diff --git a/README.md b/README.md index 0296ac1..7638f5d 100644 --- a/README.md +++ b/README.md @@ -85,60 +85,61 @@ This role has multiple variables. The defaults for all these variables are the f type: opensource # Specify which branch of Open Source NGINX you want to install. # Options are 'mainline' or 'stable'. - # Default is stable. + # Default is mainline. branch: mainline - # Install nginscript, perl and/or waf modules. + # Install nginscript, perl, waf, geoip, image-filter, rtmp and/or xslt modules. # Default is false. modules: njs: false perl: false waf: false + geoip: false + image_filter: false + rtmp: false + xslt: false # Install NGINX Amplify. # Use your NGINX Amplify API key. # Default is null. - amplify: null + amplify_enable: false + amplify_key: null # Enable NGINX status data. # Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus. # Default is false. - status: false - # Enable NGINX Plus REST API and dashboard. - # Default is false for all three variables. - api: - enable: false - write: false - dashboard: false + status_enable: false + # Enable NGINX Plus REST API and write access. + # Default is false. + rest_api_enable: false + rest_api_write: false + # Enable NGINX Plus dashboard. REST API also needs to be enabled. + # Default is false. + dashboard: false # Location of your NGINX Plus license in your local machine. # Default is the files folder within the NGINX Ansible role. license: certificate: license/nginx-repo.crt key: license/nginx-repo.key - # Location of the configuration files you wish to upload to NGINX. - # Default is the files folder within the NGINX Ansible role. - configuration_files: - enable: false - main: conf/nginx.conf - http: conf/http/*.conf + # Enable uploading NGINX configuration files to your system. + # Default for uploading files is false. + # Default location of files is the files folder within the NGINX Ansible role. + main_push_enable: false + main_push_location: conf/nginx.conf + http_push_enable: false + http_push_location: conf/http/*.conf + stream_push_enable: false + stream_push_location: conf/stream/*.conf # Configuration variables to create a templated NGINX configuration. # Defaults are the values found in a fresh NGINX installation. - configuration_templates: - enable: false - opensource: - user: nginx - worker_processes: 1 - error_level: warn - worker_connections: 1024 - keepalive_timeout: 65 - listen: 80 - server_name: localhost - plus: - user: nginx - worker_processes: auto - error_level: notice - worker_connections: 1024 - keepalive_timeout: 65 - listen: 80 - server_name: localhost - + main_template_enable: false + main_template_user: nginx + main_template_worker_processes: auto + main_template_error_level: warn + main_template_worker_connections: 1024 + main_template_keepalive_timeout: 65 + http_template_enable: false + http_template_listen: 80 + http_template_server_name: localhost + stream_template_enable: false + stream_template_listen: 12345 Dependencies ------------ diff --git a/defaults/main.yml b/defaults/main.yml index 72c49b5..526f6ce 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,7 +5,7 @@ type: opensource # Specify which branch of Open Source NGINX you want to install. # Options are 'mainline' or 'stable'. -# Default is stable. +# Default is mainline. branch: mainline # Install nginscript, perl, waf, geoip, image-filter, rtmp and/or xslt modules. # Default is false. @@ -20,45 +20,43 @@ modules: # Install NGINX Amplify. # Use your NGINX Amplify API key. # Default is null. -amplify: null +amplify_enable: false +amplify_key: null # Enable NGINX status data. # Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus. # Default is false. -status: false -# Enable NGINX Plus REST API and dashboard. -# Default is false for all three variables. -api: - enable: false - write: false - dashboard: false +status_enable: false +# Enable NGINX Plus REST API and write access. +# Default is false. +rest_api_enable: false +rest_api_write: false +# Enable