Prepare 0.15.0 release (#300)

This commit is contained in:
Alessandro Fael Garcia 2020-08-19 18:39:17 +02:00 committed by GitHub
parent 0922304b12
commit 3bcd7a0919
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
36 changed files with 591 additions and 594 deletions

4
.gitignore vendored
View File

@ -2,7 +2,6 @@
############################ ############################
*.crt *.crt
*.key *.key
__pycache__
*~ *~
\#* \#*
@ -13,3 +12,6 @@ Thumbs.db
# Ansible specific # Ansible specific
*.retry *.retry
# Python specific
__pycache__

View File

@ -1,69 +1,68 @@
--- ---
language: python language: python
services: services: docker
- docker
jobs: jobs:
include: include:
- name: "Install Specific Version - Debian/Ubuntu" - name: "(Debian/Ubuntu) Install Specific Version"
env: env:
scenario: default scenario: default
- name: "Install Specific Version - Alpine" - name: "(Alpine) Install Specific Version"
env: env:
scenario: default_alpine scenario: default_alpine
- name: "Install Specific Version - CentOS" - name: "(CentOS) Install Specific Version"
env: env:
scenario: default_centos scenario: default_centos
- name: "Install Modules - Debian/Ubuntu" - name: "(Debian/Ubuntu) Install Modules"
env: env:
scenario: module scenario: module
- name: "Install Modules - Alpine" - name: "(Alpine) Install Modules"
env: env:
scenario: module_alpine scenario: module_alpine
- name: "Install Modules - CentOS" - name: "(CentOS) Install Modules"
env: env:
scenario: module_centos scenario: module_centos
- name: "Install Stable Branch and Push Configuration - Debian/Ubuntu" - name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration"
env: env:
scenario: stable_push scenario: stable_push
- name: "Install Stable Branch and Push Configuration - Alpine" - name: "(Alpine) Install Stable Branch and Push Configuration"
env: env:
scenario: stable_push_alpine scenario: stable_push_alpine
- name: "Install Stable Branch and Push Configuration - CentOS" - name: "(CentOS) Install Stable Branch and Push Configuration"
env: env:
scenario: stable_push_centos scenario: stable_push_centos
- name: "Use Template Setting - Debian/Ubuntu" - name: "(Debian/Ubuntu) Use Template Setting"
env: env:
scenario: template scenario: template
- name: "Use Template Setting - Alpine" - name: "(Alpine) Use Template Setting"
env: env:
scenario: template_alpine scenario: template_alpine
- name: "Use Template Setting - CentOS" - name: "(CentOS) Use Template Setting"
env: env:
scenario: template_centos scenario: template_centos
- name: "Install Unit - Debian/Ubuntu" - name: "(Debian/Ubuntu) Install NGINX Unit"
env: env:
scenario: unit scenario: unit
- name: "Install Unit - Alpine" - name: "(Alpine) Install NGINX Unit"
env: env:
scenario: unit_alpine scenario: unit_alpine
- name: "Install Unit - CentOS" - name: "(CentOS) Install NGINX Unit"
env: env:
scenario: unit_centos scenario: unit_centos
- name: "Install from Source - Debian/Ubuntu" - name: "(Debian/Ubuntu) Install from Source"
env: env:
scenario: source scenario: source
- name: "Install from Source - Alpine" - name: "(Alpine) Install from Source"
env: env:
scenario: source_alpine scenario: source_alpine
- name: "Install from Source - CentOS" - name: "(CentOS) Install from Source"
env: env:
scenario: source_centos scenario: source_centos
before_install: before_install: sudo apt-get -qq update
- sudo apt-get -qq update
install: install:
- pip install ansible==2.9.9 - pip install ansible==2.9.11
- pip install molecule[docker]==3.0.4 - pip install molecule==3.0.6
- pip install ansible-lint - pip install docker==4.2.2
- pip install ansible-lint==4.2.0
script: script:
- molecule --version - molecule --version
- ansible --version - ansible --version

View File

@ -2,6 +2,11 @@
## 0.15.0 (Unreleased) ## 0.15.0 (Unreleased)
DEPRECATION WARNING:
* NGINX now has a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionailities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionailities included in this role will be removed in an upcoming release.
BREAKING CHANGES: BREAKING CHANGES:
* The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source. * The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.

View File

@ -26,7 +26,7 @@ Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/b
### Project Structure ### Project Structure
* The NGINX Ansible role is written in `yaml` and supports open source NGINX, NGINX Plus, NGINX Amplify, and NGINX Unit. * The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit.
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html) * The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html)
* The main code is found in `tasks/` * The main code is found in `tasks/`
* The main variables can be found in `defaults/main/*.yml` * The main variables can be found in `defaults/main/*.yml`

