sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Prepare 0.15.0 release (#300)

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2020-08-19 18:39:17 +02:00 committed by GitHub
parent 0922304b12
commit 3bcd7a0919
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
36 changed files with 591 additions and 594 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.gitignore vendored
View File

@ -2,7 +2,6 @@
############################
*.crt
*.key
__pycache__
*~
\#*
@ -12,4 +11,7 @@ Thumbs.db
.vscode
# Ansible specific
*.retry
*.retry
# Python specific
__pycache__

49
.travis.yml
View File

@ -1,69 +1,68 @@
---
language: python
services:
- docker
services: docker
jobs:
include:
- name: "Install Specific Version - Debian/Ubuntu"
- name: "(Debian/Ubuntu) Install Specific Version"
env:
scenario: default
- name: "Install Specific Version - Alpine"
- name: "(Alpine) Install Specific Version"
env:
scenario: default_alpine
- name: "Install Specific Version - CentOS"
- name: "(CentOS) Install Specific Version"
env:
scenario: default_centos
- name: "Install Modules - Debian/Ubuntu"
- name: "(Debian/Ubuntu) Install Modules"
env:
scenario: module
- name: "Install Modules - Alpine"
- name: "(Alpine) Install Modules"
env:
scenario: module_alpine
- name: "Install Modules - CentOS"
- name: "(CentOS) Install Modules"
env:
scenario: module_centos
- name: "Install Stable Branch and Push Configuration - Debian/Ubuntu"
- name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration"
env:
scenario: stable_push
- name: "Install Stable Branch and Push Configuration - Alpine"
- name: "(Alpine) Install Stable Branch and Push Configuration"
env:
scenario: stable_push_alpine
- name: "Install Stable Branch and Push Configuration - CentOS"
- name: "(CentOS) Install Stable Branch and Push Configuration"
env:
scenario: stable_push_centos
- name: "Use Template Setting - Debian/Ubuntu"
- name: "(Debian/Ubuntu) Use Template Setting"
env:
scenario: template
- name: "Use Template Setting - Alpine"
- name: "(Alpine) Use Template Setting"
env:
scenario: template_alpine
- name: "Use Template Setting - CentOS"
- name: "(CentOS) Use Template Setting"
env:
scenario: template_centos
- name: "Install Unit - Debian/Ubuntu"
- name: "(Debian/Ubuntu) Install NGINX Unit"
env:
scenario: unit
- name: "Install Unit - Alpine"
- name: "(Alpine) Install NGINX Unit"
env:
scenario: unit_alpine
- name: "Install Unit - CentOS"
- name: "(CentOS) Install NGINX Unit"
env:
scenario: unit_centos
- name: "Install from Source - Debian/Ubuntu"
- name: "(Debian/Ubuntu) Install from Source"
env:
scenario: source
- name: "Install from Source - Alpine"
- name: "(Alpine) Install from Source"
env:
scenario: source_alpine
- name: "Install from Source - CentOS"
- name: "(CentOS) Install from Source"
env:
scenario: source_centos
before_install:
- sudo apt-get -qq update
before_install: sudo apt-get -qq update
install:
- pip install ansible==2.9.9
- pip install molecule[docker]==3.0.4
- pip install ansible-lint
- pip install ansible==2.9.11
- pip install molecule==3.0.6
- pip install docker==4.2.2
- pip install ansible-lint==4.2.0
script:
- molecule --version
- ansible --version

5
CHANGELOG.md
View File

@ -2,6 +2,11 @@
## 0.15.0 (Unreleased)
DEPRECATION WARNING:
* NGINX now has a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionailities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionailities included in this role will be removed in an upcoming release.
BREAKING CHANGES:
* The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.