NGINX Plus dashboard. REST API also needs to be enabled. +# Default is false. +dashboard: false # Location of your NGINX Plus license in your local machine. # Default is the files folder within the NGINX Ansible role. license: certificate: license/nginx-repo.crt key: license/nginx-repo.key -# Location of the configuration files you wish to upload to NGINX. -# Default is the files folder within the NGINX Ansible role. -configuration_files: - enable: false - main: conf/nginx.conf - http: conf/http/*.conf +# Enable uploading NGINX configuration files to your system. +# Default for uploading files is false. +# Default location of files is the files folder within the NGINX Ansible role. +main_push_enable: false +main_push_location: conf/nginx.conf +http_push_enable: false +http_push_location: conf/http/*.conf +stream_push_enable: false +stream_push_location: conf/stream/*.conf # Configuration variables to create a templated NGINX configuration. # Defaults are the values found in a fresh NGINX installation. -configuration_templates: - enable: false - opensource: - user: nginx - worker_processes: 1 - error_level: warn - worker_connections: 1024 - keepalive_timeout: 65 - listen: 80 - server_name: localhost - plus: - user: nginx - worker_processes: auto - error_level: notice - worker_connections: 1024 - keepalive_timeout: 65 - listen: 80 - server_name: localhost +main_template_enable: false +main_template_user: nginx +main_template_worker_processes: auto +main_template_error_level: warn +main_template_worker_connections: 1024 +main_template_keepalive_timeout: 65 +http_template_enable: false +http_template_listen: 80 +http_template_server_name: localhost +stream_template_enable: false +stream_template_listen: 12345 diff --git a/files/conf/stream/.gitkeep b/files/conf/stream/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tasks/amplify/install-amplify.yml b/tasks/amplify/install-amplify.yml index 0e5a42c..95013d6 100644 --- a/tasks/amplify/install-amplify.yml +++ b/tasks/amplify/install-amplify.yml @@ -7,4 +7,4 @@ dest: /tmp/install.sh - name: "(Install: All NGINX) Install NGINX Amplify" - shell: API_KEY='{{ amplify }}' sh /tmp/install.sh -y + shell: API_KEY='{{ amplify_key }}' sh /tmp/install.sh -y diff --git a/tasks/conf/push-config.yml b/tasks/conf/push-config.yml new file mode 100644 index 0000000..6dd21b6 --- /dev/null +++ b/tasks/conf/push-config.yml @@ -0,0 +1,25 @@ +--- +- name: "(Setup: All NGINX) Upload NGINX Main Configuration File" + copy: + src: "{{ main_upload_location }}" + dest: /etc/nginx/nginx.conf + notify: "(Handler: All OSs) Reload NGINX" + when: main_upload_enable + +- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" + copy: + src: "{{ item }}" + dest: /etc/nginx/conf.d/ + with_fileglob: + - "{{ http_upload_location }}" + notify: "(Handler: All OSs) Reload NGINX" + when: http_upload_enable + +- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files" + copy: + src: "{{ item }}" + dest: /etc/nginx/conf.d/ + with_fileglob: + - "{{ stream_upload_location }}" + notify: "(Handler: All OSs) Reload NGINX" + when: stream_upload_enable diff --git a/tasks/conf/setup-api.yml b/tasks/conf/setup-api.yml deleted file mode 100644 index f865903..0000000 --- a/tasks/conf/setup-api.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: "(Setup: NGINX Plus) Setup NGINX Plus API" - template: - src: api.j2 - dest: /etc/nginx/conf.d/api.conf - notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/setup-rest-api.yml b/tasks/conf/setup-rest-api.yml new file mode 100644 index 0000000..f613769 --- /dev/null +++ b/tasks/conf/setup-rest-api.yml @@ -0,0 +1,6 @@ +--- +- name: "(Setup: NGINX Plus) Setup NGINX Plus API" + template: + src: api.conf.j2 + dest: "{{ (http_template_enable) | ternary('/etc/nginx/conf.d/http/api.conf','/etc/nginx/conf.d/api.conf')}}" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/template-config.yml b/tasks/conf/template-config.yml new file mode 100644 index 0000000..46490ec --- /dev/null +++ b/tasks/conf/template-config.yml @@ -0,0 +1,22 @@ +--- +- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File" + template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + notify: "(Handler: All OSs) Reload NGINX" + +- name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" + template: + src: "{{ item }}" + dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }} + with_fileglob: + - "../templates/http/*.j2" + notify: "(Handler: All OSs) Reload NGINX" + +- name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files" + template: + src: "{{ item }}" + dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }} + with_fileglob: + - "../templates/stream/*.j2" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/upload-files.yml b/tasks/conf/upload-files.yml deleted file mode 100644 index 7cc215b..0000000 --- a/tasks/conf/upload-files.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: "(Setup: All NGINX) Upload NGINX Main Configuration File" - copy: - src: conf/nginx.conf - dest: /etc/nginx/nginx.conf - notify: "(Handler: All OSs) Reload NGINX" - -- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" - copy: - src: "{{ item }}" - dest: /etc/nginx/conf.d/ - with_fileglob: - - "conf/http/*.conf" - notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/upload-templates.yml b/tasks/conf/upload-templates.yml deleted file mode 100644 index eb046d5..0000000 --- a/tasks/conf/upload-templates.yml +++ /dev/null @@ -1,32 +0,0 @@ ---- -- name: "(Setup: Open Source NGINX) Upload Open Source NGINX Main Configuration File" - template: - src: opensource/nginx.conf.j2 - dest: /etc/nginx/nginx.conf - when: type == "opensource" - notify: "(Handler: All OSs) Reload NGINX" - -- name: "(Setup: Open Source NGINX) Upload Open Source NGINX HTTP Configuration Files" - template: - src: "{{ item }}" - dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }} - with_fileglob: - - "../templates/opensource/http/*.j2" - when: type == "opensource" - notify: "(Handler: All OSs) Reload NGINX" - -- name: "(Setup: NGINX Plus) Upload NGINX Plus Main Configuration File" - template: - src: plus/nginx.conf.j2 - dest: /etc/nginx/nginx.conf - when: type == "plus" - notify: "(Handler: All OSs) Reload NGINX" - -- name: "(Setup: NGINX Plus) Upload NGINX Plus HTTP Configuration Files" - template: - src: "{{ item }}" - dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }} - with_fileglob: - - "../templates/plus/http/*.j2" - when: type == "plus" - notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/main.yml b/tasks/main.yml index 748a348..0a2ab93 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -32,17 +32,17 @@ - import_tasks: modules/install-waf.yml when: modules.waf and type == "plus" -- import_tasks: conf/upload-files.yml - when: configuration_files.enable +- import_tasks: conf/push-config.yml + when: main_push_enable or http_push_enable or stream_push_enable -- import_tasks: conf/upload-templates.yml - when: configuration_templates.enable +- import_tasks: conf/template-config.yml + when: main_template_enable or http_template_enable or stream_template_enable - import_tasks: conf/setup-status.yml - when: status + when: status_enable -- import_tasks: conf/setup-api.yml - when: api.enable and type == "plus" +- import_tasks: conf/setup-rest-api.yml + when: rest_api_enable and type == "plus" - import_tasks: amplify/install-amplify.yml - when: amplify is defined and amplify + when: amplify_enable and amplify_key is defined and amplify_key diff --git a/templates/api.j2 b/templates/http/api.conf.j2 similarity index 82% rename from templates/api.j2 rename to templates/http/api.conf.j2 index 9e00fb5..7d0885b 100644 --- a/templates/api.j2 +++ b/templates/http/api.conf.j2 @@ -1,13 +1,13 @@ server { listen 8080; location /api { -{% if api.write %} +{% if rest_api_write %} api write=on; {% else %} api; {% endif %} } -{% if api.dashboard %} +{% if dashboard %} location = /dashboard.html { root /usr/share/nginx/html; } diff --git a/templates/opensource/http/default.conf.j2 