View File

@ -8,6 +8,10 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
**Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues. **Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
**Deprecation Warnings:**
* NGINX now has a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionailities included in this role will be removed in an upcoming release.
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionailities included in this role will be removed in an upcoming release.
Requirements Requirements
------------ ------------
@ -208,9 +212,11 @@ Do note that if you install this repository via Ansible Galaxy, you will have to
Other NGINX Roles Other NGINX Roles
----------------- -----------------
You can find an Ansible collection of roles to help you install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller) You can find an Ansible role to install and configure NGINX App Protect [here](https://github.com/nginxinc/ansible-role-nginx-app-protect)
You can find an Ansible role to help you install and configure NGINX App Protect [here](https://github.com/nginxinc/ansible-role-nginx-app-protect) You can find an Ansible collection of roles to install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller)
You can find an Ansible role to install NGINX Unit [here](https://github.com/nginxinc/ansible-role-nginx-unit)
License License
------- -------
@ -226,4 +232,4 @@ Author Information
[Tom Gamull](https://github.com/magicalyak) [Tom Gamull](https://github.com/magicalyak)
© [NGINX, Inc.](https://www.nginx.com/) 2018 - 2020 © [F5 Networks, Inc.](https://www.f5.com/) 2018 - 2020

View File

@ -7,19 +7,19 @@ nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD
nginx_plus_bsd_systems: ['FreeBSD'] nginx_plus_bsd_systems: ['FreeBSD']
# Choose to install BSD packages or ports. # Choose to install BSD packages or ports.
# Options are True for packages or False for ports. # Options are true for packages or false for ports.
# Default is True. # Default is true.
nginx_bsd_install_packages: true nginx_bsd_install_packages: true
# Choose to update BSD ports collection. # Choose to update BSD ports collection.
# Options are True for update or False for do not update. # Options are true for update or false for do not update.
# Default is True. # Default is true.
nginx_bsd_update_ports: true nginx_bsd_update_ports: true
# Choose to install packages built from BSD ports collection if # Choose to install packages built from BSD ports collection if
# available. # available.
# Options are True for use packages or False for do not use packages. # Options are true for use packages or false for do not use packages.
# Default is True. # Default is true.
nginx_bsd_portinstall_use_packages: true nginx_bsd_portinstall_use_packages: true
# FreeBSD extra packages # FreeBSD extra packages

View File

@ -105,7 +105,7 @@ nginx_cleanup_config_paths:
# nginx_cleanup_config_files: # nginx_cleanup_config_files:
# - /etc/nginx/conf.d/default.conf # - /etc/nginx/conf.d/default.conf
# Set selinux enforcing for nginx (Centos/Redhat only) - you may need to open ports on your own # Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own
nginx_selinux: false nginx_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true) # Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
nginx_selinux_enforcing: true nginx_selinux_enforcing: true

View File

@ -3,4 +3,4 @@
# Use a list of supported NGINX Unit modules. # Use a list of supported NGINX Unit modules.
# Default is false. # Default is false.
nginx_unit_enable: false nginx_unit_enable: false
nginx_unit_modules: null nginx_unit_modules: []

View File

@ -1,25 +0,0 @@
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

View File

@ -1,17 +1,15 @@
--- ---
# handlers file for ansible-role-nginx
- name: "(Handler: All OSs) Check NGINX" - name: "(Handler: All OSs) Check NGINX"
command: "nginx -t" command: "nginx -t"
changed_when: false changed_when: false
- name: "(Handler: All OSs) systemd daemon-reload" - name: "(Handler: All OSs) Systemd Daemon-Reload"
systemd: systemd:
daemon_reload: yes daemon_reload: yes
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Handler: All OSs) Run NGINX" - name: "(Handler: All OSs) Run NGINX"
block: block:
- name: "(Handler: All OSs) Start NGINX" - name: "(Handler: All OSs) Start NGINX"
service: service:
name: nginx name: nginx
@ -22,7 +20,6 @@
- name: "(Handler: All OSs) Reload NGINX" - name: "(Handler: All OSs) Reload NGINX"
command: "nginx -s reload" command: "nginx -s reload"
changed_when: false changed_when: false
when: when:
- nginx_start | bool - nginx_start | bool
- not ansible_check_mode - not ansible_check_mode

View File

@ -2,7 +2,8 @@
galaxy_info: galaxy_info:
author: Alessandro Fael Garcia author: Alessandro Fael Garcia
description: Official Ansible role for NGINX description: Official Ansible role for NGINX
company: NGINX, Inc. role_name: nginx
company: F5 Networks, Inc.
license: Apache License, Version 2.0 license: Apache License, Version 2.0