2
CONTRIBUTING.md
View File

@ -26,7 +26,7 @@ Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/b
### Project Structure
* The NGINX Ansible role is written in `yaml` and supports open source NGINX, NGINX Plus, NGINX Amplify, and NGINX Unit.
* The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit.
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html)
* The main code is found in `tasks/`
* The main variables can be found in `defaults/main/*.yml`

12
README.md
View File

@ -8,6 +8,10 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
**Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
**Deprecation Warnings:**
* NGINX now has a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionailities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionailities included in this role will be removed in an upcoming release.
Requirements
------------
@ -208,9 +212,11 @@ Do note that if you install this repository via Ansible Galaxy, you will have to
Other NGINX Roles
-----------------
You can find an Ansible collection of roles to help you install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller)
You can find an Ansible role to install and configure NGINX App Protect [here](https://github.com/nginxinc/ansible-role-nginx-app-protect)
You can find an Ansible role to help you install and configure NGINX App Protect [here](https://github.com/nginxinc/ansible-role-nginx-app-protect)
You can find an Ansible collection of roles to install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller)
You can find an Ansible role to install NGINX Unit [here](https://github.com/nginxinc/ansible-role-nginx-unit)
License
-------
@ -226,4 +232,4 @@ Author Information
[Tom Gamull](https://github.com/magicalyak)
© [NGINX, Inc.](https://www.nginx.com/) 2018 - 2020
© [F5 Networks, Inc.](https://www.f5.com/) 2018 - 2020

12
defaults/main/bsd.yml
View File

@ -7,19 +7,19 @@ nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD
nginx_plus_bsd_systems: ['FreeBSD']
# Choose to install BSD packages or ports.
# Options are True for packages or False for ports.
# Default is True.
# Options are true for packages or false for ports.
# Default is true.
nginx_bsd_install_packages: true
# Choose to update BSD ports collection.
# Options are True for update or False for do not update.
# Default is True.
# Options are true for update or false for do not update.
# Default is true.
nginx_bsd_update_ports: true
# Choose to install packages built from BSD ports collection if
# available.
# Options are True for use packages or False for do not use packages.
# Default is True.
# Options are true for use packages or false for do not use packages.
# Default is true.
nginx_bsd_portinstall_use_packages: true
# FreeBSD extra packages

2
defaults/main/main.yml
View File

@ -105,7 +105,7 @@ nginx_cleanup_config_paths:
# nginx_cleanup_config_files:
# - /etc/nginx/conf.d/default.conf
# Set selinux enforcing for nginx (Centos/Redhat only) - you may need to open ports on your own
# Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own
nginx_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
nginx_selinux_enforcing: true

2
defaults/main/unit.yml
View File

@ -3,4 +3,4 @@
# Use a list of supported NGINX Unit modules.
# Default is false.
nginx_unit_enable: false
nginx_unit_modules: null
nginx_unit_modules: []

0
molecule/common/files/www/.gitkeep → files/www/.gitkeep
View File

25
files/www/index.html
View File

@ -1,25 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

5
handlers/main.yml
View File

@ -1,17 +1,15 @@
---
# handlers file for ansible-role-nginx
- name: "(Handler: All OSs) Check NGINX"
command: "nginx -t"
changed_when: false
- name: "(Handler: All OSs) systemd daemon-reload"
- name: "(Handler: All OSs) Systemd Daemon-Reload"
systemd:
daemon_reload: yes
notify: "(Handler: All OSs) Start NGINX"
- name: "(Handler: All OSs) Run NGINX"
block:
- name: "(Handler: All OSs) Start NGINX"
service:
name: nginx
@ -22,7 +20,6 @@
- name: "(Handler: All OSs) Reload NGINX"
command: "nginx -s reload"
changed_when: false
when:
- nginx_start | bool
- not ansible_check_mode

3
meta/main.yml
View File

@ -2,7 +2,8 @@
galaxy_info:
author: Alessandro Fael Garcia
description: Official Ansible role for NGINX
company: NGINX, Inc.
role_name: nginx
company: F5 Networks, Inc.
license: Apache License, Version 2.0

