINX config](https://github.com/nginxinc/ansible-role-nginx-config) role.
FEATURES: FEATURES:
* Add Alpine 3.12 to the list of supported platforms * Two new variables have been introduced:
* Remove Alpine 3.8 from the list of supported platforms * `nginx_setup_license` -- Determine whether you want to use this role to upload your NGINX license to your target host.
* `nginx_debug_tasks` -- Print task related information to give you a better insight into the current progress of the role.
* The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in [`vars/main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml)
* Three new tags have been introduced -- `nginx_setup_license`, `nginx_install` and `nginx_check_support`.
* Add Alpine 3.12 to the list of supported platforms.
* Remove Alpine 3.8 from the list of supported platforms.
ENHANCEMENTS: ENHANCEMENTS:
* Major backend refactoring to reduce the number of files and tasks.
* You can now specify an `nginx_repository` for NGINX Plus too.
* Moved "constant" variables to `vars/main.yml`.
* Included deprecation warnings in task names and files.
* Improved tasks naming conventions.
* Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`. * Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
BUG FIXES: BUG FIXES:
* NGINX Plus repository data for RedHat based distros is now appropriately set. * NGINX Plus repository data for RHEL based distros is now appropriately set.
## 0.16.0 (August 28, 2020) ## 0.16.0 (August 28, 2020)
@ -47,7 +58,7 @@ DEPRECATION WARNING:
With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles: With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
* The NGINX Ansible role will keep working as is and be used to install and setup NGINX. * The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release. * There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
* NGINX Unit has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release. * NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
BREAKING CHANGES: BREAKING CHANGES:

View File

@ -14,25 +14,26 @@ The following is a set of guidelines for contributing to the NGINX Ansible role.
* [Git Guidelines](#git-guidelines) * [Git Guidelines](#git-guidelines)
* [Ansible Guidelines](#ansible-guidelines) * [Ansible Guidelines](#ansible-guidelines)
[Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/master/CODE_OF_CONDUCT.md) [Code of Conduct](https://github.com/nginxinc/ansible-role-nginx/blob/main/CODE_OF_CONDUCT.md)
## Ask a Question ## Ask a Question
Don't know how something works? Curious if the role can achieve your desired functionality. Please open an Issue on GitHub with the label `question`. Don't know how something works? Curious if the role can achieve your desired functionality? Please open an Issue on GitHub with the label `question`.
## Getting Started ## Getting Started
Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/master/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role. Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/blob/main/README.md#Installation) to install Ansible and Molecule and get ready to use the NGINX Ansible role.
### Project Structure ### Project Structure
* The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit. * The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit.
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html) * The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html):
* The main code is found in `tasks/` * The main code is found in `tasks/`.
* The main variables can be found in `defaults/main/*.yml` * Variables can be found in `defaults/main/*.yml`.
* Configuration templates for NGINX can be found in `templates/` * "Constant" variables can be found in `vars/main.yml`.
* Configuration templates for NGINX can be found in `templates/`.
* [Molecule](https://molecule.readthedocs.io/) tests can be found in `molecule/`. * [Molecule](https://molecule.readthedocs.io/) tests can be found in `molecule/`.
* CI/CD is done via Travis using `.travis.yml` deployment yaml files * CI/CD is done via Travis using `.travis.yml` deployment `yaml` files.
## Contributing ## Contributing
@ -46,8 +47,8 @@ To suggest an enhancement, please create an issue on GitHub with the label `enha
### Open a Pull Request ### Open a Pull Request
* Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review * Fork the repo, create a branch, submit a PR when your changes are **tested** (ideally using Molecule) and ready for review.
* Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/master/.github/PULL_REQUEST_TEMPLATE.md) * Fill in [our pull request template](https://github.com/nginxinc/ansible-role-nginx/blob/main/.github/PULL_REQUEST_TEMPLATE.md).
Note: if youd like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature. Note: if youd like to implement a new feature, please consider creating a feature request issue first to start a discussion about the feature.
@ -63,10 +64,10 @@ Note: if youd like to implement a new feature, please consider creating a fea
### Git Guidelines ### Git Guidelines
* Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR * Keep a clean, concise and meaningful git commit history on your branch (within reason), rebasing locally and squashing before submitting a PR.
* Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarised in the next few points * Follow the guidelines of writing a good commit message as described here <https://chris.beams.io/posts/git-commit/> and summarised in the next few points:
* In the subject line, use the present tense ("Add feature" not "Added feature") * In the subject line, use the present tense ("Add feature" not "Added feature").
* In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...") * In the subject line, use the imperative mood ("Move cursor to..." not "Moves cursor to...").
* Limit the subject line to 72 characters or less * Limit the subject line to 72 characters or less.
* Reference issues and pull requests liberally after the subject line * Reference issues and pull requests liberally after the subject line.
* Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`) * Add more detailed description in the body of the git message (`git commit -a` to give you more space and time in your text editor to write a good message instead of `git commit -am`).

View File

@ -10,8 +10,10 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
**Deprecation Warnings:** **Deprecation Warnings:**
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX configuration functionalities included in this role will be removed in an upcoming release. With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on (with the exception of major bugfixes). The NGINX Unit functionalities included in this role will be removed in an upcoming release. * The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
* There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
Requirements Requirements
------------ ------------
@ -42,7 +44,7 @@ Use `git clone https://github.com/nginxinc/ansible-role-nginx.git` to pull the l
Platforms Platforms
--------- ---------
The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline), [NGINX Plus](https://www.nginx.com/products/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages): The NGINX Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html), [NGINX Plus](https://docs.nginx.com/nginx/technical-specs/), the [NGINX Amplify agent](https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-faq.md#21-what-operating-systems-are-supported), and [NGINX Unit](https://unit.nginx.org/installation/#official-packages) (you can also use this role to compile NGINX Open Source from source or install it on BSD systems at your own risk):
**NGINX Open Source** **NGINX Open Source**
@ -54,14 +56,11 @@ Alpine:
- 3.12 - 3.12
CentOS: CentOS:
- 6 - 6
- 7 - 7.4+
- 8 - 8
Debian: Debian:
- stretch - stretch
- buster - buster
FreeBSD:
- 11.2+
- 12
Red Hat: Red Hat:
- 6 - 6
- 7.4+ - 7.4+
@ -72,6 +71,7 @@ SUSE/SLES:
Ubuntu: Ubuntu:
- xenial - xenial
- bionic - bionic
- eoan
- focal - focal
``` ```
@ -82,7 +82,6 @@ Alpine:
- 3.9 - 3.9
- 3.10 - 3.10
- 3.11 - 3.11
- 3.12
Amazon Linux: Amazon Linux:
- 2018.03 - 2018.03
Amazon Linux 2: Amazon Linux 2:
@ -110,6 +109,7 @@ SUSE/SLES:
Ubuntu: Ubuntu:
- xenial - xenial
- bionic - bionic
- eoan
- focal - focal
``` ```
@ -160,7 +160,7 @@ Ubuntu:
Role Variables Role Variables
-------------- --------------
This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main`** directory in the following files: This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main/`** directory in the following files:
- **[defaults/main/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/main.yml):** NGINX installation variables - **[defaults/main/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/main.yml):** NGINX installation variables
- **[defaults/main/amplify.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/amplify.yml):** NGINX Amplify agent installation variables - **[defaults/main/amplify.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/amplify.yml):** NGINX Amplify agent installation variables
@ -170,14 +170,14 @@ This role has multiple variables. The descriptions and defaults for all these va
- **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/bsd.yml):** BSD installation variables - **[defaults/main/bsd.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/bsd.yml):** BSD installation variables
- **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/unit.yml):** NGINX Unit installation variables - **[defaults/main/unit.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/unit.yml):** NGINX Unit installation variables
Similarly, descriptions and defaults for preset variables can be found in the **`vars`** directory: Similarly, descriptions and defaults for preset variables can be found in the **`vars/`** directory in the following files:
- **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** NGINX supported modules - **[vars/main.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/vars/main.yml):** List of supported NGINX platforms and modules
Example Playbooks Example Playbooks
----------------- -----------------
Working functional playbook examples can be found in the **`molecule/common`** directory in the following files: Working functional playbook examples can be found in the **`molecule/common/`** directory in the following files:
- **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate - **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/default_converge.yml):** Install a specific version of NGINX and set up logrotate
- **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules - **[molecule/common/playbooks/module_converge.yml](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml):** Install various NGINX supported modules

View File

@ -1,11 +1,4 @@
--- ---
# Supported distributions
nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
# Supported distributions NGINX Plus
# https://docs.nginx.com/nginx/technical-specs/
nginx_plus_bsd_systems: ['FreeBSD']
# Choose to install BSD packages or ports. # Choose to install BSD packages or ports.
# Options are true for packages or false for ports. # Options are true for packages or false for ports.
# Default is true. # Default is true.
@ -21,6 +14,3 @@ nginx_bsd_update_ports: true
# Options are true for use packages or false for do not use packages. # Options are true for use packages or false for do not use packages.
# Default is true. # Default is true.
nginx_bsd_portinstall_use_packages: true nginx_bsd_portinstall_use_packages: true
# FreeBSD extra packages
nginx_freebsd_extra_packages: ['security/ca_root_nss']

View File

@ -1,13 +0,0 @@
---
# Supported distributions
nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
# Supported distributions NGINX Plus
# https://docs.nginx.com/nginx/technical-specs/
# RedHat={Amazon,CentOS,OracleLinux,RHEL} Debian={Ubuntu,Debian}
nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
# Default locations and versions when 'nginx_install_from; is set to 'source'
pcre_version: pcre-8.44
zlib_version: zlib-1.2.11
openssl_version: openssl-1.1.1g

View File

@ -8,15 +8,18 @@ nginx_enable: true
# Default is true. # Default is true.
nginx_install: true nginx_install: true
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
# Enable NGINX configuration options. # Enable NGINX configuration options.
# Variables for these options can be found in `./template.yml` and `./upload.yml`. # Variables for these options can be found in `./template.yml` and `./upload.yml`.
# Default is true. # Default is false.
nginx_configure: true nginx_configure: false
# Start NGINX service. # Start NGINX service.
# Default is true. # Default is true.
nginx_start: true nginx_start: true
# Print NGINX task information to terminal during playbook execution.
nginx_debug_tasks: false
# Print NGINX configuration file to terminal after executing playbook. # Print NGINX configuration file to terminal after executing playbook.
nginx_debug_output: false nginx_debug_output: false
@ -28,7 +31,7 @@ nginx_type: opensource
# Specify which version of NGINX you want to install. # Specify which version of NGINX you want to install.
# Default is empty. # Default is empty.
# nginx_version: "=19-1~bionic" # nginx_version: "=19-1~bionic"
# For Plus and modules you'll need a wilcard like below (which installs plus-20 and modules) # For NGINX Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
# nginx_version: "-20*" # nginx_version: "-20*"
# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX. # Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
@ -60,10 +63,10 @@ nginx_install_source_zlib: false
# Default is the official NGINX signing key host. # Default is the official NGINX signing key host.
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key # nginx_signing_key: http://nginx.org/keys/nginx_signing.key
# Specify source repository for NGINX Open Source. # Specify repository for NGINX Open Source or NGINX Plus.
# Only works if 'install_from' is set to 'nginx_repository'. # Only works if 'install_from' is set to 'nginx_repository' when installing NGINX Open Source.
# Defaults are the official NGINX repositories. # Defaults are the official NGINX repositories.
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx # nginx_repository: deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx
# Specify which branch of NGINX Open Source you want to install. # Specify which branch of NGINX Open Source you want to install.
# Options are 'mainline' or 'stable'. # Options are 'mainline' or 'stable'.
@ -77,9 +80,13 @@ nginx_license:
certificate: license/nginx-repo.crt certificate: license/nginx-repo.crt
key: license/nginx-repo.key key: license/nginx-repo.key
# Set up NGINX Plus license before installation.
# Default is true.
nginx_setup_license: true
# Remove NGINX Plus license and repository after installation for security purposes. # Remove NGINX Plus license and repository after installation for security purposes.
# Default is false. # Default is false.
nginx_delete_license: false nginx_remove_license: false
# Install NGINX Modules. # Install NGINX Modules.
# You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked). # You can select any of the modules listed below. Beware of NGINX Plus only modules (these are marked).
@ -104,6 +111,7 @@ nginx_modules: []
# - waf # NGINX Plus # - waf # NGINX Plus
# - xslt # - xslt
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
# Remove previously existing NGINX configuration files. # Remove previously existing NGINX configuration files.
# You can specify a list of paths you wish to remove. # You can specify a list of paths you wish to remove.
# You can also choose whether to recurse through the paths specified. # You can also choose whether to recurse through the paths specified.
@ -116,18 +124,3 @@ nginx_cleanup_config_paths:
recurse: false recurse: false
# nginx_cleanup_config_files: # nginx_cleanup_config_files:
# - /etc/nginx/conf.d/default.conf # - /etc/nginx/conf.d/default.conf
# Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own
nginx_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
nginx_selinux_enforcing: true
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
# nginx_selinux_tcp_ports:
# - 80
# - 443
# List of UDP ports to add to http_port_t type
# nginx_selinux_udp_ports:
# - 80
# - 443
# Temporary directory to hold selinux modules
nginx_tempdir: /tmp

15
defaults/main/selinux.yml Normal file
View File

@ -0,0 +1,15 @@
---
# Set SELinux enforcing for NGINX (CentOS/Red Hat only) - you may need to open ports on your own
nginx_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
nginx_selinux_enforcing: true
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
# nginx_selinux_tcp_ports:
# - 80
# - 443
# List of UDP ports to add to http_port_t type
# nginx_selinux_udp_ports:
# - 80
# - 443
# Temporary directory to hold selinux modules
nginx_selinux_tempdir: /tmp

View File

@ -1,3 +1,4 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
--- ---
# Enable creating dynamic templated NGINX HTML demo websites. # Enable creating dynamic templated NGINX HTML demo websites.
nginx_html_demo_template_enable: false nginx_html_demo_template_enable: false

View File

@ -1,3 +1,4 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
--- ---
# Install NGINX Unit and NGINX Unit modules. # Install NGINX Unit and NGINX Unit modules.
# Use a list of supported NGINX Unit modules. # Use a list of supported NGINX Unit modules.

