Prepare 0.15.0 release (#300)
This commit is contained in:
parent
0922304b12
commit
3bcd7a0919
6
.gitignore
vendored
6
.gitignore
vendored
@ -2,7 +2,6 @@
|
||||
############################
|
||||
*.crt
|
||||
*.key
|
||||
__pycache__
|
||||
*~
|
||||
\#*
|
||||
|
||||
@ -12,4 +11,7 @@ Thumbs.db
|
||||
.vscode
|
||||
|
||||
# Ansible specific
|
||||
*.retry
|
||||
*.retry
|
||||
|
||||
# Python specific
|
||||
__pycache__
|
||||
|
49
.travis.yml
49
.travis.yml
@ -1,69 +1,68 @@
|
||||
---
|
||||
language: python
|
||||
services:
|
||||
- docker
|
||||
services: docker
|
||||
jobs:
|
||||
include:
|
||||
- name: "Install Specific Version - Debian/Ubuntu"
|
||||
- name: "(Debian/Ubuntu) Install Specific Version"
|
||||
env:
|
||||
scenario: default
|
||||
- name: "Install Specific Version - Alpine"
|
||||
- name: "(Alpine) Install Specific Version"
|
||||
env:
|
||||
scenario: default_alpine
|
||||
- name: "Install Specific Version - CentOS"
|
||||
- name: "(CentOS) Install Specific Version"
|
||||
env:
|
||||
scenario: default_centos
|
||||
- name: "Install Modules - Debian/Ubuntu"
|
||||
- name: "(Debian/Ubuntu) Install Modules"
|
||||
env:
|
||||
scenario: module
|
||||
- name: "Install Modules - Alpine"
|
||||
- name: "(Alpine) Install Modules"
|
||||
env:
|
||||
scenario: module_alpine
|
||||
- name: "Install Modules - CentOS"
|
||||
- name: "(CentOS) Install Modules"
|
||||
env:
|
||||
scenario: module_centos
|
||||
- name: "Install Stable Branch and Push Configuration - Debian/Ubuntu"
|
||||
- name: "(Debian/Ubuntu) Install Stable Branch and Push Configuration"
|
||||
env:
|
||||
scenario: stable_push
|
||||
- name: "Install Stable Branch and Push Configuration - Alpine"
|
||||
- name: "(Alpine) Install Stable Branch and Push Configuration"
|
||||
env:
|
||||
scenario: stable_push_alpine
|
||||
- name: "Install Stable Branch and Push Configuration - CentOS"
|
||||
- name: "(CentOS) Install Stable Branch and Push Configuration"
|
||||
env:
|
||||
scenario: stable_push_centos
|
||||
- name: "Use Template Setting - Debian/Ubuntu"
|
||||
- name: "(Debian/Ubuntu) Use Template Setting"
|
||||
env:
|
||||
scenario: template
|
||||
- name: "Use Template Setting - Alpine"
|
||||
- name: "(Alpine) Use Template Setting"
|
||||
env:
|
||||
scenario: template_alpine
|
||||
- name: "Use Template Setting - CentOS"
|
||||
- name: "(CentOS) Use Template Setting"
|
||||
env:
|
||||
scenario: template_centos
|
||||
- name: "Install Unit - Debian/Ubuntu"
|
||||
- name: "(Debian/Ubuntu) Install NGINX Unit"
|
||||
env:
|
||||
scenario: unit
|
||||
- name: "Install Unit - Alpine"
|
||||
- name: "(Alpine) Install NGINX Unit"
|
||||
env:
|
||||
scenario: unit_alpine
|
||||
- name: "Install Unit - CentOS"
|
||||
- name: "(CentOS) Install NGINX Unit"
|
||||
env:
|
||||
scenario: unit_centos
|
||||
- name: "Install from Source - Debian/Ubuntu"
|
||||
- name: "(Debian/Ubuntu) Install from Source"
|
||||
env:
|
||||
scenario: source
|
||||
- name: "Install from Source - Alpine"
|
||||
- name: "(Alpine) Install from Source"
|
||||
env:
|
||||
scenario: source_alpine
|
||||
- name: "Install from Source - CentOS"
|
||||
- name: "(CentOS) Install from Source"
|
||||
env:
|
||||
scenario: source_centos
|
||||
before_install:
|
||||
- sudo apt-get -qq update
|
||||
before_install: sudo apt-get -qq update
|
||||
install:
|
||||
- pip install ansible==2.9.9
|
||||
- pip install molecule[docker]==3.0.4
|
||||
- pip install ansible-lint
|
||||
- pip install ansible==2.9.11
|
||||
- pip install molecule==3.0.6
|
||||
- pip install docker==4.2.2
|
||||
- pip install ansible-lint==4.2.0
|
||||
script:
|
||||
- molecule --version
|
||||
- ansible --version
|
||||
|
@ -2,6 +2,11 @@
|
||||
|
||||
## 0.15.0 (Unreleased)
|
||||
|
||||
DEPRECATION WARNING:
|
||||
|
||||
* NGINX now has a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionailities included in this role will be removed in an upcoming release.