54
molecule/common/playbooks/default_converge.yml
View File

@ -2,44 +2,46 @@
- name: Converge
hosts: all
pre_tasks:
- name: "Set repo if Alpine"
- name: Set repo if Alpine
set_fact:
version: "=1.17.10-r1"
when: ansible_os_family == "Alpine"
- name: "Set repo if Debian"
- name: Set repo if Debian
set_fact:
version: "=1.17.10-1~{{ ansible_distribution_release }}"
when: ansible_os_family == "Debian"
- name: "Set repo if RedHat"
- name: Set repo if RedHat
set_fact:
version: "-1.17.10-1.el{{ ansible_distribution_major_version }}.ngx"
when: ansible_os_family == "RedHat"
- name: "Enable Nginx @CentOS-AppStream dnf modules"
- name: Enable NGINX @CentOS-AppStream dnf modules
shell:
args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303
register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED'
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8"
roles:
- role: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_selinux: true
nginx_selinux_tcp_ports:
- 80
- 443
nginx_version: "{{ version }}"
nginx_configure: false
nginx_logrotate_conf_enable: true
nginx_logrotate_conf:
paths:
- "/var/log/nginx/*.log"
options:
- daily
- missingok
- rotate 14
- compress
- delaycompress
- notifempty
- sharedscripts
tasks:
- name: Install NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_selinux: true
nginx_selinux_tcp_ports:
- 80
- 443
nginx_version: "{{ version }}"
nginx_configure: false
nginx_logrotate_conf_enable: true
nginx_logrotate_conf:
paths:
- "/var/log/nginx/*.log"
options:
- daily
- missingok
- rotate 14
- compress
- delaycompress
- notifempty
- sharedscripts

52
molecule/common/playbooks/module_converge.yml
View File

@ -1,31 +1,33 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-nginx
vars:
nginx_debug_output: true
tasks:
- name: Install NGINX modules
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_service_modify: true
nginx_service_timeout: 95
nginx_selinux: true
nginx_selinux_tcp_ports:
- 80
- 443
nginx_service_modify: true
nginx_service_timeout: 95
nginx_selinux: true
nginx_selinux_tcp_ports:
- 80
- 443
nginx_cleanup_config: true
nginx_cleanup_config_paths:
- directory:
- /etc/nginx/conf.d
recurse: false
nginx_cleanup_config_files:
- /etc/nginx/conf.d/default.conf
nginx_cleanup_config: true
nginx_cleanup_config_paths:
- directory:
- /etc/nginx/conf.d
recurse: false
nginx_cleanup_config_files:
- /etc/nginx/conf.d/default.conf
nginx_modules:
njs: true
perl: true
waf: false
geoip: true
image_filter: true
rtmp: true
xslt: true
nginx_modules:
njs: true
perl: true
waf: false
geoip: true
image_filter: true
rtmp: true
xslt: true

22
molecule/common/playbooks/source_converge.yml
View File

@ -1,14 +1,16 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-nginx
vars:
nginx_debug_output: true
tasks:
- name: Install NGINX from source
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_install_from: source
nginx_branch: stable
nginx_install_source_build_tools: true
nginx_install_source_pcre: true
nginx_install_source_openssl: true
nginx_install_source_zlib: true
nginx_install_from: source
nginx_branch: stable
nginx_install_source_build_tools: true
nginx_install_source_pcre: true
nginx_install_source_openssl: true
nginx_install_source_zlib: true

20
molecule/common/playbooks/stable_push_converge.yml
View File

@ -1,13 +1,15 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-nginx
vars:
nginx_debug_output: true
tasks:
- name: Push NGINX config
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_branch: stable
nginx_main_upload_enable: true
nginx_main_upload_src: ../files/nginx.conf
nginx_http_upload_enable: true
nginx_http_upload_src: ../files/http/*.conf
nginx_branch: stable
nginx_main_upload_enable: true
nginx_main_upload_src: ../files/nginx.conf
nginx_http_upload_enable: true
nginx_http_upload_src: ../files/http/*.conf