View File

@ -1,3 +1,4 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
--- ---
# Enable uploading NGINX configuration files to your system. # Enable uploading NGINX configuration files to your system.
# Default for uploading files is false. # Default for uploading files is false.

View File

@ -1,30 +1,30 @@
--- ---
- name: "(Handler: All OSs) Check NGINX" - name: "(Handler) Check NGINX"
command: "nginx -t" command: "nginx -t"
changed_when: false changed_when: false
- name: "(Handler: All OSs) Systemd Daemon-Reload" - name: "(Handler) Systemd Daemon-Reload"
systemd: systemd:
daemon_reload: yes daemon_reload: yes
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler) Start NGINX"
- name: "(Handler: All OSs) Run NGINX" - name: "(Handler) Run NGINX"
block: block:
- name: "(Handler: All OSs) Start NGINX" - name: "(Handler) Start NGINX"
service: service:
name: nginx name: nginx
state: started state: started
enabled: yes enabled: yes
notify: "(Handler: All OSs) Check NGINX" notify: "(Handler) Check NGINX"
- name: "(Handler: All OSs) Reload NGINX" - name: "(Handler) Reload NGINX"
command: "nginx -s reload" command: "nginx -s reload"
changed_when: false changed_when: false
when: when:
- nginx_start | bool - nginx_start | bool
- not ansible_check_mode | bool - not ansible_check_mode | bool
- name: "(Handler: All OSs) Start NGINX Amplify Agent" - name: "(Handler) Start NGINX Amplify agent"
service: service:
name: amplify-agent name: amplify-agent
state: started state: started
@ -41,5 +41,5 @@
state: started state: started
enabled: yes enabled: yes
- name: "(Config: All OSs) Run Logrotate" - name: "(Handler) Run logrotate"
command: logrotate -f /etc/logrotate.d/nginx command: logrotate -f /etc/logrotate.d/nginx

View File

@ -17,27 +17,27 @@ ENV {{ var }} {{ value }}
RUN \ RUN \
if [ $(command -v apt-get) ]; then \ if [ $(command -v apt-get) ]; then \
apt-get update \ apt-get update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y python3 sudo bash ca-certificates iproute2 python3-apt aptitude systemd systemd-sysv procps curl \ && DEBIAN_FRONTEND=noninteractive apt-get install -y aptitude bash ca-certificates curl iproute2 python-apt python3 python3-apt procps sudo systemd systemd-sysv vim \
&& apt-get clean; \ && apt-get clean; \
elif [ $(command -v dnf) ]; then \ elif [ $(command -v dnf) ]; then \
dnf makecache \ dnf makecache \
&& dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 bash iproute \ && dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \
&& dnf clean all; \ && dnf clean all; \
elif [ $(command -v yum) ]; then \ elif [ $(command -v yum) ]; then \
yum makecache fast \ yum makecache fast \
&& yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute \ && yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \
&& sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \ && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
&& yum clean all; \ && yum clean all; \
elif [ $(command -v zypper) ]; then \ elif [ $(command -v zypper) ]; then \
zypper refresh \ zypper refresh \
&& zypper install -y python3 sudo bash iproute2 \ && zypper install -y bash iproute2 python3 sudo vim \
&& zypper clean -a; \ && zypper clean -a; \
elif [ $(command -v apk) ]; then \ elif [ $(command -v apk) ]; then \
apk update \ apk update \
&& apk add --no-cache python3 sudo bash ca-certificates curl openrc; \ && apk add --no-cache bash ca-certificates curl openrc python3 sudo vim; \
echo 'rc_provide="loopback net"' >> /etc/rc.conf; \ echo 'rc_provide="loopback net"' >> /etc/rc.conf; \
elif [ $(command -v xbps-install) ]; then \ elif [ $(command -v xbps-install) ]; then \
xbps-install -Syu \ xbps-install -Syu \
&& xbps-install -y python3 sudo bash ca-certificates iproute2 \ && xbps-install -y bash ca-certificates iproute2 python3 sudo vim \
&& xbps-remove -O; \ && xbps-remove -O; \
fi fi

View File

@ -5,22 +5,22 @@
- name: Set repo if Alpine - name: Set repo if Alpine
set_fact: set_fact:
version: "=1.19.1-r1" version: "=1.19.1-r1"
when: ansible_os_family == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: Set repo if Debian - name: Set repo if Debian
set_fact: set_fact:
version: "=1.19.1-1~{{ ansible_distribution_release }}" version: "=1.19.1-1~{{ ansible_facts['distribution_release'] }}"
when: ansible_os_family == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: Set repo if Red Hat - name: Set repo if Red Hat
set_fact: set_fact:
version: "-1.19.1-1.el{{ ansible_distribution_major_version }}.ngx" version: "-1.19.1-1.el{{ ansible_facts['distribution_major_version'] }}.ngx"
when: ansible_os_family == "RedHat" when: ansible_facts['os_family'] == "RedHat"
- name: Enable NGINX @CentOS-AppStream dnf modules - name: Enable NGINX @CentOS-AppStream dnf modules
shell: shell:
args: args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303 cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303
register: dnf_module_enable register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED' changed_when: dnf_module_enable.stdout != 'ENABLED'
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" when: ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '==')
tasks: tasks:
- name: Install NGINX - name: Install NGINX
include_role: include_role:

View File

@ -15,6 +15,7 @@
- 80 - 80
- 443 - 443
nginx_configure: true
nginx_cleanup_config: true nginx_cleanup_config: true
nginx_cleanup_config_paths: nginx_cleanup_config_paths:
- directory: - directory:

View File

@ -8,6 +8,7 @@
vars: vars:
nginx_debug_output: true nginx_debug_output: true
nginx_configure: true
nginx_main_template_enable: true nginx_main_template_enable: true
nginx_main_template: nginx_main_template:
template_file: nginx.conf.j2 template_file: nginx.conf.j2

View File

@ -8,20 +8,20 @@
- unit-perl - unit-perl
- unit-php7 - unit-php7
- unit-python3 - unit-python3
when: ansible_os_family == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: Set module if Debian/RedHat - name: Set module if Debian
set_fact: set_fact:
module: module:
- unit-perl - unit-perl
- unit-php - unit-php
- unit-ruby - unit-ruby
when: ansible_os_family == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: Set module if Red Hat - name: Set module if Red Hat
set_fact: set_fact:
module: module:
- unit-php - unit-php
- unit-go - unit-go
when: ansible_os_family == "RedHat" when: ansible_facts['os_family'] == "RedHat"
tasks: tasks:
- name: Install NGINX Unit - name: Install NGINX Unit
include_role: include_role:

View File

@ -6,13 +6,6 @@ lint: |
yamllint . yamllint .
ansible-lint --force-color ansible-lint --force-color
platforms: platforms:
- name: alpine-3.8
image: alpine:3.8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.9 - name: alpine-3.9
image: alpine:3.9 image: alpine:3.9
dockerfile: ../common/Dockerfile.j2 dockerfile: ../common/Dockerfile.j2

View File

@ -1,24 +1,24 @@
--- ---
- name: "(Setup: All OSs) Configure NGINX Amplify Agent Repository" - name: "Configure NGINX Amplify agent repository"
include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml" include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_facts['os_family'] | lower }}.yml"
when: ansible_os_family == "Debian" when: ansible_facts['os_family'] == "Debian"
or ansible_os_family == "Redhat" or ansible_facts['os_family'] == "Redhat"
- name: "(Install: All OSs) Install NGINX Amplify Agent" - name: "Install NGINX Amplify agent"
package: package:
name: nginx-amplify-agent name: nginx-amplify-agent
state: present state: present
- name: "(Setup: All OSs) Copy NGINX Configurator Agent Configuration Template" - name: "Copy NGINX configurator agent configuration template"
copy: copy:
remote_src: yes remote_src: yes
src: /etc/amplify-agent/agent.conf.default src: /etc/amplify-agent/agent.conf.default
dest: /etc/amplify-agent/agent.conf dest: /etc/amplify-agent/agent.conf
mode: 0644 mode: 0644
- name: "(Setup: All OSs) Configure NGINX Amplify Agent API Key" - name: "Configure NGINX Amplify agent API key"
lineinfile: lineinfile:
dest: /etc/amplify-agent/agent.conf dest: /etc/amplify-agent/agent.conf
regexp: api_key =.* regexp: api_key =.*
line: "api_key = {{ nginx_amplify_api_key }}" line: "api_key = {{ nginx_amplify_api_key }}"
notify: "(Handler: All OSs) Start NGINX Amplify Agent" notify: "(Handler) Start NGINX Amplify agent"

View File

@ -1,16 +1,18 @@
--- ---
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository" - name: "(Debian/Ubuntu) Add NGINX Amplify agent repository"
apt_repository: apt_repository:
filename: nginx-amplify filename: nginx-amplify
repo: deb [arch=amd64] http://packages.amplify.nginx.com/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} amplify-agent repo: >-
deb [arch=amd64] https://packages.amplify.nginx.com/
{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] | lower }} amplify-agent
update_cache: yes update_cache: yes
mode: 0644 mode: 0644
when: ansible_distribution_release != "focal" when: ansible_facts['distribution_release'] != "focal"
- name: "(Install: Debian/Ubuntu) Add NGINX Amplify Agent Repository" - name: "(Ubuntu 20.04) Add NGINX Amplify agent repository"
apt_repository: apt_repository:
filename: nginx-amplify filename: nginx-amplify
repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent repo: deb [arch=amd64] https://packages.amplify.nginx.com/py3/ubuntu focal amplify-agent
update_cache: yes update_cache: yes
mode: 0644 mode: 0644
when: ansible_distribution_release == "focal" when: ansible_facts['distribution_release'] == "focal"

View File

@ -1,8 +1,8 @@
--- ---
- name: "(Install: CentOS/RedHat/Amazon Linux) Add NGINX Amplify Agent Repository" - name: "(Amazon Linux/CentOS/RHEL) Add NGINX Amplify agent repository"
yum_repository: yum_repository:
name: nginx-amplify name: nginx-amplify
baseurl: http://packages.amplify.nginx.com/{{ (ansible_distribution == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/ baseurl: http://packages.amplify.nginx.com/{{ (ansible_facts['distribution'] == "Amazon") | ternary('amzn/', 'centos/') }}/$releasever/$basearch/
description: NGINX Amplify Agent description: NGINX Amplify Agent
enabled: yes enabled: yes
gpgcheck: yes gpgcheck: yes

View File

@ -1,9 +0,0 @@
---
- name: "(Setup: All OSs) Register NGINX configuration"
command: nginx -T
changed_when: false
register: nginx_configuration
- name: "(Setup: All OSs) Print NGINX configuration"
debug:
var: nginx_configuration.stdout_lines

View File

@ -1,35 +0,0 @@
---
- name: "(Config: Alpine) Install Logrotate"
apk:
name: logrotate
when: ansible_os_family == "Alpine"
- name: "(Config: Ubuntu/Debian) Install Logrotate"
apt:
name: logrotate
state: present
when: ansible_os_family == "Debian"
- name: "(Config: CentOS/RedHat) Install Logrotate"
yum:
name: logrotate
state: present
when: ansible_os_family == "RedHat"
- name: "(Config: SUSE) Add Logrotate Repo"
zypper_repository:
repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
when: ansible_os_family == "Suse"
- name: "(Config: SUSE) Install Logrotate"
zypper:
name: logrotate
state: present
when: ansible_os_family == "Suse"
- name: "(Config: All OSs) Create Logrotate Config"
template:
src: "logrotate/nginx.j2"
dest: "/etc/logrotate.d/nginx"
mode: 0644
notify: "(Config: All OSs) Run Logrotate"

View File

@ -1,5 +1,10 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
--- ---
- name: "(Setup: All OSs) Find NGINX Configuration Files" - name: "Deprecation warning"
debug:
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
- name: "(DEPRECATED) Find NGINX Configuration Files"
find: find:
paths: "{{ item.directory }}" paths: "{{ item.directory }}"
patterns: "*.conf" patterns: "*.conf"
@ -8,7 +13,7 @@
when: nginx_cleanup_config_paths is defined when: nginx_cleanup_config_paths is defined
register: nginx_config_files register: nginx_config_files
- name: "(Setup: All OSs) Remove NGINX Configuration Files" - name: "(DEPRECATED) Remove NGINX Configuration Files"
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent

View File

@ -0,0 +1,14 @@
---
- name: "Print NGINX config"
debug:
msg: "Printing NGINX config"
when: nginx_debug_tasks | bool
- name: "Register NGINX configuration"
command: nginx -T
changed_when: false
register: config
- name: "Print NGINX config"
debug:
var: config.stdout_lines

View File

@ -1,11 +1,16 @@
--- ---
- name: "(Setup: Linux) Create Override Directory For NGINX Systemd Service" - name: "Modify systemd"
debug:
msg: "Modifying systemd"
when: nginx_debug_tasks | bool
- name: "Create override directory for NGINX systemd service"
file: file:
path: "{{ nginx_service_overridepath }}" path: "{{ nginx_service_overridepath }}"
state: directory state: directory
mode: 0755 mode: 0755
- name: "(Setup: Linux) Create Override For NGINX Systemd Service" - name: "Create override for NGINX systemd service"
template: template:
src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2" src: "{{ role_path }}/templates/services/nginx.service.override.conf.j2"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@ -15,9 +20,9 @@
when: when:
- not nginx_service_custom | bool - not nginx_service_custom | bool
- not nginx_service_clean | bool - not nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload" notify: "(Handler) Systemd Daemon-Reload"
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service" - name: "Customize override for NGINX systemd service"
copy: copy:
src: "{{ nginx_service_custom_file }}" src: "{{ nginx_service_custom_file }}"
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
@ -27,11 +32,16 @@
when: when:
- nginx_service_custom | bool - nginx_service_custom | bool
- not nginx_service_clean | bool - not nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload" notify: "(Handler) Systemd Daemon-Reload"
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service" - name: "Remove override for NGINX systemd service"
file: file:
path: "{{ nginx_service_overridepath }}" path: "{{ nginx_service_overridepath }}"
state: absent state: absent
when: nginx_service_clean | bool when: nginx_service_clean | bool
notify: "(Handler: All OSs) Systemd Daemon-Reload" notify: "(Handler) Systemd Daemon-Reload"
- name: "Modify systemd"
debug:
msg: "Done modifying systemd"
when: nginx_debug_tasks | bool