View File

@ -2,44 +2,46 @@
- name: Converge - name: Converge
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: "Set repo if Alpine" - name: Set repo if Alpine
set_fact: set_fact:
version: "=1.17.10-r1" version: "=1.17.10-r1"
when: ansible_os_family == "Alpine" when: ansible_os_family == "Alpine"
- name: "Set repo if Debian" - name: Set repo if Debian
set_fact: set_fact:
version: "=1.17.10-1~{{ ansible_distribution_release }}" version: "=1.17.10-1~{{ ansible_distribution_release }}"
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: "Set repo if RedHat" - name: Set repo if RedHat
set_fact: set_fact:
version: "-1.17.10-1.el{{ ansible_distribution_major_version }}.ngx" version: "-1.17.10-1.el{{ ansible_distribution_major_version }}.ngx"
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
- name: "Enable Nginx @CentOS-AppStream dnf modules" - name: Enable NGINX @CentOS-AppStream dnf modules
shell: shell:
args: args:
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303 cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303
register: dnf_module_enable register: dnf_module_enable
changed_when: dnf_module_enable.stdout != 'ENABLED' changed_when: dnf_module_enable.stdout != 'ENABLED'
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8" when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8"
roles: tasks:
- role: ansible-role-nginx - name: Install NGINX
vars: include_role:
nginx_debug_output: true name: ansible-role-nginx
nginx_selinux: true vars:
nginx_selinux_tcp_ports: nginx_debug_output: true
- 80 nginx_selinux: true
- 443 nginx_selinux_tcp_ports:
nginx_version: "{{ version }}" - 80
nginx_configure: false - 443
nginx_logrotate_conf_enable: true nginx_version: "{{ version }}"
nginx_logrotate_conf: nginx_configure: false
paths: nginx_logrotate_conf_enable: true
- "/var/log/nginx/*.log" nginx_logrotate_conf:
options: paths:
- daily - "/var/log/nginx/*.log"
- missingok options:
- rotate 14 - daily
- compress - missingok
- delaycompress - rotate 14
- notifempty - compress
- sharedscripts - delaycompress
- notifempty
- sharedscripts

View File

@ -1,31 +1,33 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
roles: tasks:
- role: ansible-role-nginx - name: Install NGINX modules
vars: include_role:
nginx_debug_output: true name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_service_modify: true nginx_service_modify: true
nginx_service_timeout: 95 nginx_service_timeout: 95
nginx_selinux: true nginx_selinux: true
nginx_selinux_tcp_ports: nginx_selinux_tcp_ports:
- 80 - 80
- 443 - 443
nginx_cleanup_config: true nginx_cleanup_config: true
nginx_cleanup_config_paths: nginx_cleanup_config_paths:
- directory: - directory:
- /etc/nginx/conf.d - /etc/nginx/conf.d
recurse: false recurse: false
nginx_cleanup_config_files: nginx_cleanup_config_files:
- /etc/nginx/conf.d/default.conf - /etc/nginx/conf.d/default.conf
nginx_modules: nginx_modules:
njs: true njs: true
perl: true perl: true
waf: false waf: false
geoip: true geoip: true
image_filter: true image_filter: true
rtmp: true rtmp: true
xslt: true xslt: true

View File

@ -1,14 +1,16 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
roles: tasks:
- role: ansible-role-nginx - name: Install NGINX from source
vars: include_role:
nginx_debug_output: true name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_install_from: source nginx_install_from: source
nginx_branch: stable nginx_branch: stable
nginx_install_source_build_tools: true nginx_install_source_build_tools: true
nginx_install_source_pcre: true nginx_install_source_pcre: true
nginx_install_source_openssl: true nginx_install_source_openssl: true
nginx_install_source_zlib: true nginx_install_source_zlib: true

View File

@ -1,13 +1,15 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
roles: tasks:
- role: ansible-role-nginx - name: Push NGINX config
vars: include_role:
nginx_debug_output: true name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_branch: stable nginx_branch: stable
nginx_main_upload_enable: true nginx_main_upload_enable: true
nginx_main_upload_src: ../files/nginx.conf nginx_main_upload_src: ../files/nginx.conf
nginx_http_upload_enable: true nginx_http_upload_enable: true
nginx_http_upload_src: ../files/http/*.conf nginx_http_upload_src: ../files/http/*.conf