758
molecule/common/playbooks/template_converge.yml
View File

@ -1,391 +1,393 @@
---
- name: Converge
hosts: all
roles:
- role: ansible-role-nginx
vars:
nginx_debug_output: true
tasks:
- name: Configure NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_service_modify: true
nginx_service_timeout: 95
nginx_selinux: true
nginx_selinux_tcp_ports:
- 80
- 443
nginx_service_modify: true
nginx_service_timeout: 95
nginx_selinux: true
nginx_selinux_tcp_ports:
- 80
- 443
nginx_main_template_enable: true
nginx_main_template:
template_file: nginx.conf.j2
conf_file_name: nginx.conf
conf_file_location: /etc/nginx/
user: nginx
worker_processes: auto
pid: /var/run/nginx.pid
error_log:
location: /var/log/nginx/error.log
level: warn
worker_connections: 1024
http_enable: true
http_settings:
default_type: application/octet-stream
access_log_format:
- name: main
format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
access_log_location:
- name: main
location: /var/log/nginx/access.log
keepalive_timeout: 65
cache: false
rate_limit: false
keyval: false
server_tokens: "off"
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
http_global_autoindex: false
custom_options:
- master_process on;
http_custom_options:
- aio off;
http_custom_includes:
- "/etc/nginx/sites-enabled/*.conf"
events_custom_options:
- accept_mutex off;
stream_enable: true
nginx_main_template_enable: true
nginx_main_template:
template_file: nginx.conf.j2
conf_file_name: nginx.conf
conf_file_location: /etc/nginx/
user: nginx
worker_processes: auto
pid: /var/run/nginx.pid
error_log:
location: /var/log/nginx/error.log
level: warn
worker_connections: 1024
http_enable: true
http_settings:
default_type: application/octet-stream
access_log_format:
- name: main
format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
access_log_location:
- name: main
location: /var/log/nginx/access.log
keepalive_timeout: 65
cache: false
rate_limit: false
keyval: false
server_tokens: "off"
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
http_global_autoindex: false
custom_options:
- master_process on;
http_custom_options:
- aio off;
http_custom_includes:
- "/etc/nginx/sites-enabled/*.conf"
events_custom_options:
- accept_mutex off;
stream_enable: true
nginx_status_enable: true
nginx_status_port: 8080
nginx_status_log: true
nginx_status_enable: true
nginx_status_port: 8080
nginx_status_log: true
nginx_http_template_enable: true
nginx_http_template:
app:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
http_error_pages:
404: /404.html
error_page: /usr/share/nginx/html
client_max_body_size: 512k
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
# custom_options: []
reverse_proxy:
locations:
frontend:
location: /
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
another_header:
name: Fancy-New-Header-To-Test
value: testing=true
always: false
proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/frontend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_redirect: false
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_buffering: false
client_max_body_size: 5m
nginx_http_template_enable: true
nginx_http_template:
app:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
http_error_pages:
404: /404.html
error_page: /usr/share/nginx/html
client_max_body_size: 512k
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
# custom_options: []
reverse_proxy:
locations:
frontend:
location: /
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
another_header:
name: Fancy-New-Header-To-Test
value: testing=true
always: false
proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/frontend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_redirect: false
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_buffering: false
client_max_body_size: 5m
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
backend:
location: /backend
proxy_pass: http://backend_servers/
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- time: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
proxy_redirect: default
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_cookie_path:
path: /web/
replacement: /
returns:
return301:
location: ^~ /old-path
code: 301
value: http://$host/new-path
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend
keys_zone:
name: frontend_proxy_cache
size: 5m
levels: "1:2"
max_size: 5g
inactive: 30m
use_temp_path: true
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
upstreams:
frontend_upstream:
name: frontend_servers
lb_method: least_conn
zone_name: frontend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
frontend_server_1:
address: 0.0.0.0
port: 8081
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_upstream:
name: backend_servers
lb_method: least_conn
zone_name: backend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8082
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_server_2:
address: unix:/var/run/control.unit.sock
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_server_3:
address: 0.0.0.0
port: 8083
down: true
frontend:
template_file: http/default.conf.j2
conf_file_name: frontend_default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
sub_filter:
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
last_modified: "off"
once: "off"
types: "text/html"
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html
autoindex: false
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
once: "off"
types: "text/html"
backend:
location: /backend
proxy_pass: http://backend_servers/
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- time: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
proxy_redirect: default
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_cookie_path:
path: /web/
replacement: /
returns:
return301:
location: ^~ /old-path
code: 301
value: http://$host/new-path
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend
keys_zone:
name: frontend_proxy_cache
size: 5m
levels: "1:2"
max_size: 5g
inactive: 30m
use_temp_path: true
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
upstreams:
frontend_upstream:
name: frontend_servers
lb_method: least_conn
zone_name: frontend_mem_zone
zone_size: 64k
sticky_cookie: false
http_demo_conf: false
backend:
template_file: http/default.conf.j2
conf_file_name: backend_default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
frontend_server_1:
address: 0.0.0.0
port: 8081
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_upstream:
name: backend_servers
lb_method: least_conn
zone_name: backend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8082
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_server_2:
address: unix:/var/run/control.unit.sock
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_server_3:
address: 0.0.0.0
port: 8083
down: true
frontend:
template_file: http/default.conf.j2
conf_file_name: frontend_default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
sub_filter:
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
last_modified: "off"
once: "off"
types: "text/html"
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html
autoindex: false
sub_filter:
# sub_filters: []
last_modified: "off"
once: "off"
types: "text/html"
http_demo_conf: false
backend:
template_file: http/default.conf.j2
conf_file_name: backend_default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
sub_filter:
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
last_modified: "off"
once: "off"
types: "text/html"
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: backend_index.html
autoindex: false
php:
location: ~ \.php$
html_file_location: /usr/share/nginx/html
autoindex: false
custom_options:
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
sub_filter:
# sub_filters: []
last_modified: "off"
once: "off"
types: "text/html"
http_demo_conf: false
nginx_html_demo_template_enable: true
nginx_html_demo_template:
frontend:
template_file: www/index.html.j2
html_file_name: frontend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Frontend
backend:
template_file: www/index.html.j2
html_file_name: backend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Backend
server1:
listen:
listen_localhost:
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
sub_filter:
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
last_modified: "off"
once: "off"
types: "text/html"
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: backend_index.html
autoindex: false
php:
location: ~ \.php$
html_file_location: /usr/share/nginx/html
autoindex: false
custom_options:
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
sub_filter:
# sub_filters: []
last_modified: "off"
once: "off"
types: "text/html"
http_demo_conf: false
nginx_html_demo_template_enable: true
nginx_html_demo_template:
frontend:
template_file: www/index.html.j2
html_file_name: frontend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Frontend
backend:
template_file: www/index.html.j2
html_file_name: backend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Backend
nginx_stream_template_enable: true
nginx_stream_template:
default:
template_file: stream/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/stream
network_streams:
app:
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- udp
proxy_pass: backend
proxy_timeout: 3s
proxy_connect_timeout: 1s
proxy_protocol: false
health_check_plus: false
upstreams:
backend_upstream:
name: backend
lb_method: least_conn
zone_name: backend
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8091
weight: 1
health_check: max_fails=1 fail_timeout=10s
backend_server_2:
address: 0.0.0.0
port: 8092
down: true
nginx_stream_template_enable: true
nginx_stream_template:
default:
template_file: stream/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/stream
network_streams:
app:
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- udp
proxy_pass: backend
proxy_timeout: 3s
proxy_connect_timeout: 1s
proxy_protocol: false
health_check_plus: false
upstreams:
backend_upstream:
name: backend
lb_method: least_conn
zone_name: backend
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8091
weight: 1
health_check: max_fails=1 fail_timeout=10s
backend_server_2:
address: 0.0.0.0
port: 8092
down: true