View File

@ -0,0 +1,46 @@
---
- name: "Set up logrotate"
debug:
msg: "Setting up logrotate"
when: nginx_debug_tasks | bool
- name: "(Alpine Linux OSs) Install logrotate"
apk:
name: logrotate
when: ansible_facts['os_family'] == "Alpine"
- name: "(Debian OSs) Install logrotate"
apt:
name: logrotate
state: present
when: ansible_facts['os_family'] == "Debian"
- name: "(Red Hat OSs) Install logrotate"
yum:
name: logrotate
state: present
when: ansible_facts['os_family'] == "RedHat"
- name: "(SLES OSs) Set up logrotate"
block:
- name: "(SLES OSs) Configure logrotate repository"
zypper_repository:
repo: https://download.opensuse.org/repositories/openSUSE:Leap:42.1/standard/openSUSE:Leap:42.1.repo
- name: "(SLES OSs) Install Logrotate"
zypper:
name: logrotate
state: present
when: ansible_facts['os_family'] == "Suse"
- name: "Create logrotate config"
template:
src: "logrotate/nginx.j2"
dest: "/etc/logrotate.d/nginx"
mode: 0644
notify: "(Handler) Run logrotate"
- name: "Set up logrotate"
debug:
msg: "Done setting up logrotate"
when: nginx_debug_tasks | bool

View File

@ -1,5 +1,10 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
--- ---
- name: "(Setup: All NGINX) Ensure HTML Directory Exists" - name: "Deprecation warning"
debug:
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
- name: "(DEPRECATED) Ensure HTML Directory Exists"
file: file:
path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}" path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
state: directory state: directory
@ -7,7 +12,7 @@
with_dict: "{{ nginx_html_demo_template }}" with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool when: nginx_html_demo_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate HTML Files" - name: "(DEPRECATED) Dynamically Generate HTML Files"
template: template:
src: "{{ item.value.template_file | default('www/index.html.j2') }}" src: "{{ item.value.template_file | default('www/index.html.j2') }}"
dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}" dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
@ -16,23 +21,23 @@
with_dict: "{{ nginx_html_demo_template }}" with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool when: nginx_html_demo_template_enable | bool
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists" - name: "(DEPRECATED) Ensure NGINX Main Directory Exists"
file: file:
path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}" path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
state: directory state: directory
mode: 0755 mode: 0755
when: nginx_main_template_enable | bool when: nginx_main_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File" - name: "(DEPRECATED) Dynamically Generate NGINX Main Configuration File"
template: template:
src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}" src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}" dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
backup: yes backup: yes
mode: 0644 mode: 0644
when: nginx_main_template_enable | bool when: nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" - name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
file: file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}" path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
state: directory state: directory
@ -40,7 +45,7 @@
with_dict: "{{ nginx_http_template }}" with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool when: nginx_http_template_enable | bool
- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exist" - name: "(DEPRECATED) Ensure NGINX Proxy Cache Directories Exist"
file: file:
path: "{{ item.1.path }}" path: "{{ item.1.path }}"
state: directory state: directory
@ -49,10 +54,10 @@
with_subelements: with_subelements:
- "{{ nginx_http_template }}" - "{{ nginx_http_template }}"
- proxy_cache.proxy_cache_path - proxy_cache.proxy_cache_path
- skip_missing: true - skip_missing: yes
when: nginx_http_template_enable | bool when: nginx_http_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" - name: "(DEPRECATED) Dynamically Generate NGINX HTTP Configuration Files"
template: template:
src: "{{ item.value.template_file | default('http/default.conf.j2') }}" src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}" dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
@ -60,27 +65,27 @@
mode: 0644 mode: 0644
with_dict: "{{ nginx_http_template }}" with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool when: nginx_http_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Dynamically Generate NGINX Stub Status Configuration File" - name: "(DEPRECATED) Dynamically Generate NGINX Stub Status Configuration File"
template: template:
src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}" src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}" dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
backup: yes backup: yes
mode: 0644 mode: 0644
when: nginx_status_enable | bool when: nginx_status_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File" - name: "(DEPRECATED) Dynamically Generate NGINX API Configuration File"
template: template:
src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}" src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"
dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}" dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
backup: yes backup: yes
mode: 0644 mode: 0644
when: nginx_rest_api_enable | bool when: nginx_rest_api_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" - name: "(DEPRECATED) Ensure NGINX Stream Directory Exists"
file: file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}" path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
state: directory state: directory
@ -88,7 +93,7 @@
with_dict: "{{ nginx_stream_template }}" with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool when: nginx_stream_template_enable | bool
- name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files" - name: "(DEPRECATED) Dynamically Generate NGINX Stream Configuration Files"
template: template:
src: "{{ item.value.template_file | default('stream/default.conf.j2') }}" src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}" dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
@ -96,4 +101,4 @@
mode: 0644 mode: 0644
with_dict: "{{ nginx_stream_template }}" with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool when: nginx_stream_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"

View File

@ -1,12 +1,17 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
--- ---
- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists" - name: "Deprecation warning"
debug:
msg: "DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)"
- name: "(DEPRECATED) Ensure NGINX HTML Directory Exists"
file: file:
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}" path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
state: directory state: directory
mode: 0755 mode: 0755
when: nginx_html_upload_enable | bool when: nginx_html_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX HTML Files" - name: "(DEPRECATED) Upload NGINX HTML Files"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}" dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
@ -14,32 +19,32 @@
mode: 0644 mode: 0644
with_fileglob: "{{ nginx_html_upload_src }}" with_fileglob: "{{ nginx_html_upload_src }}"
when: nginx_html_upload_enable | bool when: nginx_html_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists" - name: "(DEPRECATED) Ensure NGINX Main Directory Exists"
file: file:
path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}" path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
state: directory state: directory
mode: 0755 mode: 0755
when: nginx_main_upload_enable | bool when: nginx_main_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX Main Configuration File" - name: "(DEPRECATED) Upload NGINX Main Configuration File"
copy: copy:
src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}" src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}" dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
backup: yes backup: yes
mode: 0644 mode: 0644
when: nginx_main_upload_enable | bool when: nginx_main_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" - name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
file: file:
path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}" path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory state: directory
mode: 0755 mode: 0755
when: nginx_http_upload_enable | bool when: nginx_http_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" - name: "(DEPRECATED) Upload NGINX HTTP Configuration Files"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}" dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
@ -47,16 +52,16 @@
mode: 0644 mode: 0644
with_fileglob: "{{ nginx_http_upload_src }}" with_fileglob: "{{ nginx_http_upload_src }}"
when: nginx_http_upload_enable | bool when: nginx_http_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" - name: "(DEPRECATED) Ensure NGINX Stream Directory Exists"
file: file:
path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}" path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory state: directory
mode: 0755 mode: 0755
when: nginx_stream_upload_enable | bool when: nginx_stream_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files" - name: "(DEPRECATED) Upload NGINX Stream Configuration Files"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}" dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
@ -64,23 +69,23 @@
mode: 0644 mode: 0644
with_fileglob: "{{ nginx_stream_upload_src }}" with_fileglob: "{{ nginx_stream_upload_src }}"
when: nginx_stream_upload_enable | bool when: nginx_stream_upload_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler) Reload NGINX"
- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists" - name: "(DEPRECATED) Ensure SSL Certificate Directory Exists"
file: file:
path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}" path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
state: directory state: directory
mode: 0755 mode: 0755
when: nginx_ssl_upload_enable | bool when: nginx_ssl_upload_enable | bool
- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists" - name: "(DEPRECATED) Ensure SSL Key Directory Exists"
file: file:
path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}" path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
state: directory state: directory
mode: 0755 mode: 0755
when: nginx_ssl_upload_enable | bool when: nginx_ssl_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX SSL Certificates" - name: "(DEPRECATED) Upload NGINX SSL Certificates"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}" dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
@ -90,7 +95,7 @@
with_fileglob: "{{ nginx_ssl_crt_upload_src }}" with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
when: nginx_ssl_upload_enable | bool when: nginx_ssl_upload_enable | bool
- name: "(Setup: All NGINX) Upload NGINX SSL Keys" - name: "(DEPRECATED) Upload NGINX SSL Keys"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}" dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"

View File

@ -1,14 +0,0 @@
---
- name: "(Install: APK OSs) Set Default APK NGINX Signing Key URL"
set_fact:
default_keysite: https://nginx.org/keys/nginx_signing.rsa.pub
- name: "(Install: APK OSs) Set APK NGINX Signing Key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
- name: "(Install: APK OSs) Download NGINX Signing Key"
get_url:
url: "{{ keysite }}"
dest: /etc/apk/keys/nginx_signing.rsa.pub
mode: 0400

View File

@ -1,12 +0,0 @@
---
- name: "(Install: APT OSs) Set Default APT NGINX Signing Key URL"
set_fact:
default_keysite: https://nginx.org/keys/nginx_signing.key
- name: "(Install: APT OSs) Set APT NGINX Signing Key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
- name: "(Install: APT OSs) Add APT NGINX Signing Key"
apt_key:
url: "{{ keysite }}"

View File

@ -1,14 +0,0 @@
---
- name: "(Install: RPM OSs) Set Default RPM NGINX Signing Key"
set_fact:
default_keysite: >-
{{ (ansible_distribution_major_version|int == 6)
| ternary('http://nginx.org/keys/nginx_signing.key', 'https://nginx.org/keys/nginx_signing.key') }}
- name: "(Install: RPM OSs) Set RPM NGINX Signing Key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(default_keysite) }}"
- name: "(Install: RPM OSs) Add RPM NGINX Signing Key"
rpm_key:
key: "{{ keysite }}"

View File

@ -1,16 +1,41 @@
--- ---
- name: "(Setup: Keys) Alpine" - name: "Set up signing keys"
include_tasks: "{{ role_path }}/tasks/keys/apk-key.yml" debug:
when: ansible_os_family == "Alpine" msg: "Setting up signing keys"
tags: nginx_apkkey when: nginx_debug_tasks | bool
- name: "(Setup: Keys) Debian/Ubuntu" - name: "(Alpine Linux) Set up signing key"
include_tasks: "{{ role_path }}/tasks/keys/apt-key.yml" block:
when: ansible_os_family == "Debian" - name: "(Alpine Linux) Set up NGINX signing key URL"
tags: nginx_aptkey set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['rsa_pub']) }}"
- name: "(Setup: Keys) CentOS/RedHat/SUSE" - name: "(Alpine Linux) Download NGINX signing key"
include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml" get_url:
when: ansible_os_family == "RedHat" url: "{{ keysite }}"
or ansible_os_family == "Suse" dest: /etc/apk/keys/nginx_signing.rsa.pub
tags: nginx_rpmkey mode: 0400
when: ansible_facts['os_family'] == "Alpine"
- name: "(Debian/Red Hat/SLES OSs) Set up NGINX signing key URL"
set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key['pgp']) }}"
when: ansible_facts['os_family'] != "Alpine"
- name: "(Debian/Ubuntu) Add NGINX signing key"
apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
url: "{{ keysite }}"
when: ansible_facts['os_family'] == "Debian"
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key"
rpm_key:
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
key: "{{ keysite }}"
validate_certs: "{{ (ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}"
when: ansible_facts['os_family'] in ['RedHat', 'Suse']
- name: "Set up signing keys"
debug:
msg: "Done setting up signing keys"
when: nginx_debug_tasks | bool