View File

@ -1,391 +1,393 @@
--- ---
- name: Converge - name: Converge
hosts: all hosts: all
roles: tasks:
- role: ansible-role-nginx - name: Configure NGINX
vars: include_role:
nginx_debug_output: true name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_service_modify: true nginx_service_modify: true
nginx_service_timeout: 95 nginx_service_timeout: 95
nginx_selinux: true nginx_selinux: true
nginx_selinux_tcp_ports: nginx_selinux_tcp_ports:
- 80 - 80
- 443 - 443
nginx_main_template_enable: true nginx_main_template_enable: true
nginx_main_template: nginx_main_template:
template_file: nginx.conf.j2 template_file: nginx.conf.j2
conf_file_name: nginx.conf conf_file_name: nginx.conf
conf_file_location: /etc/nginx/ conf_file_location: /etc/nginx/
user: nginx user: nginx
worker_processes: auto worker_processes: auto
pid: /var/run/nginx.pid pid: /var/run/nginx.pid
error_log: error_log:
location: /var/log/nginx/error.log location: /var/log/nginx/error.log
level: warn level: warn
worker_connections: 1024 worker_connections: 1024
http_enable: true http_enable: true
http_settings: http_settings:
default_type: application/octet-stream default_type: application/octet-stream
access_log_format: access_log_format:
- name: main - name: main
format: | format: |
'$remote_addr - $remote_user [$time_local] "$request" ' '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" ' '$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"' '"$http_user_agent" "$http_x_forwarded_for"'
access_log_location: access_log_location:
- name: main - name: main
location: /var/log/nginx/access.log location: /var/log/nginx/access.log
keepalive_timeout: 65 keepalive_timeout: 65
cache: false cache: false
rate_limit: false rate_limit: false
keyval: false keyval: false
server_tokens: "off" server_tokens: "off"
sub_filter: sub_filter:
# sub_filters: [] # sub_filters: []
last_modified: "off" last_modified: "off"
once: "on" once: "on"
types: "text/html" types: "text/html"
http_global_autoindex: false http_global_autoindex: false
custom_options: custom_options:
- master_process on; - master_process on;
http_custom_options: http_custom_options:
- aio off; - aio off;
http_custom_includes: http_custom_includes:
- "/etc/nginx/sites-enabled/*.conf" - "/etc/nginx/sites-enabled/*.conf"
events_custom_options: events_custom_options:
- accept_mutex off; - accept_mutex off;
stream_enable: true stream_enable: true
nginx_status_enable: true nginx_status_enable: true
nginx_status_port: 8080 nginx_status_port: 8080
nginx_status_log: true nginx_status_log: true
nginx_http_template_enable: true nginx_http_template_enable: true
nginx_http_template: nginx_http_template:
app: app:
template_file: http/default.conf.j2 template_file: http/default.conf.j2
conf_file_name: default.conf conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/ conf_file_location: /etc/nginx/conf.d/
servers: servers:
server1: server1:
listen: listen:
listen_localhost: listen_localhost:
ip: 0.0.0.0 ip: 0.0.0.0
port: 80 port: 80
opts: opts:
- default_server - default_server
server_name: localhost server_name: localhost
http_error_pages: http_error_pages:
404: /404.html 404: /404.html
error_page: /usr/share/nginx/html error_page: /usr/share/nginx/html
client_max_body_size: 512k client_max_body_size: 512k
proxy_hide_headers: proxy_hide_headers:
- X-Powered-By - X-Powered-By
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains value: max-age=15768000; includeSubDomains
always: true always: true
sub_filter: sub_filter:
# sub_filters: [] # sub_filters: []
last_modified: "off" last_modified: "off"
once: "on" once: "on"
types: "text/html" types: "text/html"
# custom_options: [] # custom_options: []
reverse_proxy: reverse_proxy:
locations: locations:
frontend: frontend:
location: / location: /
proxy_hide_headers: proxy_hide_headers:
- X-Powered-By - X-Powered-By
add_headers: add_headers:
strict_transport_security: strict_transport_security:
name: Strict-Transport-Security name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains value: max-age=15768000; includeSubDomains
always: true always: true
another_header: another_header:
name: Fancy-New-Header-To-Test name: Fancy-New-Header-To-Test
value: testing=true value: testing=true
always: false always: false
proxy_pass: http://frontend_servers/ proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache proxy_cache: frontend_proxy_cache
proxy_cache_valid: proxy_cache_valid:
- code: 200 - code: 200
time: 10m time: 10m
- code: 301 - code: 301
time: 1m time: 1m
proxy_temp_path: proxy_temp_path:
path: /var/cache/nginx/proxy/frontend/temp path: /var/cache/nginx/proxy/frontend/temp
proxy_cache_lock: false proxy_cache_lock: false
proxy_cache_min_uses: 3 proxy_cache_min_uses: 3
proxy_cache_revalidate: false proxy_cache_revalidate: false
proxy_cache_use_stale: proxy_cache_use_stale:
- http_403 - http_403
- http_404 - http_404
proxy_ignore_headers: proxy_ignore_headers:
- Vary - Vary
- Cache-Control - Cache-Control
proxy_redirect: false proxy_redirect: false
proxy_set_header: proxy_set_header:
header_host: header_host:
name: Host name: Host
value: $host value: $host
header_x_real_ip: header_x_real_ip:
name: X-Real-IP name: X-Real-IP
value: $remote_addr value: $remote_addr
header_x_forwarded_for: header_x_forwarded_for:
name: X-Forwarded-For name: X-Forwarded-For
value: $proxy_add_x_forwarded_for value: $proxy_add_x_forwarded_for
header_x_forwarded_proto: header_x_forwarded_proto:
name: X-Forwarded-Proto name: X-Forwarded-Proto
value: $scheme value: $scheme
proxy_buffering: false proxy_buffering: false
client_max_body_size: 5m client_max_body_size: 5m
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
backend:
location: /backend
proxy_pass: http://backend_servers/
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- time: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
proxy_redirect: default
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_cookie_path:
path: /web/
replacement: /
returns:
return301:
location: ^~ /old-path
code: 301
value: http://$host/new-path
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend
keys_zone:
name: frontend_proxy_cache
size: 5m
levels: "1:2"
max_size: 5g
inactive: 30m
use_temp_path: true
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
upstreams:
frontend_upstream:
name: frontend_servers
lb_method: least_conn
zone_name: frontend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
frontend_server_1:
address: 0.0.0.0
port: 8081
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_upstream:
name: backend_servers
lb_method: least_conn
zone_name: backend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8082
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_server_2:
address: unix:/var/run/control.unit.sock
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_server_3:
address: 0.0.0.0
port: 8083
down: true
frontend:
template_file: http/default.conf.j2
conf_file_name: frontend_default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
sub_filter:
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
last_modified: "off"
once: "off"
types: "text/html"
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html
autoindex: false
sub_filter: sub_filter:
# sub_filters: [] # sub_filters: []
last_modified: "off" last_modified: "off"
once: "on" once: "off"
types: "text/html" types: "text/html"
backend: http_demo_conf: false
location: /backend backend:
proxy_pass: http://backend_servers/ template_file: http/default.conf.j2
proxy_cache: backend_proxy_cache conf_file_name: backend_default.conf
proxy_cache_valid: conf_file_location: /etc/nginx/conf.d/
- time: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
proxy_redirect: default
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_cookie_path:
path: /web/
replacement: /
returns:
return301:
location: ^~ /old-path
code: 301
value: http://$host/new-path
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend
keys_zone:
name: frontend_proxy_cache
size: 5m
levels: "1:2"
max_size: 5g
inactive: 30m
use_temp_path: true
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
upstreams:
frontend_upstream:
name: frontend_servers
lb_method: least_conn
zone_name: frontend_mem_zone
zone_size: 64k
sticky_cookie: false
servers: servers:
frontend_server_1: server1:
address: 0.0.0.0 listen:
port: 8081 listen_localhost:
weight: 1 port: 8082
health_check: max_fails=3 fail_timeout=5s opts: []
backend_upstream: server_name: localhost
name: backend_servers error_page: /usr/share/nginx/html
lb_method: least_conn autoindex: false
zone_name: backend_mem_zone sub_filter:
zone_size: 64k sub_filters:
sticky_cookie: false - "'server_hostname' '$hostname'"
servers: - "'server_address' '$server_addr:$server_port'"
backend_server_1: - "'server_url' '$request_uri'"
address: 0.0.0.0 - "'remote_addr' '$remote_addr:$remote_port'"
port: 8082 - "'server_date' '$time_local'"
weight: 1 - "'client_browser' '$http_user_agent'"
health_check: max_fails=3 fail_timeout=5s - "'request_id' '$request_id'"
backend_server_2: - "'nginx_version' '$nginx_version'"
address: unix:/var/run/control.unit.sock - "'document_root' '$document_root'"
weight: 1 - "'proxied_for_ip' '$http_x_forwarded_for'"
health_check: max_fails=3 fail_timeout=5s last_modified: "off"
backend_server_3: once: "off"
address: 0.0.0.0 types: "text/html"
port: 8083 web_server:
down: true locations:
frontend: backend_site:
template_file: http/default.conf.j2 location: /
conf_file_name: frontend_default.conf html_file_location: /usr/share/nginx/html
conf_file_location: /etc/nginx/conf.d/ html_file_name: backend_index.html
servers: autoindex: false
server1: php:
listen: location: ~ \.php$
listen_localhost: html_file_location: /usr/share/nginx/html
port: 8081 autoindex: false
opts: [] custom_options:
server_name: localhost - fastcgi_split_path_info ^(.+\.php)(/.+)$;
error_page: /usr/share/nginx/html - fastcgi_pass unix:/run/php/php7.2-fpm.sock;
autoindex: false - fastcgi_index index.php;
sub_filter: - include fastcgi_params;
sub_filters: - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
- "'server_hostname' '$hostname'" sub_filter:
- "'server_address' '$server_addr:$server_port'" # sub_filters: []
- "'server_url' '$request_uri'" last_modified: "off"
- "'remote_addr' '$remote_addr:$remote_port'" once: "off"
- "'server_date' '$time_local'" types: "text/html"
- "'client_browser' '$http_user_agent'" http_demo_conf: false
- "'request_id' '$request_id'" nginx_html_demo_template_enable: true
- "'nginx_version' '$nginx_version'" nginx_html_demo_template:
- "'document_root' '$document_root'" frontend:
- "'proxied_for_ip' '$http_x_forwarded_for'" template_file: www/index.html.j2
last_modified: "off" html_file_name: frontend_index.html
once: "off" html_file_location: /usr/share/nginx/html
types: "text/html" web_server_name: Frontend
web_server: backend:
locations: template_file: www/index.html.j2
frontend_site: html_file_name: backend_index.html
location: / html_file_location: /usr/share/nginx/html
proxy_hide_headers: web_server_name: Backend
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html
autoindex: false
sub_filter:
# sub_filters: []
last_modified: "off"
once: "off"
types: "text/html"
http_demo_conf: false
backend:
template_file: http/default.conf.j2
conf_file_name: backend_default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
sub_filter:
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
last_modified: "off"
once: "off"
types: "text/html"
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: backend_index.html
autoindex: false
php:
location: ~ \.php$
html_file_location: /usr/share/nginx/html
autoindex: false
custom_options:
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
sub_filter:
# sub_filters: []
last_modified: "off"
once: "off"
types: "text/html"
http_demo_conf: false
nginx_html_demo_template_enable: true
nginx_html_demo_template:
frontend:
template_file: www/index.html.j2
html_file_name: frontend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Frontend
backend:
template_file: www/index.html.j2
html_file_name: backend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Backend
nginx_stream_template_enable: true nginx_stream_template_enable: true
nginx_stream_template: nginx_stream_template:
default: default:
template_file: stream/default.conf.j2 template_file: stream/default.conf.j2
conf_file_name: default.conf conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/stream conf_file_location: /etc/nginx/conf.d/stream
network_streams: network_streams:
app: app:
listen: listen:
listen_localhost: listen_localhost:
ip: 0.0.0.0 ip: 0.0.0.0
port: 80 port: 80
opts: opts:
- udp - udp
proxy_pass: backend proxy_pass: backend
proxy_timeout: 3s proxy_timeout: 3s
proxy_connect_timeout: 1s proxy_connect_timeout: 1s
proxy_protocol: false proxy_protocol: false
health_check_plus: false health_check_plus: false
upstreams: upstreams:
backend_upstream: backend_upstream:
name: backend name: backend
lb_method: least_conn lb_method: least_conn
zone_name: backend zone_name: backend
zone_size: 64k zone_size: 64k
sticky_cookie: false sticky_cookie: false
servers: servers:
backend_server_1: backend_server_1:
address: 0.0.0.0 address: 0.0.0.0
port: 8091 port: 8091
weight: 1 weight: 1
health_check: max_fails=1 fail_timeout=10s health_check: max_fails=1 fail_timeout=10s
backend_server_2: backend_server_2:
address: 0.0.0.0 address: 0.0.0.0
port: 8092 port: 8092
down: true down: true