36
molecule/common/playbooks/unit_converge.yml
View File

@ -2,29 +2,31 @@
- name: Converge
hosts: all
pre_tasks:
- name: "Set module if Alpine"
- name: Set module if Alpine
set_fact:
module:
- "unit-perl"
- "unit-php7"
- "unit-python3"
- unit-perl
- unit-php7
- unit-python3
when: ansible_os_family == "Alpine"
- name: "Set module if Debian/RedHat"
- name: Set module if Debian/RedHat
set_fact:
module:
- "unit-perl"
- "unit-php"
- "unit-ruby"
- unit-perl
- unit-php
- unit-ruby
when: ansible_os_family == "Debian"
- name: "Set module if RedHat"
- name: Set module if RedHat
set_fact:
module:
- "unit-php"
- "unit-go"
- unit-php
- unit-go
when: ansible_os_family == "RedHat"
roles:
- role: ansible-role-nginx
vars:
nginx_enable: false
nginx_unit_enable: true
nginx_unit_modules: "{{ module }}"
tasks:
- name: Install NGINX Unit
include_role:
name: ansible-role-nginx
vars:
nginx_enable: false
nginx_unit_enable: true
nginx_unit_modules: "{{ module }}"

8
tasks/amplify/install-amplify.yml
View File

@ -1,8 +1,8 @@
---
- include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml"
when:
- ansible_os_family == "Debian"
or ansible_os_family == "Redhat"
- name: "(Setup: All OSs) Configure NGINX Amplify Agent Repository"
include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Debian"
or ansible_os_family == "Redhat"
- name: "(Install: All OSs) Install NGINX Amplify Agent"
package:

2
tasks/keys/setup-keys.yml
View File

@ -9,7 +9,7 @@
when: ansible_os_family == "Debian"
tags: nginx_aptkey
- name: "(Setup: Keys) CentOS/RedHat/Suse"
- name: "(Setup: Keys) CentOS/RedHat/SUSE"
include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml"
when: ansible_os_family == "RedHat"
or ansible_os_family == "Suse"

24
tasks/main.yml
View File

@ -11,8 +11,8 @@
or ansible_os_family == "RedHat"
or ansible_os_family == "Suse"
- nginx_install_from == "nginx_repository"
or nginx_amplify_enable
or nginx_unit_enable
or nginx_amplify_enable | bool
or nginx_unit_enable | bool
tags: nginx_key
- name: "(Install/Config: All OSs) Install and Configure NGINX"
@ -38,7 +38,7 @@
include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml"
when:
- nginx_type == "plus"
- nginx_delete_license
- nginx_delete_license | bool
tags: nginx_delete_license
when: nginx_install | bool
@ -51,19 +51,19 @@
- name: "(Config: All OSs) Upload NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml"
when: nginx_main_upload_enable
or nginx_http_upload_enable
or nginx_stream_upload_enable
or nginx_html_upload_enable
or nginx_ssl_upload_enable
when: nginx_main_upload_enable | bool
or nginx_http_upload_enable | bool
or nginx_stream_upload_enable | bool
or nginx_html_upload_enable | bool
or nginx_ssl_upload_enable | bool
tags: nginx_upload_config
- name: "(Config: All OSs) Create NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/template-config.yml"
when: nginx_main_template_enable
or nginx_http_template_enable
or nginx_stream_template_enable
or nginx_rest_api_enable
when: nginx_main_template_enable | bool
or nginx_http_template_enable | bool
or nginx_stream_template_enable | bool
or nginx_rest_api_enable | bool
tags: nginx_template_config
when: nginx_configure | bool

2
tasks/modules/install-geoip.yml
View File

@ -24,5 +24,5 @@
loop:
- load_module modules/ngx_http_geoip_module.so;
- load_module modules/ngx_stream_geoip_module.so;
when: not nginx_main_template_enable
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/modules/install-image-filter.yml
View File

@ -16,5 +16,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_image_filter_module.so;
when: not nginx_main_template_enable
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/modules/install-njs.yml
View File

@ -19,5 +19,5 @@
loop:
- load_module modules/ngx_http_js_module.so;
- load_module modules/ngx_stream_js_module.so;
when: not nginx_main_template_enable
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/modules/install-perl.yml
View File

@ -21,5 +21,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_perl_module.so;
when: not nginx_main_template_enable
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/modules/install-rtmp.yml
View File

@ -9,5 +9,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_rtmp_module.so;
when: not nginx_main_template_enable
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/modules/install-waf.yml
View File

@ -9,5 +9,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_modsecurity_module.so;
when: not nginx_main_template_enable
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/modules/install-xslt.yml
View File

@ -16,5 +16,5 @@
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_xslt_filter_module.so;
when: not nginx_main_template_enable
when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX"

22
tasks/opensource/install-oss-bsd.yml
View File

@ -12,7 +12,7 @@
creates: /usr/ports
when:
- ansible_system == "FreeBSD"
- nginx_bsd_update_ports
- nginx_bsd_update_ports | bool
- name: "(Install: FreeBSD)"
block:
@ -20,7 +20,7 @@
pkgng:
name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: FreeBSD) Install NGINX Port"
@ -28,7 +28,7 @@
name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages
when: not nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "FreeBSD"
@ -39,7 +39,7 @@
name: "nginx{{ nginx_version | default('') }}"
build: no
state: "{{ nginx_state }}"
when: nginx_bsd_install_packages
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: OpenBSD) Install NGINX Port"
@ -47,7 +47,7 @@
name: "nginx{{ nginx_version | default('') }}"
build: yes
state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages
when: not nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "OpenBSD"
@ -55,37 +55,37 @@
block:
- name: "(Install: NetBSD) Install NGINX Package"
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: NetBSD) Install NGINX Port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages
when: not nginx_bsd_install_packages | bool
when: ansible_system == "NetBSD"
- name: "(Install: DragonFlyBSD)"
block:
- name: "(Install: DragonFlyBSD) Install NGINX Package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: DragonFlyBSD) Install NGINX port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages
when: not nginx_bsd_install_packages | bool
when: ansible_system == "DragonFlyBSD"
- name: "(Install: HardenedBSD)"
block:
- name: "(Install: HardenedBSD) Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages
when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: HardenedBSD) Install NGINX port"
fail:
msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages
when: not nginx_bsd_install_packages | bool
when: ansible_system == "HardenedBSD"