View File

@ -1,58 +1,78 @@
--- ---
- name: "(Setup: All OSs) Setup Prerequisites" - name: "Check whether you are using a supported NGINX distribution"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-{{ ansible_os_family | lower }}.yml" assert:
that: (nginx_type == "opensource" and ansible_facts['distribution'] in nginx_distributions)
or (nginx_type == "plus" and ansible_facts['distribution'] in nginx_plus_distributions)
success_msg: "Your OS, {{ ansible_facts['distribution'] }} is supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
fail_msg: "Your OS, {{ ansible_facts['distribution'] }} is not supported by NGINX {{ (nginx_type=='plus') | ternary('Plus', 'Open Source') }}"
when:
- nginx_install | bool
- (nginx_install_from == "nginx_repository" or nginx_type == "plus")
tags: nginx_check_support
- name: "Set up prerequisites"
include_tasks: "{{ role_path }}/tasks/prerequisites/prerequisites.yml"
tags: nginx_prerequisites tags: nginx_prerequisites
- name: "(Setup: All OSs) Setup Keys" - name: "Set up signing keys"
import_tasks: keys/setup-keys.yml include_tasks: "{{ role_path }}/tasks/keys/setup-keys.yml"
when: when: (nginx_install | bool and nginx_install_from == "nginx_repository")
- ansible_os_family == "Alpine" or nginx_amplify_enable | bool or nginx_unit_enable | bool
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"
- nginx_install_from == "nginx_repository"
or nginx_amplify_enable | bool
or nginx_unit_enable | bool
tags: nginx_key tags: nginx_key
- name: "(Install/Config: All OSs) Install and Configure NGINX" - name: "Install and Configure NGINX"
block: block:
- name: "(Install: All OSs) Install NGINX" - name: "Install NGINX"
block: block:
- name: "(Install: All OSs) Install NGINX Open Source" - name: "Install NGINX Open Source"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml" include_tasks: "{{ role_path }}/tasks/opensource/install-oss.yml"
when: nginx_type == "opensource" when: nginx_type == "opensource"
tags: nginx_install_oss tags: nginx_install_oss
- name: "(Install: All OSs) Install NGINX Plus" - name: "Set up NGINX Plus license"
include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml"
when:
- nginx_type == "plus"
- nginx_setup_license | bool
tags: nginx_setup_license
- name: "Install NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml" include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"
when: nginx_type == "plus" when: nginx_type == "plus"
tags: nginx_install_plus tags: nginx_install_plus
- name: "(Install: All OSs) Install NGINX Modules" - name: "Install NGINX modules"
include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml" include_tasks: "{{ role_path }}/tasks/modules/install-modules.yml"
when: when:
- nginx_modules is defined - nginx_modules is defined
- nginx_modules | length > 0 - nginx_modules | length > 0
tags: nginx_install_modules tags: nginx_install_modules
- name: "(Install: All OSs) Delete NGINX Plus License" - name: "Remove NGINX Plus license"
include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml" include_tasks: "{{ role_path }}/tasks/plus/remove-license.yml"
when: when:
- nginx_type == "plus" - nginx_type == "plus"
- nginx_delete_license | bool - nginx_remove_license | bool
tags: nginx_delete_license tags: nginx_remove_license
when: nginx_install | bool
- name: "(Config: All OSs) Configure NGINX" - name: "Modify Service For Systemd"
include_tasks: "{{ role_path }}/tasks/config/modify-systemd.yml"
when:
- ansible_facts['service_mgr'] == "systemd"
- nginx_service_modify | bool
tags: nginx_modify_systemd
when: nginx_install | bool
tags: nginx_install
- name: "(DEPRECATED) Configure NGINX"
block: block:
- name: "(Config: All OSs) Cleanup NGINX Config" - name: "(DEPRECATED) Cleanup NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/cleanup-config.yml" include_tasks: "{{ role_path }}/tasks/config/cleanup-config.yml"
when: nginx_cleanup_config | bool when: nginx_cleanup_config | bool
tags: nginx_cleanup_config tags: nginx_cleanup_config
- name: "(Config: All OSs) Upload NGINX Config" - name: "(DEPRECATED) Upload NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml" include_tasks: "{{ role_path }}/tasks/config/upload-config.yml"
when: nginx_main_upload_enable | bool when: nginx_main_upload_enable | bool
or nginx_http_upload_enable | bool or nginx_http_upload_enable | bool
or nginx_stream_upload_enable | bool or nginx_stream_upload_enable | bool
@ -60,8 +80,8 @@
or nginx_ssl_upload_enable | bool or nginx_ssl_upload_enable | bool
tags: nginx_upload_config tags: nginx_upload_config
- name: "(Config: All OSs) Create NGINX Config" - name: "(DEPRECATED) Create NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/template-config.yml" include_tasks: "{{ role_path }}/tasks/config/template-config.yml"
when: nginx_main_template_enable | bool when: nginx_main_template_enable | bool
or nginx_http_template_enable | bool or nginx_http_template_enable | bool
or nginx_stream_template_enable | bool or nginx_stream_template_enable | bool
@ -69,21 +89,21 @@
tags: nginx_template_config tags: nginx_template_config
when: nginx_configure | bool when: nginx_configure | bool
- name: "(Config: All OSs) Ensure NGINX is Running" - name: "Ensure NGINX is running"
meta: flush_handlers meta: flush_handlers
- name: "(Config: All OSs) Debug Output" - name: "Debug NGINX output"
include_tasks: "{{ role_path }}/tasks/conf/debug-output.yml" include_tasks: "{{ role_path }}/tasks/config/debug-output.yml"
when: nginx_debug_output | bool when: nginx_debug_output | bool
tags: nginx_debug_output tags: nginx_debug_output
- name: "(Config: All OSs): Configure Logrotate" - name: "Configure logrotate for NGINX"
include_tasks: "{{ role_path }}/tasks/conf/logrotate.yml" include_tasks: "{{ role_path }}/tasks/config/setup-logrotate.yml"
when: nginx_logrotate_conf_enable | bool when: nginx_logrotate_conf_enable | bool
tags: nginx_logrotate_config tags: nginx_logrotate_config
when: nginx_enable | bool when: nginx_enable | bool
- name: "(Install: All OSs) Install NGINX Amplify" - name: "Install NGINX Amplify"
include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml" include_tasks: "{{ role_path }}/tasks/amplify/install-amplify.yml"
when: when:
- nginx_amplify_enable | bool - nginx_amplify_enable | bool
@ -91,7 +111,7 @@
- nginx_amplify_api_key | length > 0 - nginx_amplify_api_key | length > 0
tags: nginx_install_amplify tags: nginx_install_amplify
- name: "(Install: All OSs) Install NGINX Unit" - name: "(DEPRECATED) Install NGINX Unit"
include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml" include_tasks: "{{ role_path }}/tasks/unit/install-unit.yml"
when: nginx_unit_enable | bool when: nginx_unit_enable | bool
tags: nginx_install_unit tags: nginx_install_unit

View File

@ -1,12 +1,12 @@
--- ---
- name: "(Install: CentOS) Install GeoIP Required CentOS Dependencies" - name: "(CentOS) Install GeoIP dependencies"
yum: yum:
name: epel-release name: epel-release
when: when:
- ansible_distribution == "CentOS" - ansible_facts['distribution'] == "CentOS"
- '"geoip" in nginx_modules' - '"geoip" in nginx_modules'
- name: "(Install: All OSs) Install NGINX Modules" - name: "Install NGINX Modules"
package: package:
name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}" name: "nginx-{{ (nginx_type == 'plus') | ternary('plus-', '') }}module-{{ item }}{{ nginx_version | default('') }}"
state: present state: present
@ -15,18 +15,18 @@
- (item in nginx_modules_list and nginx_type == 'opensource') - (item in nginx_modules_list and nginx_type == 'opensource')
or (item in nginx_plus_modules_list and nginx_type == 'plus') or (item in nginx_plus_modules_list and nginx_type == 'plus')
- not (item == "auth-spnego") - not (item == "auth-spnego")
or not (ansible_os_family == "Alpine" and (ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') == "3.8")) or not (ansible_facts['os_family'] == "Alpine" and (ansible_facts['distribution_version'] | regex_search('^[0-9]+\\.[0-9]+') is version('3.8', '==')))
- not (item == "geoip") - not (item == "geoip")
or not ((ansible_os_family == "RedHat" and ansible_distribution_major_version == "8") or not ((ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '=='))
or (ansible_os_family == "FreeBSD")) or (ansible_facts['os_family'] == "FreeBSD"))
- not (item == "brotli") - not (item == "brotli")
or not ((ansible_os_family == "Alpine") or not ((ansible_facts['os_family'] == "Alpine")
or (ansible_os_family == "RedHat" and ansible_distribution_major_version < "8") or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('8', '<'))
or (ansible_os_family == "Debian" and ansible_distribution_major_version == "9") or (ansible_facts['os_family'] == "Debian" and ansible_facts['distribution_major_version'] is version('9', '=='))
or (ansible_os_family == "Suse" and ansible_distribution_major_version == "12") or (ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '<'))
or (ansible_distribution == "Amazon") or (ansible_facts['distribution'] == "Amazon")
or (ansible_distribution == "OracleLinux")) or (ansible_facts['distribution'] == "OracleLinux"))
- not (item == "geoip2") or not (ansible_os_family == "Suse") - not (item == "geoip2") or not (ansible_facts['os_family'] == "Suse")
- not (item == "opentracing") - not (item == "opentracing")
or not ((ansible_os_family == "Suse" and ansible_distribution_major_version == "12") or not ((ansible_facts['os_family'] == "Suse" and ansible_facts['distribution_major_version'] is version('12', '=='))
or (ansible_os_family == "RedHat" and ansible_distribution_major_version == "6")) or (ansible_facts['os_family'] == "RedHat" and ansible_facts['distribution_major_version'] is version('6', '==')))

View File

@ -0,0 +1,14 @@
---
- name: "(Alpine Linux) Configure NGINX repository"
lineinfile:
path: /etc/apk/repositories
insertafter: EOF
line: "{{ repository }}"
- name: "(Alpine Linux) Install NGINX"
apk:
name: "nginx{{ nginx_version | default('') }}"
repository: "{{ repository }}"
state: "{{ nginx_state }}"
update_cache: yes
notify: "(Handler) Start NGINX"

View File

@ -0,0 +1,78 @@
---
- name: "(FreeBSD) Update ports"
block:
- name: "(FreeBSD) Fetch ports"
command: portsnap fetch --interactive
args:
creates: /var/db/portsnap/INDEX
- name: "(FreeBSD) Extract ports"
command: portsnap extract
args:
creates: /usr/ports
when:
- ansible_facts['system'] == "FreeBSD"
- nginx_bsd_update_ports | bool
- name: "(FreeBSD) Install NGINX"
block:
- name: "(FreeBSD) Install NGINX package"
pkgng:
name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
- name: "(FreeBSD) Install NGINX port"
portinstall:
name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
when: ansible_facts['system'] == "FreeBSD"
- name: "(OpenBSD) Install NGINX"
block:
- name: "(OpenBSD) Install NGINX package"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: no
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
- name: "(OpenBSD) Install NGINX port"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: yes
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
when: ansible_facts['system'] == "OpenBSD"
- name: "(NetBSD) Install NGINX"
block:
- name: "NetBSD) Install NGINX package"
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
- name: "(NetBSD) Install NGINX port"
fail:
msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_facts['system'] == "NetBSD"
- name: "(DragonFlyBSD/HardenedBSD) Install NGINX"
block:
- name: "Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler) Start NGINX"
- name: "Install NGINX port"
fail:
msg: "{{ ansible_facts['system'] }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_facts['system'] in ['DragonFlyBSD', 'HardenedBSD']

View File

@ -0,0 +1,14 @@
---
- name: "(Debian/Ubuntu) Configure NGINX repository"
apt_repository:
filename: nginx
repo: "{{ item }}"
update_cache: yes
mode: 0644
loop: "{{ repository }}"
- name: "(Debian/Ubuntu) Install NGINX"
apt:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler) Start NGINX"

View File

@ -1,91 +0,0 @@
---
- name: "(Install: FreeBSD) Update Ports"
block:
- name: "(Install: FreeBSD) Fetch Ports"
command: portsnap fetch --interactive
args:
creates: /var/db/portsnap/INDEX
- name: "(Install: FreeBSD) Extract Ports"
command: portsnap extract
args:
creates: /usr/ports
when:
- ansible_system == "FreeBSD"
- nginx_bsd_update_ports | bool
- name: "(Install: FreeBSD)"
block:
- name: "(Install: FreeBSD) Install NGINX Package"
pkgng:
name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: FreeBSD) Install NGINX Port"
portinstall:
name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "FreeBSD"
- name: "(Install: OpenBSD)"
block:
- name: "(Install: OpenBSD) Install NGINX Package"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: no
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: OpenBSD) Install NGINX Port"
openbsd_pkg:
name: "nginx{{ nginx_version | default('') }}"
build: yes
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "OpenBSD"
- name: "(Install: NetBSD)"
block:
- name: "(Install: NetBSD) Install NGINX Package"
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: NetBSD) Install NGINX Port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_system == "NetBSD"
- name: "(Install: DragonFlyBSD)"
block:
- name: "(Install: DragonFlyBSD) Install NGINX Package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: DragonFlyBSD) Install NGINX port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_system == "DragonFlyBSD"
- name: "(Install: HardenedBSD)"
block:
- name: "(Install: HardenedBSD) Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: HardenedBSD) Install NGINX port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages | bool
when: ansible_system == "HardenedBSD"

View File

@ -1,26 +0,0 @@
---
- name: "(Install: Linux) Configure NGINX Repository"
include_tasks: "{{ role_path }}/tasks/opensource/setup-{{ ansible_os_family | lower }}.yml"
when:
- ansible_os_family == "Alpine"
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"
- nginx_install_from == "nginx_repository"
- name: "(Install: Linux) Modify Service For Systemd"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
when:
- ansible_service_mgr == "systemd"
- nginx_service_modify | bool
- name: "(Install: Linux) Install NGINX From Source"
include_tasks: "{{ role_path }}/tasks/opensource/setup-source.yml"
when: nginx_install_from == "source"
- name: "(Install: Linux) Install NGINX Package"
package:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_install_from == "os_repository"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,8 +1,38 @@
--- ---
- name: "(Install: OSS Linux)" - name: "Install NGINX"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss-linux.yml" debug:
when: ansible_os_family in nginx_linux_families msg: "Installing NGINX"
when: nginx_debug_tasks | bool
- name: "(Install: OSS BSD)" - name: "Install NGINX in Linux systems"
include_tasks: "{{ role_path }}/tasks/opensource/install-oss-bsd.yml" block:
when: ansible_system in nginx_bsd_systems - name: "Install NGINX from repository"
block:
- name: "Set NGINX repository"
set_fact:
repository: "{{ nginx_repository | default(nginx_default_repository[ansible_facts['os_family'] | lower]) }}"
- name: "Install NGINX from repository"
include_tasks: "{{ role_path }}/tasks/opensource/install-{{ ansible_facts['os_family'] | lower }}.yml"
when: nginx_install_from == "nginx_repository"
- name: "Install NGINX from source"
include_tasks: "{{ role_path }}/tasks/opensource/install-source.yml"
when: nginx_install_from == "source"
- name: "Install NGINX from package"
package:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_install_from == "os_repository"
notify: "(Handler) Start NGINX"
when: ansible_facts['system'] | lower is not search('bsd')
- name: "Install NGINX in Unix systems"
include_tasks: "{{ role_path }}/tasks/opensource/install-bsd.yml"
when: ansible_facts['system'] | lower is search('bsd')
- name: "Install NGINX"
debug:
msg: "Done installing NGINX"
when: nginx_debug_tasks | bool