View File

@ -2,29 +2,31 @@
- name: Converge - name: Converge
hosts: all hosts: all
pre_tasks: pre_tasks:
- name: "Set module if Alpine" - name: Set module if Alpine
set_fact: set_fact:
module: module:
- "unit-perl" - unit-perl
- "unit-php7" - unit-php7
- "unit-python3" - unit-python3
when: ansible_os_family == "Alpine" when: ansible_os_family == "Alpine"
- name: "Set module if Debian/RedHat" - name: Set module if Debian/RedHat
set_fact: set_fact:
module: module:
- "unit-perl" - unit-perl
- "unit-php" - unit-php
- "unit-ruby" - unit-ruby
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
- name: "Set module if RedHat" - name: Set module if RedHat
set_fact: set_fact:
module: module:
- "unit-php" - unit-php
- "unit-go" - unit-go
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
roles: tasks:
- role: ansible-role-nginx - name: Install NGINX Unit
vars: include_role:
nginx_enable: false name: ansible-role-nginx
nginx_unit_enable: true vars:
nginx_unit_modules: "{{ module }}" nginx_enable: false
nginx_unit_enable: true
nginx_unit_modules: "{{ module }}"

View File

@ -1,8 +1,8 @@
--- ---
- include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml" - name: "(Setup: All OSs) Configure NGINX Amplify Agent Repository"
when: include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml"
- ansible_os_family == "Debian" when: ansible_os_family == "Debian"
or ansible_os_family == "Redhat" or ansible_os_family == "Redhat"
- name: "(Install: All OSs) Install NGINX Amplify Agent" - name: "(Install: All OSs) Install NGINX Amplify Agent"
package: package:

View File

@ -9,7 +9,7 @@
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"
tags: nginx_aptkey tags: nginx_aptkey
- name: "(Setup: Keys) CentOS/RedHat/Suse" - name: "(Setup: Keys) CentOS/RedHat/SUSE"
include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml" include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml"
when: ansible_os_family == "RedHat" when: ansible_os_family == "RedHat"
or ansible_os_family == "Suse" or ansible_os_family == "Suse"

View File

@ -11,8 +11,8 @@
or ansible_os_family == "RedHat" or ansible_os_family == "RedHat"
or ansible_os_family == "Suse" or ansible_os_family == "Suse"
- nginx_install_from == "nginx_repository" - nginx_install_from == "nginx_repository"
or nginx_amplify_enable or nginx_amplify_enable | bool
or nginx_unit_enable or nginx_unit_enable | bool
tags: nginx_key tags: nginx_key
- name: "(Install/Config: All OSs) Install and Configure NGINX" - name: "(Install/Config: All OSs) Install and Configure NGINX"
@ -38,7 +38,7 @@
include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml" include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml"
when: when:
- nginx_type == "plus" - nginx_type == "plus"
- nginx_delete_license - nginx_delete_license | bool
tags: nginx_delete_license tags: nginx_delete_license
when: nginx_install | bool when: nginx_install | bool
@ -51,19 +51,19 @@
- name: "(Config: All OSs) Upload NGINX Config" - name: "(Config: All OSs) Upload NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml" include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml"
when: nginx_main_upload_enable when: nginx_main_upload_enable | bool
or nginx_http_upload_enable or nginx_http_upload_enable | bool
or nginx_stream_upload_enable or nginx_stream_upload_enable | bool
or nginx_html_upload_enable or nginx_html_upload_enable | bool
or nginx_ssl_upload_enable or nginx_ssl_upload_enable | bool
tags: nginx_upload_config tags: nginx_upload_config
- name: "(Config: All OSs) Create NGINX Config" - name: "(Config: All OSs) Create NGINX Config"
include_tasks: "{{ role_path }}/tasks/conf/template-config.yml" include_tasks: "{{ role_path }}/tasks/conf/template-config.yml"
when: nginx_main_template_enable when: nginx_main_template_enable | bool
or nginx_http_template_enable or nginx_http_template_enable | bool
or nginx_stream_template_enable or nginx_stream_template_enable | bool
or nginx_rest_api_enable or nginx_rest_api_enable | bool
tags: nginx_template_config tags: nginx_template_config
when: nginx_configure | bool when: nginx_configure | bool