b/templates/http/default.conf.j2 similarity index 88% rename from templates/opensource/http/default.conf.j2 rename to templates/http/default.conf.j2 index bcc6606..761fef6 100644 --- a/templates/opensource/http/default.conf.j2 +++ b/templates/http/default.conf.j2 @@ -1,6 +1,6 @@ server { - listen {{ configuration_templates.opensource.listen }}; - server_name {{ configuration_templates.opensource.server_name }}; + listen {{ http_template_listen }}; + server_name {{ http_template_server_name }}; #charset koi8-r; #access_log /var/log/nginx/host.access.log main; diff --git a/templates/opensource/nginx.conf.j2 b/templates/nginx.conf.j2 similarity index 50% rename from templates/opensource/nginx.conf.j2 rename to templates/nginx.conf.j2 index 0219ca9..1db2b92 100644 --- a/templates/opensource/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -1,15 +1,15 @@ -user {{ configuration_templates.opensource.user }}; -worker_processes {{ configuration_templates.opensource.worker_processes }}; +user {{ main_template_user }}; +worker_processes {{ main_teamplate_worker_processes }}; -error_log /var/log/nginx/error.log {{ configuration_templates.opensource.error_level }}; +error_log /var/log/nginx/error.log {{ main_template_error_level }}; pid /var/run/nginx.pid; events { - worker_connections {{ configuration_templates.opensource.worker_connections }}; + worker_connections {{ main_template_worker_connections }}; } - +{% if http_template_enable %} http { include /etc/nginx/mime.types; default_type application/octet-stream; @@ -23,9 +23,16 @@ http { sendfile on; #tcp_nopush on; - keepalive_timeout {{ configuration_templates.opensource.keepalive_timeout }}; + keepalive_timeout {{ main_template_keepalive_timeout }}; #gzip on; - include /etc/nginx/conf.d/*.conf; + include /etc/nginx/conf.d/http/*.conf; } +{% endif %} + +{% if stream_template_enable %} +stream { + include /etc/nginx/conf.d/stream/*.conf; +} +{% endif %} diff --git a/templates/plus/http/default.conf.j2 b/templates/plus/http/default.conf.j2 deleted file mode 100644 index 1c77e4f..0000000 --- a/templates/plus/http/default.conf.j2 +++ /dev/null @@ -1,60 +0,0 @@ -server { - listen {{ configuration_templates.plus.listen }} default_server; - server_name {{ configuration_templates.plus.server_name }}; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} - - # enable /api/ location with appropriate access control in order - # to make use of NGINX Plus API - # - #location /api/ { - # api write=on; - # allow 127.0.0.1; - # deny all; - #} - - # enable NGINX Plus Dashboard; requires /api/ location to be - # enabled and appropriate access control for remote access - # - #location = /dashboard.html { - # root /usr/share/nginx/html; - #} -} diff --git a/templates/plus/nginx.conf.j2 b/templates/plus/nginx.conf.j2 deleted file mode 100644 index 810c0b4..0000000 --- a/templates/plus/nginx.conf.j2 +++ /dev/null @@ -1,50 +0,0 @@ -user {{ configuration_templates.plus.user }}; -worker_processes {{ configuration_templates.plus.worker_processes }}; - -error_log /var/log/nginx/error.log {{ configuration_templates.plus.error_level }}; -pid /var/run/nginx.pid; - - -events { - worker_connections {{ configuration_templates.plus.worker_connections }}; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout {{ configuration_templates.plus.keepalive_timeout }}; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} - - -# TCP/UDP proxy and load balancing block -# -#stream { - # Example configuration for TCP load balancing - - #upstream stream_backend { - # zone tcp_servers 64k; - # server backend1.example.com:12345; - # server backend2.example.com:12345; - #} - - #server { - # listen 12345; - # status_zone tcp_server; - # proxy_pass stream_backend; - #} -#} diff --git a/templates/stream/default.conf.j2 b/templates/stream/default.conf.j2 new file mode 100644 index 0000000..5462c86 --- /dev/null +++ b/templates/stream/default.conf.j2 @@ -0,0 +1,3 @@ +server { + listen {{ stream_template_listen }}; +}