1
tasks/prerequisites/setup-debian.yml
View File

@ -4,5 +4,4 @@
name:
- apt-transport-https
- dirmngr
- python-apt
update_cache: yes

2
tasks/prerequisites/setup-redhat.yml
View File

@ -2,5 +2,5 @@
- name: "(Setup: RedHat/CentOS) Setup SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when:
- nginx_selinux
- nginx_selinux | bool
- ansible_selinux.mode is defined

4
tasks/prerequisites/setup-selinux.yml
View File

@ -1,5 +1,5 @@
---
- name: "(Setup: SELinux) Install Required CentOS Dependencies"
- name: "(Setup: SELinux) Install Required CentOS/RHEL 6/7 Dependencies"
package:
name:
- policycoreutils-python
@ -9,7 +9,7 @@
- ansible_os_family == "RedHat"
- ansible_distribution_major_version != "8"
- name: "(Setup: SELinux) Install Required RHEL8 Dependencies"
- name: "(Setup: SELinux) Install Required CentOS/RHEL 8 Dependencies"
package:
name:
- selinux-policy-targeted

4
tasks/prerequisites/setup-suse.yml
View File

@ -1,6 +1,6 @@
---
- name: "(Setup: Suse) Setup SELinux"
- name: "(Setup: SUSE) Setup SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when:
- nginx_selinux
- nginx_selinux | bool
- ansible_selinux.mode is defined

22
tasks/prerequisites/setup-systemd.yml
View File

@ -3,7 +3,7 @@
file:
path: "{{ nginx_service_overridepath }}"
state: directory
mode: '0755'
mode: 0755
- name: "(Setup: Linux) Create Override For NGINX Systemd Service"
template:
@ -11,11 +11,11 @@
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
owner: root
group: root
mode: '0644'
notify: "(Handler: All OSs) systemd daemon-reload"
mode: 0644
notify: "(Handler: All OSs) Systemd Daemon-Reload"
when:
- not nginx_service_custom
- not nginx_service_clean
- not nginx_service_custom | bool
- not nginx_service_clean | bool
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
copy:
@ -23,15 +23,15 @@
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
owner: root
group: root
mode: '0644'
notify: "(Handler: All OSs) systemd daemon-reload"
mode: 0644
notify: "(Handler: All OSs) Systemd Daemon-Reload"
when:
- nginx_service_custom
- not nginx_service_clean
- nginx_service_custom | bool
- not nginx_service_clean | bool
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
file:
path: "{{ nginx_service_overridepath }}"
state: absent
notify: "(Handler: All OSs) systemd daemon-reload"
when: nginx_service_clean
notify: "(Handler: All OSs) Systemd Daemon-Reload"
when: nginx_service_clean | bool

15
tasks/unit/install-unit.yml
View File

@ -1,9 +1,9 @@
---
- include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml"
when:
- ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "FreeBSD"
- name: "(Setup: All OSs) Configure NGINX Unit Repository"
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml"
when: ansible_os_family == "Debian"
or ansible_os_family == "RedHat"
or ansible_os_family == "FreeBSD"
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit"
package:
@ -19,5 +19,6 @@
when: ansible_os_family == "FreeBSD"
notify: "(Handler: FreeBSD) Start NGINX Unit"
- include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
when: nginx_unit_modules is defined and nginx_unit_modules
- name: "(Install: All OSs) Install NGINX Unit modules"
include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
when: nginx_unit_modules is defined

2
templates/www/index.html.j2
View File

@ -95,7 +95,7 @@ clearTimeout(ref);
<div id="footer">
<div id="center" align="center">
Request ID: request_id<br/>
&copy; NGINX, Inc. 2018 - 2019
&copy; NGINX, Inc. 2018 - <script>document.write(new Date().getFullYear())</script>
</div>
</div>
</body>