View File

@ -24,5 +24,5 @@
loop: loop:
- load_module modules/ngx_http_geoip_module.so; - load_module modules/ngx_http_geoip_module.so;
- load_module modules/ngx_stream_geoip_module.so; - load_module modules/ngx_stream_geoip_module.so;
when: not nginx_main_template_enable when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"

View File

@ -16,5 +16,5 @@
path: /etc/nginx/nginx.conf path: /etc/nginx/nginx.conf
insertbefore: BOF insertbefore: BOF
line: load_module modules/ngx_http_image_filter_module.so; line: load_module modules/ngx_http_image_filter_module.so;
when: not nginx_main_template_enable when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"

View File

@ -19,5 +19,5 @@
loop: loop:
- load_module modules/ngx_http_js_module.so; - load_module modules/ngx_http_js_module.so;
- load_module modules/ngx_stream_js_module.so; - load_module modules/ngx_stream_js_module.so;
when: not nginx_main_template_enable when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"

View File

@ -21,5 +21,5 @@
path: /etc/nginx/nginx.conf path: /etc/nginx/nginx.conf
insertbefore: BOF insertbefore: BOF
line: load_module modules/ngx_http_perl_module.so; line: load_module modules/ngx_http_perl_module.so;
when: not nginx_main_template_enable when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"

View File

@ -9,5 +9,5 @@
path: /etc/nginx/nginx.conf path: /etc/nginx/nginx.conf
insertbefore: BOF insertbefore: BOF
line: load_module modules/ngx_rtmp_module.so; line: load_module modules/ngx_rtmp_module.so;
when: not nginx_main_template_enable when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"

View File

@ -9,5 +9,5 @@
path: /etc/nginx/nginx.conf path: /etc/nginx/nginx.conf
insertbefore: BOF insertbefore: BOF
line: load_module modules/ngx_http_modsecurity_module.so; line: load_module modules/ngx_http_modsecurity_module.so;
when: not nginx_main_template_enable when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"

View File

@ -16,5 +16,5 @@
path: /etc/nginx/nginx.conf path: /etc/nginx/nginx.conf
insertbefore: BOF insertbefore: BOF
line: load_module modules/ngx_http_xslt_filter_module.so; line: load_module modules/ngx_http_xslt_filter_module.so;
when: not nginx_main_template_enable when: not nginx_main_template_enable | bool
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"

View File

@ -12,7 +12,7 @@
creates: /usr/ports creates: /usr/ports
when: when:
- ansible_system == "FreeBSD" - ansible_system == "FreeBSD"
- nginx_bsd_update_ports - nginx_bsd_update_ports | bool
- name: "(Install: FreeBSD)" - name: "(Install: FreeBSD)"
block: block:
@ -20,7 +20,7 @@
pkgng: pkgng:
name: "www/nginx{{ nginx_version | default('') }}" name: "www/nginx{{ nginx_version | default('') }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: FreeBSD) Install NGINX Port" - name: "(Install: FreeBSD) Install NGINX Port"
@ -28,7 +28,7 @@
name: "www/nginx{{ nginx_version | default('') }}" name: "www/nginx{{ nginx_version | default('') }}"
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}" use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "FreeBSD" when: ansible_system == "FreeBSD"
@ -39,7 +39,7 @@
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
build: no build: no
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: OpenBSD) Install NGINX Port" - name: "(Install: OpenBSD) Install NGINX Port"
@ -47,7 +47,7 @@
name: "nginx{{ nginx_version | default('') }}" name: "nginx{{ nginx_version | default('') }}"
build: yes build: yes
state: "{{ nginx_state }}" state: "{{ nginx_state }}"
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
when: ansible_system == "OpenBSD" when: ansible_system == "OpenBSD"
@ -55,37 +55,37 @@
block: block:
- name: "(Install: NetBSD) Install NGINX Package" - name: "(Install: NetBSD) Install NGINX Package"
command: "pkg_add www/nginx{{ nginx_version | default('') }}" command: "pkg_add www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: NetBSD) Install NGINX Port" - name: "(Install: NetBSD) Install NGINX Port"
fail: fail:
msg: "{{ ansible_system }} Install NGINX port not implemented." msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages | bool
when: ansible_system == "NetBSD" when: ansible_system == "NetBSD"
- name: "(Install: DragonFlyBSD)" - name: "(Install: DragonFlyBSD)"
block: block:
- name: "(Install: DragonFlyBSD) Install NGINX Package" - name: "(Install: DragonFlyBSD) Install NGINX Package"
command: "pkg install www/nginx{{ nginx_version | default('') }}" command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: DragonFlyBSD) Install NGINX port" - name: "(Install: DragonFlyBSD) Install NGINX port"
fail: fail:
msg: "{{ ansible_system }} Install NGINX port not implemented." msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages | bool
when: ansible_system == "DragonFlyBSD" when: ansible_system == "DragonFlyBSD"
- name: "(Install: HardenedBSD)" - name: "(Install: HardenedBSD)"
block: block:
- name: "(Install: HardenedBSD) Install NGINX package" - name: "(Install: HardenedBSD) Install NGINX package"
command: "pkg install www/nginx{{ nginx_version | default('') }}" command: "pkg install www/nginx{{ nginx_version | default('') }}"
when: nginx_bsd_install_packages when: nginx_bsd_install_packages | bool
notify: "(Handler: All OSs) Start NGINX" notify: "(Handler: All OSs) Start NGINX"
- name: "(Install: HardenedBSD) Install NGINX port" - name: "(Install: HardenedBSD) Install NGINX port"
fail: fail:
msg: "{{ ansible_system }} Install NGINX port not implemented." msg: "{{ ansible_system }} Install NGINX port not implemented."
when: not nginx_bsd_install_packages when: not nginx_bsd_install_packages | bool
when: ansible_system == "HardenedBSD" when: ansible_system == "HardenedBSD"