View File

@ -0,0 +1,33 @@
---
- name: "(CentOS/RHEL 6/7) Configure NGINX repository"
yum_repository:
name: nginx
baseurl: "{{ repository }}"
description: NGINX Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_facts['distribution_major_version'] is version('8', '<')
- name: "(CentOS/RHEL 8) Configure NGINX repository"
blockinfile:
path: /etc/yum.repos.d/nginx.repo
create: yes
block: |
[nginx]
baseurl = {{ repository }}
enabled = 1
gpgcheck = 1
name = NGINX Repository
module_hotfixes = true
mode: 0644
when: ansible_facts['distribution_major_version'] is version('8', '==')
- name: "(CentOS/RHEL) Install NGINX"
yum:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
disablerepo: "*"
enablerepo: "nginx"
update_cache: yes
notify: "(Handler) Start NGINX"

View File

@ -1,9 +1,9 @@
--- ---
- name: "(Install: Linux) Check For Build Tools" - name: "Check for build tools"
block: block:
- name: "(Install: Centos/RHEL) Setup Python 3" - name: "(CentOS/RHEL 8) Setup python 3"
block: block:
- name: "(Install: Centos/RHEL) Install Python 3" - name: "(CentOS/RHEL 8) Install python 3"
yum: yum:
name: name:
- python3 - python3
@ -11,144 +11,144 @@
- python3-devel - python3-devel
update_cache: yes update_cache: yes
- name: "(Install: Centos/RHEL) Set Python 3 Default" - name: "(Centos/RHEL 8) Set python 3 as default"
alternatives: alternatives:
name: python name: python
path: /usr/bin/python3 path: /usr/bin/python3
link: /usr/bin/python link: /usr/bin/python
when: when:
- ansible_os_family == "RedHat" - ansible_facts['os_family'] == "RedHat"
- ansible_distribution_major_version == "8" - ansible_facts['distribution_major_version'] is version('8', '==')
- name: "(Install: Centos/RHEL) Install Build Tools" - name: "(Centos/RHEL) Install build tools"
yum: yum:
name: name:
- "@Development tools" - "@Development tools"
- ca-certificates
- gcc - gcc
- glibc
- glibc-common
- gd - gd
- gd-devel - gd-devel
- glibc
- glibc-common
- perl-core - perl-core
- wget - wget
- ca-certificates
- zlib-devel - zlib-devel
update_cache: yes update_cache: yes
when: ansible_os_family == "RedHat" when: ansible_facts['os_family'] == "RedHat"
- name: "(Install: Debian) Install Backports Repo For Buster" - name: "(Debian) Install backports repo for buster"
apt_repository: apt_repository:
filename: buster-backports filename: buster-backports
repo: deb http://ftp.us.debian.org/debian buster-backports main repo: deb http://ftp.us.debian.org/debian buster-backports main
update_cache: yes update_cache: yes
mode: 0644 mode: 0644
when: ansible_distribution_release == "buster" when: ansible_facts['distribution_release'] == "buster"
- name: "(Install: Debian/Ubuntu) Install Build Tools" - name: "(Debian/Ubuntu) Install build tools"
apt: apt:
name: name:
- python3-minimal
- build-essential - build-essential
- checkinstall
- libtemplate-perl
- python3-minimal
- perl - perl
- tar - tar
- checkinstall
- zlib1g-dev - zlib1g-dev
- libtemplate-perl
update_cache: yes update_cache: yes
when: ansible_os_family == "Debian" when: ansible_facts['os_family'] == "Debian"
- name: "(Install: Alpine) Install Build Tools" - name: "(Alpine Linux) Install build tools"
apk: apk:
name: name:
- python3
- alpine-sdk - alpine-sdk
- build-base - build-base
- git - git
- wget - openrc
- perl - perl
- python3
- linux-headers - linux-headers
- tar - tar
- openrc - wget
update_cache: yes update_cache: yes
when: ansible_os_family == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: "(Install: Alpine) Enable OpenRC" - name: "(Alpine Linux) Enable OpenRC"
copy: copy:
content: "" content: ""
dest: /run/openrc/softlevel dest: /run/openrc/softlevel
force: no force: no
owner: root owner: root
mode: 0644 mode: 0644
when: ansible_os_family == "Alpine" when: ansible_facts['os_family'] == "Alpine"
when: nginx_install_source_build_tools | bool when: nginx_install_source_build_tools | bool
- name: "(Install: Linux) Check For Source Installs" - name: "Check for source installs"
block: block:
- name: "(Install: Linux) Check For PCRE Install" - name: "Check for PCRE install"
stat: stat:
path: /tmp/{{ pcre_version }} path: /tmp/{{ pcre_version }}
register: pcre_result register: pcre_result
- name: "(Install: Linux) Check For ZLib Install" - name: "Check for ZLib install"
stat: stat:
path: /tmp/{{ zlib_version }} path: /tmp/{{ zlib_version }}
register: zlib_result register: zlib_result
- name: "(Install: Linux) Check For OpenSSL Install" - name: "Check for OpenSSL install"
stat: stat:
path: /tmp/{{ openssl_version }} path: /tmp/{{ openssl_version }}
register: openssl_result register: openssl_result
- name: "(Install: Centos/RHEL) Install PCRE Dependency From Package" - name: "(CentOS/RHEL) Install PCRE dependency from package"
yum: yum:
name: pcre-devel name: pcre-devel
update_cache: yes update_cache: yes
when: when:
- nginx_install_source_pcre | bool - nginx_install_source_pcre | bool
- ansible_os_family == "RedHat" - ansible_facts['os_family'] == "RedHat"
- name: "(Install: Debian/Ubuntu) Install PCRE Dependency From Package" - name: "(Debian/Ubuntu) Install PCRE dependency from package"
apt: apt:
name: libpcre3-dev name: libpcre3-dev
update_cache: yes update_cache: yes
when: when:
- nginx_install_source_pcre | bool - nginx_install_source_pcre | bool
- ansible_os_family == "Debian" - ansible_facts['os_family'] == "Debian"
- name: "(Install: Alpine) Install PCRE Dependency From Package" - name: "(Alpine Linux) Install PCRE dependency from package"
apk: apk:
name: pcre-dev name: pcre-dev
update_cache: yes update_cache: yes
when: when:
- nginx_install_source_pcre | bool - nginx_install_source_pcre | bool
- ansible_os_family == "Alpine" - ansible_facts['os_family'] == "Alpine"
- name: "(Install: Linux) Install PCRE Dependence From Source" - name: "Install PCRE dependence from source"
block: block:
- name: "(Install: Linux) Download PCRE Dependency" - name: "Download PCRE dependency"
get_url: get_url:
url: "http://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz" url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
dest: "/tmp/{{ pcre_version }}.tar.gz" dest: "/tmp/{{ pcre_version }}.tar.gz"
mode: 0600 mode: 0600
register: pcre_source register: pcre_source
- name: "(Install: Linux) Unpack PCRE Dependency" - name: "Unpack PCRE dependency"
unarchive: unarchive:
copy: no copy: no
dest: /tmp/ dest: /tmp/
src: "{{ pcre_source.dest }}" src: "{{ pcre_source.dest }}"
mode: 0700 mode: 0700
- name: "(Install: Linux) Configure PCRE Dependency" - name: "Configure PCRE dependency"
command: "./configure" command: "./configure"
args: args:
chdir: "/tmp/{{ pcre_version }}" chdir: "/tmp/{{ pcre_version }}"
- name: "(Install: Linux) Make PCRE Dependency" - name: "Make PCRE dependency"
make: make:
chdir: "/tmp/{{ pcre_version }}" chdir: "/tmp/{{ pcre_version }}"
- name: "(Install: Linux) Install PCRE Dependency" - name: "Install PCRE dependency"
make: make:
chdir: "/tmp/{{ pcre_version }}" chdir: "/tmp/{{ pcre_version }}"
target: install target: install
@ -156,56 +156,56 @@
- not pcre_result.stat.exists | bool - not pcre_result.stat.exists | bool
- not nginx_install_source_pcre | bool - not nginx_install_source_pcre | bool
- name: "(Install: Centos/RHEL) Install ZLib Dependency From Package" - name: "(Centos/RHEL) Install ZLib dependency from package"
yum: yum:
name: zlib-devel name: zlib-devel
update_cache: yes update_cache: yes
when: when:
- nginx_install_source_zlib | bool - nginx_install_source_zlib | bool
- ansible_os_family == "RedHat" - ansible_facts['os_family'] == "RedHat"
- name: "(Install: Debian/Ubuntu) Install ZLib Dependency From Package" - name: "(Debian/Ubuntu) Install ZLib dependency from package"
apt: apt:
name: zlib1g-dev name: zlib1g-dev
update_cache: true update_cache: true
when: when:
- nginx_install_source_zlib | bool - nginx_install_source_zlib | bool
- ansible_os_family == "Debian" - ansible_facts['os_family'] == "Debian"
- name: "(Install: Alpine) Install ZLib Dependency From Package" - name: "(Alpine Linux) Install ZLib dependency from package"
apk: apk:
name: zlib-dev name: zlib-dev
update_cache: yes update_cache: yes
when: when:
- nginx_install_source_zlib | bool - nginx_install_source_zlib | bool
- ansible_os_family == "Alpine" - ansible_facts['os_family'] == "Alpine"
- name: "(Install: Linux) Install ZLib Dependency From Source" - name: "Install ZLib dependency from source"
block: block:
- name: "(Install: Linux) Download ZLib Dependency" - name: "Download ZLib dependency"
get_url: get_url:
url: "http://zlib.net/{{ zlib_version }}.tar.gz" url: "https://zlib.net/{{ zlib_version }}.tar.gz"
dest: "/tmp/{{ zlib_version }}.tar.gz" dest: "/tmp/{{ zlib_version }}.tar.gz"
mode: 0600 mode: 0600
register: zlib_source register: zlib_source
- name: "(Install: Linux) Unpack ZLib Dependency" - name: "Unpack ZLib dependency"
unarchive: unarchive:
copy: no copy: no
dest: /tmp/ dest: /tmp/
src: "{{ zlib_source.dest }}" src: "{{ zlib_source.dest }}"
mode: 0700 mode: 0700
- name: "(Install: Linux) Configure zlib Dependency" - name: "Configure ZLib dependency"
command: "./configure" command: "./configure"
args: args:
chdir: "/tmp/{{ zlib_version }}" chdir: "/tmp/{{ zlib_version }}"
- name: "(Install: Linux) Make ZLib Dependency" - name: "Make ZLib dependency"
make: make:
chdir: "/tmp/{{ zlib_version }}" chdir: "/tmp/{{ zlib_version }}"
- name: "(Install: Linux) Install ZLib Dependency" - name: "Install ZLib dependency"
make: make:
chdir: "/tmp/{{ zlib_version }}" chdir: "/tmp/{{ zlib_version }}"
target: install target: install
@ -213,56 +213,56 @@
- not zlib_result.stat.exists | bool - not zlib_result.stat.exists | bool
- not nginx_install_source_zlib | bool - not nginx_install_source_zlib | bool
- name: "(Install: Centos/RHEL) Install OpenSSL Dependency From Package" - name: "(CentOS/RHEL) Install OpenSSL dependency from package"
yum: yum:
name: openssl-devel name: openssl-devel
update_cache: yes update_cache: yes
when: when:
- nginx_install_source_openssl | bool - nginx_install_source_openssl | bool
- ansible_os_family == "RedHat" - ansible_facts['os_family'] == "RedHat"
- name: "(Install: Debian/Ubuntu) Install OpenSSL Dependency From Package" - name: "(Debian/Ubuntu) Install OpenSSL dependency from package"
apt: apt:
name: libssl-dev name: libssl-dev
update_cache: yes update_cache: yes
when: when:
- nginx_install_source_openssl | bool - nginx_install_source_openssl | bool
- ansible_os_family == "Debian" - ansible_facts['os_family'] == "Debian"
- name: "(Install: Alpine) Install OpenSSL Dependency From Package" - name: "(Alpine Linux) Install OpenSSL dependency from package"
apk: apk:
name: openssl-dev name: openssl-dev
update_cache: yes update_cache: yes
when: when:
- nginx_install_source_openssl | bool - nginx_install_source_openssl | bool
- ansible_os_family == "Alpine" - ansible_facts['os_family'] == "Alpine"
- name: "(Install: Linux) Install OpenSSL Dependency From Source" - name: "Install OpenSSL dependency from source"
block: block:
- name: "(Install: Linux) Download OpenSSL Dependency" - name: "Download OpenSSL dependency"
get_url: get_url:
url: "http://www.openssl.org/source/{{ openssl_version }}.tar.gz" url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz"
dest: "/tmp/{{ openssl_version }}.tar.gz" dest: "/tmp/{{ openssl_version }}.tar.gz"
mode: 0600 mode: 0600
register: openssl_source register: openssl_source
- name: "(Install: Linux) Unpack OpenSSL Dependency" - name: "Unpack OpenSSL dependency"
unarchive: unarchive:
copy: no copy: no
dest: /tmp/ dest: /tmp/
src: "{{ openssl_source.dest }}" src: "{{ openssl_source.dest }}"
mode: 0700 mode: 0700
- name: "(Install: Linux) Configure OpenSSL Dependency" - name: "Configure OpenSSL dependency"
command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib" command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib"
args: args:
chdir: "/tmp/{{ openssl_version }}" chdir: "/tmp/{{ openssl_version }}"
- name: "(Install: Linux) Make OpenSSL Dependency" - name: "Make OpenSSL dependency"
make: make:
chdir: "/tmp/{{ openssl_version }}" chdir: "/tmp/{{ openssl_version }}"
- name: "(Install: Linux) Install OpenSSL Dependency" - name: "Install OpenSSL dependency"
make: make:
chdir: "/tmp/{{ openssl_version }}" chdir: "/tmp/{{ openssl_version }}"
target: install target: install
@ -270,72 +270,72 @@
- not openssl_result.stat.exists | bool - not openssl_result.stat.exists | bool
- not nginx_install_source_openssl | bool - not nginx_install_source_openssl | bool
- name: "(Install: Linux) Get NGINX Version" - name: "Get NGINX version"
block: block:
- name: "(Install: Linux) Fetch NGINX Version" - name: "Fetch NGINX version"
uri: uri:
url: https://trac.nginx.org/nginx/browser url: https://trac.nginx.org/nginx/browser
return_content: yes return_content: yes
register: nginx_versions register: nginx_versions
- name: "(Install: Linux) Set NGINX Mainline Version" - name: "Set NGINX mainline version"
set_fact: set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}" nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}"
when: nginx_branch == "mainline" when: nginx_branch == "mainline"
- name: "(Install: Linux) Set NGINX Stable Version 1/2" - name: "Set NGINX stable version 1/2"
set_fact: set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}" nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}"
when: nginx_branch == "stable" when: nginx_branch == "stable"
- name: "(Install: Linux) Set NGINX Stable Version 2/2" - name: "Set NGINX stable version 2/2"
set_fact: set_fact:
nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}" nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}"
when: nginx_branch == "stable" when: nginx_branch == "stable"
- name: "(Install: Linux) Set NGINX Download Filename" - name: "Set NGINX download filename"
set_fact: set_fact:
nginx_download_name: "{{ nginx_version }}" nginx_download_name: "{{ nginx_version }}"
- name: "(Install: Linux) Check For NGINX Install" - name: "Check for NGINX install"
stat: stat:
path: /usr/sbin/nginx path: /usr/sbin/nginx
follow: yes follow: yes
register: nginx_result register: nginx_result
- name: "(Install: Linux) Add NGINX User" - name: "Add NGINX user"
user: user:
name: nginx name: nginx
- name: "(Install: Linux) Install NGINX" - name: "Install NGINX"
block: block:
- name: "(Install: Linux) Download NGINX" - name: "Download NGINX"
get_url: get_url:
url: "http://nginx.org/download/{{ nginx_download_name }}.tar.gz" url: "https://nginx.org/download/{{ nginx_download_name }}.tar.gz"
dest: "/tmp/{{ nginx_download_name }}.tar.gz" dest: "/tmp/{{ nginx_download_name }}.tar.gz"
mode: 0600 mode: 0600
register: nginx_source register: nginx_source
- name: "(Install: Linux) Unpack NGINX" - name: "Unpack NGINX"
unarchive: unarchive:
copy: no copy: no
dest: /tmp/ dest: /tmp/
src: "{{ nginx_source.dest }}" src: "{{ nginx_source.dest }}"
mode: 0755 mode: 0755
- name: "(Install: Linux) Configure NGINX" - name: "Configure NGINX"
command: >- command: >-
./configure ./configure
--prefix=/usr
--pid-path=/var/run/nginx.pid
--conf-path=/etc/nginx/nginx.conf --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log --error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --http-log-path=/var/log/nginx/access.log
--lock-path=/var/lock/nginx.lock --lock-path=/var/lock/nginx.lock
--modules-path=/usr/lib/nginx/modules --modules-path=/usr/lib/nginx/modules
--prefix=/usr
--pid-path=/var/run/nginx.pid
--with-http_ssl_module --with-http_ssl_module
--with-stream
--with-mail=dynamic --with-mail=dynamic
--with-stream
{{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }} {{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }}
{{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }} {{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }}
{{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }} {{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }}
@ -343,86 +343,86 @@
chdir: "/tmp/{{ nginx_version }}" chdir: "/tmp/{{ nginx_version }}"
register: nginx_configure register: nginx_configure
- name: "(Install: Linux) Make NGINX" - name: "Make NGINX"
make: make:
chdir: "/tmp/{{ nginx_version }}" chdir: "/tmp/{{ nginx_version }}"
- name: "(Install: Linux) Install NGINX" - name: "Install NGINX"
make: make:
chdir: "/tmp/{{ nginx_version }}" chdir: "/tmp/{{ nginx_version }}"
target: install target: install
- name: "(Install: Linux) Upload systemd NGINX Service File" - name: "Upload systemd NGINX service file"
copy: copy:
src: services/nginx.systemd src: services/nginx.systemd
dest: /lib/systemd/system/nginx.service dest: /lib/systemd/system/nginx.service
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
when: ansible_service_mgr == "systemd" when: ansible_facts['service_mgr'] == "systemd"
- name: "(Install: Linux) Enable systemd NGINX Service File" - name: "Enable systemd NGINX service file"
systemd: systemd:
daemon_reload: yes daemon_reload: yes
name: nginx name: nginx
state: restarted state: restarted
enabled: yes enabled: yes
when: ansible_service_mgr == "systemd" when: ansible_facts['service_mgr'] == "systemd"
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler) Start NGINX"
- name: "(Install: Linux) Upload upstart NGINX Service File" - name: "Upload upstart NGINX service file"
copy: copy:
src: services/nginx.upstart src: services/nginx.upstart
dest: /etc/init.d/nginx dest: /etc/init.d/nginx
owner: root owner: root
group: root group: root
mode: 0755 mode: 0755
when: ansible_service_mgr == "upstart" when: ansible_facts['service_mgr'] == "upstart"
- name: "(Install: Linux) Upload upstart NGINX Service Conf File" - name: "Upload upstart NGINX service conf file"
copy: copy:
src: services/nginx.conf.upstart src: services/nginx.conf.upstart
dest: /etc/init/nginx.conf dest: /etc/init/nginx.conf
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
when: ansible_service_mgr == "upstart" when: ansible_facts['service_mgr'] == "upstart"
- name: "(Install: Linux) Enable upstart NGINX Service Reload" - name: "Enable upstart NGINX service reload"
command: "initctl reload-configuration" command: "initctl reload-configuration"
when: ansible_service_mgr == "upstart" when: ansible_facts['service_mgr'] == "upstart"
- name: "(Install: Linux) Start upstart NGINX Service Reload" - name: "Start upstart NGINX service reload"
command: "nginx" command: "nginx"
when: ansible_service_mgr == "upstart" when: ansible_facts['service_mgr'] == "upstart"
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler) Start NGINX"
- name: "(Install: Linux) Upload sysvinit NGINX Service File" - name: "Upload sysvinit NGINX service file"
copy: copy:
src: services/nginx.sysvinit src: services/nginx.sysvinit
dest: /etc/init.d/nginx dest: /etc/init.d/nginx
owner: root owner: root
group: root group: root
mode: 0755 mode: 0755
when: ansible_service_mgr == "sysvinit" when: ansible_facts['service_mgr'] == "sysvinit"
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler) Start NGINX"
- name: "(Install: Linux) Upload openrc NGINX Service File" - name: "Upload openrc NGINX service file"
copy: copy:
src: services/nginx.openrc src: services/nginx.openrc
dest: /etc/init.d/nginx dest: /etc/init.d/nginx
owner: root owner: root
group: root group: root
mode: 0755 mode: 0755
when: ansible_service_mgr == "openrc" when: ansible_facts['service_mgr'] == "openrc"
- name: "(Install: Linux) Enable openrc NGINX Service" - name: "Enable openrc NGINX service"
command: rc-update add nginx default command: rc-update add nginx default
notify: "(Handler: All OSs) Start NGINX" when: ansible_facts['service_mgr'] == "openrc"
when: ansible_service_mgr == "openrc" notify: "(Handler) Start NGINX"
when: not nginx_result.stat.exists when: not nginx_result.stat.exists
- name: "(Install: Linux) Cleanup Downloads" - name: "Cleanup downloads"
file: file:
path: "{{ item }}" path: "{{ item }}"
state: absent state: absent