View File

@ -4,5 +4,4 @@
name: name:
- apt-transport-https - apt-transport-https
- dirmngr - dirmngr
- python-apt
update_cache: yes update_cache: yes

View File

@ -2,5 +2,5 @@
- name: "(Setup: RedHat/CentOS) Setup SELinux" - name: "(Setup: RedHat/CentOS) Setup SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml" include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when: when:
- nginx_selinux - nginx_selinux | bool
- ansible_selinux.mode is defined - ansible_selinux.mode is defined

View File

@ -1,5 +1,5 @@
--- ---
- name: "(Setup: SELinux) Install Required CentOS Dependencies" - name: "(Setup: SELinux) Install Required CentOS/RHEL 6/7 Dependencies"
package: package:
name: name:
- policycoreutils-python - policycoreutils-python
@ -9,7 +9,7 @@
- ansible_os_family == "RedHat" - ansible_os_family == "RedHat"
- ansible_distribution_major_version != "8" - ansible_distribution_major_version != "8"
- name: "(Setup: SELinux) Install Required RHEL8 Dependencies" - name: "(Setup: SELinux) Install Required CentOS/RHEL 8 Dependencies"
package: package:
name: name:
- selinux-policy-targeted - selinux-policy-targeted

View File

@ -1,6 +1,6 @@
--- ---
- name: "(Setup: Suse) Setup SELinux" - name: "(Setup: SUSE) Setup SELinux"
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml" include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
when: when:
- nginx_selinux - nginx_selinux | bool
- ansible_selinux.mode is defined - ansible_selinux.mode is defined

View File

@ -3,7 +3,7 @@
file: file:
path: "{{ nginx_service_overridepath }}" path: "{{ nginx_service_overridepath }}"
state: directory state: directory
mode: '0755' mode: 0755
- name: "(Setup: Linux) Create Override For NGINX Systemd Service" - name: "(Setup: Linux) Create Override For NGINX Systemd Service"
template: template:
@ -11,11 +11,11 @@
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
owner: root owner: root
group: root group: root
mode: '0644' mode: 0644
notify: "(Handler: All OSs) systemd daemon-reload" notify: "(Handler: All OSs) Systemd Daemon-Reload"
when: when:
- not nginx_service_custom - not nginx_service_custom | bool
- not nginx_service_clean - not nginx_service_clean | bool
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service" - name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
copy: copy:
@ -23,15 +23,15 @@
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}" dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
owner: root owner: root
group: root group: root
mode: '0644' mode: 0644
notify: "(Handler: All OSs) systemd daemon-reload" notify: "(Handler: All OSs) Systemd Daemon-Reload"
when: when:
- nginx_service_custom - nginx_service_custom | bool
- not nginx_service_clean - not nginx_service_clean | bool
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service" - name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
file: file:
path: "{{ nginx_service_overridepath }}" path: "{{ nginx_service_overridepath }}"
state: absent state: absent
notify: "(Handler: All OSs) systemd daemon-reload" notify: "(Handler: All OSs) Systemd Daemon-Reload"
when: nginx_service_clean when: nginx_service_clean | bool

View File

@ -1,9 +1,9 @@
--- ---
- include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml" - name: "(Setup: All OSs) Configure NGINX Unit Repository"
when: include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml"
- ansible_os_family == "Debian" when: ansible_os_family == "Debian"
or ansible_os_family == "RedHat" or ansible_os_family == "RedHat"
or ansible_os_family == "FreeBSD" or ansible_os_family == "FreeBSD"
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit" - name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit"
package: package:
@ -19,5 +19,6 @@
when: ansible_os_family == "FreeBSD" when: ansible_os_family == "FreeBSD"
notify: "(Handler: FreeBSD) Start NGINX Unit" notify: "(Handler: FreeBSD) Start NGINX Unit"
- include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml" - name: "(Install: All OSs) Install NGINX Unit modules"
when: nginx_unit_modules is defined and nginx_unit_modules include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
when: nginx_unit_modules is defined

View File

@ -95,7 +95,7 @@ clearTimeout(ref);
<div id="footer"> <div id="footer">
<div id="center" align="center"> <div id="center" align="center">
Request ID: request_id<br/> Request ID: request_id<br/>
&copy; NGINX, Inc. 2018 - 2019 &copy; NGINX, Inc. 2018 - <script>document.write(new Date().getFullYear())</script>
</div> </div>
</div> </div>
</body> </body>