View File

@ -0,0 +1,13 @@
---
- name: "(SLES) Configure NGINX repository"
zypper_repository:
name: "nginx-{{ nginx_branch }}"
repo: "{{ repository }}"
- name: "(SLES) Install NGINX"
zypper:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
disable_recommends: no
update_cache: yes
notify: "(Handler) Start NGINX"

View File

@ -1,29 +0,0 @@
---
- name: "(Install: Alpine) Set Default APK NGINX Repository"
set_fact:
default_repository: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version.split('.')[0] }}.{{ ansible_distribution_version.split('.')[1] }}/main
- name: "(Install: Alpine) Set APK NGINX Repository"
set_fact:
repository: "{{ nginx_repository | default(default_repository) }}"
- name: "(Install: Alpine) Add NGINX Repository"
lineinfile:
path: /etc/apk/repositories
insertafter: EOF
line: "{{ repository }}"
- name: "(Install: Alpine) Install Required Alpine Dependencies"
apk:
name:
- openssl
- pcre
- name: "(Install: Alpine) Install NGINX"
apk:
name: "nginx{{ nginx_version | default('') }}"
repository: "{{ repository }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,28 +0,0 @@
---
- name: "(Install: Debian/Ubuntu) Set Default APT NGINX Repository"
set_fact:
default_repository:
- >-
deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
- >-
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
- name: "(Install: Debian/Ubuntu) Set APT NGINX Repository"
set_fact:
repository: "{{ nginx_repository | default(default_repository) }}"
- name: "(Install: Debian/Ubuntu) Add NGINX Repository"
apt_repository:
filename: nginx
repo: "{{ item }}"
update_cache: yes
mode: 0644
loop: "{{ repository }}"
- name: "(Install: Debian/Ubuntu) Install NGINX"
apt:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,47 +0,0 @@
---
- name: "(Install: CentOS/RedHat) Set Default YUM NGINX Repository"
set_fact:
default_repository: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
| ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
- name: "(Install: CentOS/RedHat) Set YUM NGINX Repository"
set_fact:
repository: "{{ nginx_repository | default(default_repository) }}"
- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 6/7"
yum_repository:
name: nginx
baseurl: "{{ repository }}"
description: NGINX Repository
enabled: yes
gpgcheck: yes
mode: 0644
when: ansible_distribution_major_version < "8"
- name: "(Install: CentOS/RedHat) Add NGINX Repository for CentOS/RHEL 8"
blockinfile:
path: /etc/yum.repos.d/nginx.repo
create: yes
block: |
[nginx]
baseurl = {{ repository }}
enabled = 1
gpgcheck = 1
name = NGINX Repository
module_hotfixes = true
mode: 0644
when: ansible_distribution_major_version == "8"
- name: "(Install: CentOS/RedHat) Install Required CentOS/RedHat Dependencies"
yum:
name: openssl
- name: "(Install: CentOS/RedHat) Install NGINX"
yum:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
disablerepo: "*"
enablerepo: "nginx"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,21 +0,0 @@
---
- name: "(Install: SUSE) Set Default SUSE NGINX Repository"
set_fact:
default_repository: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
- name: "(Install: SUSE) Set SUSE NGINX Repository"
set_fact:
repository: "{{ nginx_repository | default(default_repository) }}"
- name: "(Install: SUSE) Add NGINX Repository"
zypper_repository:
name: "nginx-{{ nginx_branch }}"
repo: "{{ repository }}"
- name: "(Install: SUSE) Install NGINX"
zypper:
name: "nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,26 +0,0 @@
---
- name: "(Setup: All OSs) Set NGINX Plus License State"
set_fact:
nginx_license_status: absent
- name: "(Setup: All OSs Besides Alpine Linux) Delete NGINX Plus License"
file:
path: /etc/ssl/nginx
state: absent
when: ansible_distribution != "Alpine"
- name: "(Setup: Alpine Linux) Delete NGINX Plus License"
file:
path: "{{ item }}"
state: absent
loop:
- /etc/apk/cert.key
- /etc/apk/cert.pem
when: ansible_distribution == "Alpine"
- include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Alpine"
or ansible_os_family == "FreeBSD"
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"

View File

@ -0,0 +1,14 @@
---
- name: "(Alpine Linux) Configure NGINX Plus repository"
lineinfile:
path: /etc/apk/repositories
insertafter: EOF
line: "{{ repository }}"
state: "{{ nginx_license_status | default ('present') }}"
- name: "(Alpine Linux) Install NGINX Plus"
apk:
name: "nginx-plus{{ nginx_version | default('') }}"
repository: "{{ repository }}"
state: "{{ nginx_state }}"
notify: "(Handler) Start NGINX"

View File

@ -1,5 +1,5 @@
--- ---
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus License" - name: "(Debian/Ubuntu) Set up NGINX Plus license verification"
blockinfile: blockinfile:
path: /etc/apt/apt.conf.d/90nginx path: /etc/apt/apt.conf.d/90nginx
create: yes create: yes
@ -11,10 +11,16 @@
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
mode: 0444 mode: 0444
- name: "(Setup: Debian/Ubuntu) Setup NGINX Plus Repository" - name: "(Debian/Ubuntu) Configure NGINX Plus repository"
apt_repository: apt_repository:
filename: nginx-plus filename: nginx-plus
repo: deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus repo: "{{ repository }}"
update_cache: yes update_cache: yes
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
mode: 0644 mode: 0644
- name: "(Debian/Ubuntu) Install NGINX Plus"
apt:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler) Start NGINX"

View File

@ -1,18 +1,5 @@
--- ---
- name: "(Setup: FreeBSD) Setup NGINX Plus Repository" - name: "(FreeBSD) Set up NGINX Plus license verification"
blockinfile:
path: /etc/pkg/nginx-plus.conf
create: yes
block: |
nginx-plus: {
URL: pkg+https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
ENABLED: yes
MIRROR_TYPE: SRV
}
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
- name: "(Setup: FreeBSD) Setup NGINX Plus License"
blockinfile: blockinfile:
path: /usr/local/etc/pkg.conf path: /usr/local/etc/pkg.conf
block: | block: |
@ -20,3 +7,22 @@
SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt", SSL_CLIENT_CERT_FILE: "/etc/ssl/nginx/nginx-repo.crt",
SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" } SSL_CLIENT_KEY_FILE: "/etc/ssl/nginx/nginx-repo.key" }
state: "{{ nginx_license_status | default ('present') }}" state: "{{ nginx_license_status | default ('present') }}"
- name: "(FreeBSD) Configure NGINX Plus repository"
blockinfile:
path: /etc/pkg/nginx-plus.conf
create: yes
block: |
nginx-plus: {
URL: {{ repository }}
ENABLED: yes
MIRROR_TYPE: SRV
}
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
- name: "(FreeBSD) Install NGINX Plus"
pkgng:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler) Start NGINX"

View File

@ -1,9 +0,0 @@
---
- include_tasks: "{{ role_path }}/tasks/plus/setup-bsd.yml"
when: ansible_os_family == "FreeBSD"
- name: "(Install: FreeBSD) Install NGINX Plus"
pkgng:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,19 +0,0 @@
---
- name: "(Setup: Linux) Setup NGINX Plus Repository"
include_tasks: "{{ role_path }}/tasks/plus/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Alpine"
or ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"
- name: "(Install: Linux) Modify Service for Systemd"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-systemd.yml"
when:
- ansible_service_mgr == "systemd"
- nginx_service_modify | bool
- name: "(Install: Linux) Install NGINX Plus"
package:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
notify: "(Handler: All OSs) Start NGINX"

View File

@ -1,11 +1,19 @@
--- ---
- name: "(Install: All OSs) Setup license" - name: "Install NGINX Plus"
include_tasks: "{{ role_path }}/tasks/plus/setup-license.yml" debug:
msg: "Installing NGINX Plus"
when: nginx_debug_tasks | bool
- name: "(Install: Linux) Install NGINX Plus" - name: "Set NGINX Plus repository"
include_tasks: "{{ role_path }}/tasks/plus/install-plus-linux.yml" set_fact:
when: ansible_os_family in nginx_plus_linux_families repository: >-
{{ nginx_repository |
default(nginx_plus_default_repository[(ansible_facts['distribution'] == 'Amazon') | ternary('amazon', ansible_facts['os_family'] | lower)]) }}
- name: "(Install: FreeBSD) Install NGINX Plus" - name: "Install NGINX from repository"
include_tasks: "{{ role_path }}/tasks/plus/install-plus-bsd.yml" include_tasks: "{{ role_path }}/tasks/plus/install-{{ ansible_facts['os_family'] | lower }}.yml"
when: ansible_system in nginx_plus_bsd_systems
- name: "Install NGINX Plus"
debug:
msg: "Done installing NGINX Plus"
when: nginx_debug_tasks | bool

View File

@ -0,0 +1,21 @@
---
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Configure NGINX Plus repository"
yum_repository:
name: nginx-plus
baseurl: "{{ repository }}"
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key
enabled: yes
gpgcheck: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install NGINX Plus"
yum:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
disablerepo: "*"
enablerepo: "nginx-plus"
update_cache: yes
notify: "(Handler) Start NGINX"

View File

@ -0,0 +1,19 @@
---
- name: "(SLES) Combine NGINX Plus certificate and license key"
assemble:
src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444
- name: "(SLES) Configure NGINX Plus repository"
zypper_repository:
name: nginx-plus
repo: "{{ repository }}"
state: "{{ nginx_license_status | default ('present') }}"
- name: "(SLES) Install NGINX Plus"
zypper:
name: "nginx-plus{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
update_cache: yes
notify: "(Handler) Start NGINX"

View File

@ -0,0 +1,22 @@
---
- name: "Set NGINX Plus license state"
set_fact:
nginx_license_status: absent
- name: "(Debian/Red Hat/SLES OSs) Delete NGINX Plus license"
file:
path: /etc/ssl/nginx
state: absent
when: ansible_facts['distribution'] != "Alpine"
- name: "(Alpine Linux) Delete NGINX Plus license"
file:
path: "{{ item }}"
state: absent
loop:
- /etc/apk/cert.key
- /etc/apk/cert.pem
when: ansible_facts['distribution'] == "Alpine"
- name: "Delete NGINX Plus repository data"
include_tasks: "{{ role_path }}/tasks/plus/install-plus.yml"

View File

@ -1,7 +0,0 @@
---
- name: "(Setup: Alpine Linux) Setup NGINX Plus Repository"
lineinfile:
path: /etc/apk/repositories
insertafter: EOF
line: "https://plus-pkgs.nginx.com/alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main"
state: "{{ nginx_license_status | default ('present') }}"

View File

@ -1,13 +1,18 @@
--- ---
- name: "(Setup: All OSs Besides Alpine Linux) Setup NGINX Plus License" - name: "Set up NGINX Plus license"
debug:
msg: "Setting up NGINX Plus license"
when: nginx_debug_tasks | bool
- name: "(Debian/Red Hat/SLES OSs) Set up NGINX Plus license"
block: block:
- name: "(Setup: All OSs Besides Alpine Linux) Create SSL Directory" - name: "(Debian/Red Hat/SLES OSs) Create SSL directory"
file: file:
path: /etc/ssl/nginx path: /etc/ssl/nginx
state: directory state: directory
mode: 0755 mode: 0755
- name: "(Setup: All OSs Besides Alpine Linux) Copy NGINX Plus Certificate and License Key" - name: "(Debian/Red Hat/SLES OSs) Copy NGINX Plus certificate and license key"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: /etc/ssl/nginx dest: /etc/ssl/nginx
@ -16,27 +21,32 @@
loop: loop:
- "{{ nginx_license.certificate }}" - "{{ nginx_license.certificate }}"
- "{{ nginx_license.key }}" - "{{ nginx_license.key }}"
when: ansible_distribution != "Alpine" when: ansible_facts['os_family'] != "Alpine"
- name: "(Setup: Alpine Linux) Setup NGINX Plus License" - name: "(Alpine Linux) Set up NGINX Plus license"
block: block:
- name: "(Setup: Alpine Linux) Create APK Directory" - name: "(Alpine Linux) Create APK directory"
file: file:
path: /etc/apk path: /etc/apk
state: directory state: directory
mode: 0755 mode: 0755
- name: "(Setup: Alpine Linux) Copy NGINX Plus Key" - name: "(Alpine Linux) Copy NGINX Plus key"
copy: copy:
src: "{{ nginx_license.key }}" src: "{{ nginx_license.key }}"
dest: /etc/apk/cert.key dest: /etc/apk/cert.key
decrypt: yes decrypt: yes
mode: 0444 mode: 0444
- name: "(Setup: Alpine Linux) Copy NGINX Plus Certificate" - name: "(Alpine Linux) Copy NGINX Plus certificate"
copy: copy:
src: "{{ nginx_license.certificate }}" src: "{{ nginx_license.certificate }}"
dest: /etc/apk/cert.pem dest: /etc/apk/cert.pem
decrypt: yes decrypt: yes
mode: 0444 mode: 0444
when: ansible_distribution == "Alpine" when: ansible_facts['os_family'] == "Alpine"
- name: "Set up NGINX Plus license"
debug:
msg: "Done setting up NGINX Plus license"
when: nginx_debug_tasks | bool

View File

@ -1,30 +0,0 @@
---
- name: "(Setup: CentOS/RedHat/Oracle Linux) Setup NGINX Plus Repository"
yum_repository:
name: nginx-plus
baseurl: >-
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
| ternary('7.4', ansible_distribution_major_version | int) }}/$basearch/
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key
enabled: yes
gpgcheck: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
when: ansible_distribution != "Amazon"
- name: "(Setup: Amazon Linux) Setup NGINX Plus Repository"
yum_repository:
name: nginx-plus
baseurl: >-
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == '2')
| ternary('2', '') }}/$releasever/$basearch
description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key
enabled: yes
gpgcheck: yes
state: "{{ nginx_license_status | default ('present') }}"
mode: 0644
when: ansible_distribution == "Amazon"

View File

@ -1,12 +0,0 @@
---
- name: "(Setup: SUSE) Setup NGINX Plus Certificate and License Keys"
assemble:
src: /etc/ssl/nginx
dest: /etc/ssl/nginx/nginx-repo-bundle.crt
mode: 0444
- name: "(Setup: SUSE) Setup NGINX Plus Repository"
zypper_repository:
name: nginx-plus
repo: "https://plus-pkgs.nginx.com/sles/{{ ansible_distribution_major_version }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host"
state: "{{ nginx_license_status | default ('present') }}"

View File

@ -0,0 +1,37 @@
---
- name: "(Alpine Linux) Install dependencies"
apk:
name: "{{ nginx_alpine_dependencies }}"
update_cache: yes
when: ansible_facts['os_family'] == "Alpine"
- name: "(Debian/Ubuntu) Install dependencies"
apt:
name: "{{ nginx_debian_dependencies }}"
update_cache: yes
when: ansible_facts['os_family'] == "Debian"
- name: "(Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies"
yum:
name: "{{ nginx_redhat_dependencies }}"
when: ansible_facts['os_family'] == "RedHat"
- name: "(SLES) Install dependencies"
zypper:
name: "{{ nginx_sles_dependencies }}"
when: ansible_facts['os_family'] == "Suse"
- name: "(FreeBSD) Install dependencies"
block:
- name: "(FreeBSD) Install dependencies using package(s)"
pkgng:
name: "{{ nginx_freebsd_dependencies }}"
when: nginx_bsd_install_packages | bool
- name: "(FreeBSD) Install dependencies using port(s)"
portinstall:
name: "{{ item }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
loop: "{{ nginx_freebsd_dependencies }}"
when: not nginx_bsd_install_packages | bool
when: ansible_facts['distribution'] == "FreeBSD"

View File

@ -0,0 +1,38 @@
---
- name: "Install dependencies"
debug:
msg: "Installing dependencies"
when: nginx_debug_tasks | bool
- name: "Install dependencies"
include_tasks: "{{ role_path }}/tasks/prerequisites/install-dependencies.yml"
- name: "Install dependencies"
debug:
msg: "Done installing dependencies"
when: nginx_debug_tasks | bool
- name: "Set up SELinux"
block:
- name: "Set up SELinux"
debug:
msg: "Setting up SELinux"
when: nginx_debug_tasks | bool
- name: "Check if SELinux is enabled"
debug:
msg: "You need to enable SELinux, if it was disabled you need to reboot"
when: ansible_facts['selinux'] is undefined
- name: "Configure SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when: ansible_facts['selinux.mode'] is defined
- name: "Set up SELinux"
debug:
msg: "Done setting up SELinux"
when: nginx_debug_tasks | bool
when:
- nginx_selinux | bool
- ansible_facts['os_family'] in ['RedHat', 'Suse']
- ansible_facts['distribution'] not in ['Amazon', 'OracleLinux']

View File

@ -1 +0,0 @@
---

View File

@ -1,7 +0,0 @@
---
- name: "(Setup: Debian/Ubuntu) Install Required Debian and Ubuntu Dependencies"
apt:
name:
- apt-transport-https
- dirmngr
update_cache: yes

View File

@ -1,14 +0,0 @@
---
- name: "(Setup: FreeBSD) Install Required Dependencies"
block:
- name: "(Setup: FreeBSD) Install Extra Package(s)"
pkgng:
name: "{{ nginx_freebsd_extra_packages }}"
when: nginx_bsd_install_packages | bool
- name: "(Setup: FreeBSD) Install Extra Port(s)"
portinstall:
name: "{{ item }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
loop: "{{ nginx_freebsd_extra_packages }}"
when: not nginx_bsd_install_packages | bool

View File

@ -1,6 +0,0 @@
---
- name: "(Setup: RedHat/CentOS) Setup SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when:
- nginx_selinux | bool
- ansible_selinux.mode is defined

View File

@ -1,50 +1,42 @@
--- ---
- name: "(Setup: SELinux) Install Required CentOS/RHEL 6/7 Dependencies" - name: "(CentOS/RHEL) Install dependencies"
package: block:
- name: "(CentOS/RHEL 6/7) Install dependencies"
yum:
name: name:
- policycoreutils-python - policycoreutils-python
- setools - setools
state: present when: ansible_facts['distribution_major_version'] is version('8', '!=')
when:
- ansible_os_family == "RedHat"
- ansible_distribution_major_version != "8"
- name: "(Setup: SELinux) Install Required CentOS/RHEL 8 Dependencies" - name: "(CentOS/RHEL 8) Install dependencies"
package: yum:
name: name:
- selinux-policy-targeted
- libselinux-utils - libselinux-utils
- policycoreutils - policycoreutils
state: present - selinux-policy-targeted
when: when: ansible_facts['distribution_major_version'] is version('8', '==')
- ansible_os_family == "RedHat" when: ansible_facts['os_family'] == "RedHat"
- ansible_distribution_major_version == "8"
- name: "(Setup: SELinux) Check if SELinux is Enabled" - name: "Set SELinux mode to permissive"
debug:
msg: "You need to enable selinux, if it was disabled you need to reboot"
when: ansible_selinux is undefined
- name: "(Setup: SELinux) Setup Permissive SELinux"
selinux: selinux:
state: permissive state: permissive
policy: targeted policy: targeted
changed_when: false changed_when: false
when: ansible_selinux.mode == "enforcing" when: ansible_facts['selinux.mode'] == "enforcing"
- name: "(Setup: SELinux) Allow HTTP Network Connection" - name: "Allow SELinux HTTP network connections"
seboolean: seboolean:
name: httpd_can_network_connect name: httpd_can_network_connect
state: yes state: yes
persistent: yes persistent: yes
- name: "(Setup: SELinux) Allow HTTP Relay Connection" - name: "Allow SELinux HTTP network connections"
seboolean: seboolean:
name: httpd_can_network_relay name: httpd_can_network_relay
state: yes state: yes
persistent: yes persistent: yes
- name: "(Setup: SELinux) Allow Status Ports" - name: "Allow SELinux TCP connections on status ports"
seport: seport:
ports: "{{ nginx_status_port }}" ports: "{{ nginx_status_port }}"
proto: tcp proto: tcp
@ -52,7 +44,7 @@
state: present state: present
when: nginx_status_port is defined when: nginx_status_port is defined
- name: "(Setup: SELinux) Allow Rest API Ports" - name: "Allow SELinux TCP connections on Rest API ports"
seport: seport:
ports: "{{ nginx_rest_api_port }}" ports: "{{ nginx_rest_api_port }}"
proto: tcp proto: tcp
@ -60,7 +52,7 @@
state: present state: present
when: nginx_rest_api_port is defined when: nginx_rest_api_port is defined
- name: "(Setup: SELinux) Allow Specific TCP Ports" - name: "Allow SELinux TCP connections on specific ports"
seport: seport:
ports: "{{ nginx_selinux_tcp_ports }}" ports: "{{ nginx_selinux_tcp_ports }}"
proto: tcp proto: tcp
@ -68,7 +60,7 @@
state: present state: present
when: nginx_selinux_tcp_ports is defined when: nginx_selinux_tcp_ports is defined
- name: "(Setup: SELinux) Allow Specific UDP Ports" - name: "Allow SELinux UDP connections on specific ports"
seport: seport:
ports: "{{ nginx_selinux_udp_ports }}" ports: "{{ nginx_selinux_udp_ports }}"
proto: udp proto: udp
@ -76,35 +68,35 @@
state: present state: present
when: nginx_selinux_udp_ports is defined when: nginx_selinux_udp_ports is defined
- name: "(Setup: SELinux) Create NGINX Plus Module" - name: "Create SELinux NGINX Plus Module"
template: template:
src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2" src: "{{ role_path }}/templates/selinux/nginx-plus-module.te.j2"
dest: "{{ nginx_tempdir }}/nginx-plus-module.te" dest: "{{ nginx_selinux_tempdir }}/nginx-plus-module.te"
mode: 0644 mode: 0644
register: nginx_selinux_module register: nginx_selinux_module
- name: "(Setup: SELinux) Check NGINX Plus Module" - name: "Check SELinux NGINX Plus Module"
command: "checkmodule -M -m -o {{ nginx_tempdir }}/nginx-plus-module.mod {{ nginx_tempdir }}/nginx-plus-module.te" command: "checkmodule -M -m -o {{ nginx_selinux_tempdir }}/nginx-plus-module.mod {{ nginx_selinux_tempdir }}/nginx-plus-module.te"
args: args:
creates: "{{ nginx_tempdir }}/nginx-plus-module.mod" creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
changed_when: false changed_when: false
- name: "(Setup: SELinux) Compile NGINX Plus Module" - name: "Compile SELinux NGINX Plus Module"
command: "semodule_package -o {{ nginx_tempdir }}/nginx-plus-module.pp -m {{ nginx_tempdir }}/nginx-plus-module.mod" command: "semodule_package -o {{ nginx_selinux_tempdir }}/nginx-plus-module.pp -m {{ nginx_selinux_tempdir }}/nginx-plus-module.mod"
args: args:
creates: "{{ nginx_tempdir }}/nginx-plus-module.pp" creates: "{{ nginx_selinux_tempdir }}/nginx-plus-module.pp"
changed_when: false changed_when: false
- name: "(Setup: SELinux) Import NGINX Plus Module" - name: "Import SELinux NGINX Plus Module"
command: "semodule -i {{ nginx_tempdir }}/nginx-plus-module.pp" # noqa 503 command: "semodule -i {{ nginx_selinux_tempdir }}/nginx-plus-module.pp" # noqa 503
changed_when: false changed_when: false
when: nginx_selinux_module.changed when: nginx_selinux_module.changed | bool
- name: "(Setup: SELinux) Enforce SELinux" - name: "Set SELinux mode to enforcing"
selinux: selinux:
state: enforcing state: enforcing
policy: targeted policy: targeted
changed_when: false changed_when: false
when: when:
- nginx_selinux_enforcing - nginx_selinux_enforcing | bool
- ansible_selinux.mode == "permissive" - ansible_facts['selinux.mode'] == "permissive"

View File

@ -1,6 +0,0 @@
---
- name: "(Setup: SUSE) Setup SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when:
- nginx_selinux | bool
- ansible_selinux.mode is defined

View File

@ -1,16 +1,17 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
--- ---
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules" - name: "(Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit Modules"
package: package:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
loop: "{{ nginx_unit_modules }}" loop: "{{ nginx_unit_modules }}"
when: ansible_os_family != "FreeBSD" when: ansible_facts['os_family'] != "FreeBSD"
notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit" notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
- name: "(Install: FreeBSD) Install NGINX Unit Modules" - name: "(FreeBSD) Install NGINX Unit Modules"
portinstall: portinstall:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
loop: "{{ nginx_unit_modules }}" loop: "{{ nginx_unit_modules }}"
when: ansible_os_family == "FreeBSD" when: ansible_facts['os_family'] == "FreeBSD"
notify: "(Handler: FreeBSD) Start NGINX Unit" notify: "(Handler: FreeBSD) Start NGINX Unit"

View File

@ -1,24 +1,29 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
--- ---
- name: "(Setup: All OSs) Configure NGINX Unit Repository" - name: "Deprecation warning"
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml" debug:
when: ansible_os_family == "Debian" msg: "DEPRECATED TASKS -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)"
or ansible_os_family == "RedHat"
or ansible_os_family == "FreeBSD"
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit" - name: "(DEPRECATED) Configure NGINX Unit Repository"
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_facts['os_family'] | lower }}.yml"
when: ansible_facts['os_family'] == "Debian"
or ansible_facts['os_family'] == "RedHat"
or ansible_facts['os_family'] == "FreeBSD"
- name: "(DEPRECATED) Install NGINX Unit"
package: package:
name: unit name: unit
state: present state: present
when: ansible_os_family != "FreeBSD" when: ansible_facts['os_family'] != "FreeBSD"
notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit" notify: "(Handler: Debian/Ubuntu/CentOS/RedHat) Start NGINX Unit"
- name: "(Install: FreeBSD) Install NGINX Unit" - name: "(DEPRECATED) Install NGINX Unit"
portinstall: portinstall:
name: unit name: unit
state: present state: present
when: ansible_os_family == "FreeBSD" when: ansible_facts['os_family'] == "FreeBSD"
notify: "(Handler: FreeBSD) Start NGINX Unit" notify: "(Handler: FreeBSD) Start NGINX Unit"
- name: "(Install: All OSs) Install NGINX Unit modules" - name: "(DEPRECATED) Install NGINX Unit modules"
include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml" include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
when: nginx_unit_modules is defined when: nginx_unit_modules is defined

View File

@ -1,8 +1,9 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
--- ---
- name: "(Install: Debian/Ubuntu) Add NGINX Unit Repository" - name: "(DEPRECATED) Add NGINX Unit Repository"
apt_repository: apt_repository:
repo: "{{ item }}" repo: "{{ item }}"
mode: 0644 mode: 0644
loop: loop:
- deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit - deb [arch=amd64] https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit
- deb-src https://packages.nginx.org/unit/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} unit - deb-src https://packages.nginx.org/unit/{{ ansible_facts['distribution']|lower }}/ {{ ansible_facts['distribution_release'] }} unit

View File

@ -1,10 +1,11 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
--- ---
- name: "(Install: FreeBSD) Fetch Ports" - name: "(DEPRECATED) Fetch Ports"
command: portsnap fetch --interactive command: portsnap fetch --interactive
args: args:
creates: /var/db/portsnap/INDEX creates: /var/db/portsnap/INDEX
- name: "(Install: FreeBSD) Extract Ports" - name: "(DEPRECATED) Extract Ports"
command: portsnap extract command: portsnap extract
args: args:
creates: /usr/ports creates: /usr/ports

View File

@ -1,20 +1,21 @@
## DEPRECATED -- Use nginxinc.nginx_unit role instead (https://github.com/nginxinc/ansible-role-nginx-unit)
--- ---
- name: "(Install: CentOS/RedHat) Add NGINX Unit Repository" - name: "(DEPRECATED) Add NGINX Unit Repository"
yum_repository: yum_repository:
name: unit name: unit
baseurl: https://packages.nginx.org/unit/{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/ baseurl: https://packages.nginx.org/unit/{{ (ansible_facts['distribution'] == "RedHat") | ternary('rhel/', 'centos/') }}$releasever/$basearch/
description: NGINX Unit Repository description: NGINX Unit Repository
enabled: yes enabled: yes
gpgcheck: yes gpgcheck: yes
mode: 0644 mode: 0644
when: ansible_distribution != "Amazon" when: ansible_facts['distribution'] != "Amazon"
- name: "(Install: Amazon Linux) Add NGINX Unit Repository" - name: "(DEPRECATED) Add NGINX Unit Repository"
yum_repository: yum_repository:
name: unit name: unit
baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_distribution_version == "2") | ternary('2', '') }}/$releasever/$basearch/ baseurl: https://packages.nginx.org/unit/amzn{{ (ansible_facts['distribution_version'] == "2") | ternary('2', '') }}/$releasever/$basearch/
description: NGINX Unit Repository description: NGINX Unit Repository
enabled: yes enabled: yes
gpgcheck: yes gpgcheck: yes
mode: 0644 mode: 0644
when: ansible_distribution == "Amazon" when: ansible_facts['distribution'] == "Amazon"

View File

@ -6,7 +6,7 @@
{{ option }} {{ option }}
{% endfor %} {% endfor %}
postrotate postrotate
{% if ansible_os_family == "Debian" %} {% if ansible_facts['os_family'] == "Debian" %}
if [ -f /var/run/nginx.pid ]; then if [ -f /var/run/nginx.pid ]; then
kill -USR1 `cat /var/run/nginx.pid` kill -USR1 `cat /var/run/nginx.pid`
fi fi

View File

@ -1,27 +1,97 @@
--- ---
nginx_modules_list: # Supported NGINX Open Source distributions
- geoip # https://nginx.org/en/docs/install.html
- image-filter nginx_distributions: [
- njs 'Alpine', 'CentOS', 'Debian', 'FreeBSD', 'RedHat', 'SLES', 'Ubuntu',
- perl 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD',
- xslt ]
nginx_plus_modules_list: # Supported NGINX Plus distributions
- auth-spnego # https://docs.nginx.com/nginx/technical-specs/
- brotli nginx_plus_distributions: [
- cookie-flag 'Alpine', 'Amazon', 'CentOS', 'Debian', 'FreeBSD', 'OracleLinux', 'RedHat', 'SLES', 'Ubuntu',
- encrypted-session ]
- geoip
- geoip2 # Default NGINX signing key
- headers-more nginx_default_signing_key:
- image-filter rsa_pub: https://nginx.org/keys/nginx_signing.rsa.pub
- lua pgp: https://nginx.org/keys/nginx_signing.key
- modsecurity
- njs # Default NGINX Open Source repositories
- opentracing nginx_default_repository:
- passenger alpine: >-
- perl https://nginx.org/packages/{{ (nginx_branch == 'mainline')
- prometheus | ternary('mainline/', '') }}alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
- rtmp debian:
- subs-filter - >-
- xslt deb [arch=amd64] https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
- >-
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_facts['distribution'] | lower }}/ {{ ansible_facts['distribution_release'] }} nginx
redhat: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ (ansible_facts['distribution'] == "CentOS")
| ternary('centos', 'rhel') }}/{{ ansible_facts['distribution_major_version'] }}/$basearch/
suse: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}sles/{{ ansible_facts['distribution_major_version'] }}
# Default NGINX Plus repositories
nginx_plus_default_repository:
alpine: >-
https://plus-pkgs.nginx.com/alpine/v{{ ansible_facts['distribution_version'] | regex_search('^[0-9]+\.[0-9]+') }}/main
amazon: >-
https://plus-pkgs.nginx.com/amzn{{ (ansible_facts['distribution_version'] is version('2', '=='))
| ternary('2', '') }}/$releasever/$basearch
debian: >-
deb [arch=amd64] https://plus-pkgs.nginx.com/{{ ansible_facts['distribution'] | lower }} {{ ansible_facts['distribution_release'] }} nginx-plus
freebsd: >-
https://plus-pkgs.nginx.com/freebsd/${ABI}/latest
redhat: >-
https://plus-pkgs.nginx.com/{{ (ansible_facts['distribution'] == "CentOS")
| ternary('centos', 'rhel') }}/{{ (ansible_facts['distribution_version'] is version('7.4', '>=')
and ansible_facts['distribution_version'] is version('8', '<')) | ternary('7.4', ansible_facts['distribution_major_version']) }}/$basearch/
suse: >-
https://plus-pkgs.nginx.com/sles/{{ ansible_facts['distribution_major_version'] }}?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host
# Alpine dependencies
nginx_alpine_dependencies: [
'coreutils', 'openssl', 'pcre',
]
# Debian dependencies
nginx_debian_dependencies: [
'apt-transport-https', 'ca-certificates', 'dirmngr',
]
# Red Hat dependencies
nginx_redhat_dependencies: [
'ca-certificates', 'openssl',
]
# SLES dependencies
nginx_sles_dependencies: [
'ca-certificates',
]
# FreeBSD dependencies
nginx_freebsd_dependencies: [
'security/ca_root_nss'
]
# Default locations and versions when 'nginx_install_from' is set to 'source'
pcre_version: pcre-8.44
zlib_version: zlib-1.2.11
openssl_version: openssl-1.1.1g
# Supported NGINX Open Source modules
nginx_modules_list: [
'geoip', 'image-filter', 'njs', 'perl', 'xslt',
]
# Supported NGINX Plus modules
nginx_plus_modules_list: [
'auth-spnego', 'brotli', 'cookie-flag', 'encrypted-session', 'geoip', 'geoip2', 'headers-more', 'image-filter', 'lua',
'modsecurity', 'njs', 'opentracing', 'passenger', 'perl', 'prometheus', 'rtmp', 'subs-filter', 'xslt',
]