|
||||
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionailities included in this role will be removed in an upcoming release.
|
||||
|
||||
BREAKING CHANGES:
|
||||
|
||||
* The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
|
||||
|
@ -26,7 +26,7 @@ Follow our [Installation Guide](https://github.com/nginxinc/ansible-role-nginx/b
|
||||
|
||||
### Project Structure
|
||||
|
||||
* The NGINX Ansible role is written in `yaml` and supports open source NGINX, NGINX Plus, NGINX Amplify, and NGINX Unit.
|
||||
* The NGINX Ansible role is written in `yaml` and supports NGINX Open Source, NGINX Plus, NGINX Amplify, and NGINX Unit.
|
||||
* The project follows the standard [Ansible role directory structure](https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse_roles.html)
|
||||
* The main code is found in `tasks/`
|
||||
* The main variables can be found in `defaults/main/*.yml`
|
||||
|
12
README.md
12
README.md
@ -8,6 +8,10 @@ This role installs NGINX Open Source, NGINX Plus, the NGINX Amplify agent, or NG
|
||||
|
||||
**Note:** This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
|
||||
|
||||
**Deprecation Warnings:**
|
||||
* NGINX now has a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionailities included in this role will be removed in an upcoming release.
|
||||
* NGINX Unit now has a separate role available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionailities included in this role will be removed in an upcoming release.
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
@ -208,9 +212,11 @@ Do note that if you install this repository via Ansible Galaxy, you will have to
|
||||
Other NGINX Roles
|
||||
-----------------
|
||||
|
||||
You can find an Ansible collection of roles to help you install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller)
|
||||
You can find an Ansible role to install and configure NGINX App Protect [here](https://github.com/nginxinc/ansible-role-nginx-app-protect)
|
||||
|
||||
You can find an Ansible role to help you install and configure NGINX App Protect [here](https://github.com/nginxinc/ansible-role-nginx-app-protect)
|
||||
You can find an Ansible collection of roles to install and configure NGINX Controller [here](https://github.com/nginxinc/ansible-collection-nginx_controller)
|
||||
|
||||
You can find an Ansible role to install NGINX Unit [here](https://github.com/nginxinc/ansible-role-nginx-unit)
|
||||
|
||||
License
|
||||
-------
|
||||
@ -226,4 +232,4 @@ Author Information
|
||||
|
||||
[Tom Gamull](https://github.com/magicalyak)
|
||||
|
||||
© [NGINX, Inc.](https://www.nginx.com/) 2018 - 2020
|
||||
© [F5 Networks, Inc.](https://www.f5.com/) 2018 - 2020
|
||||
|
@ -7,19 +7,19 @@ nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD
|
||||
nginx_plus_bsd_systems: ['FreeBSD']
|
||||
|
||||
# Choose to install BSD packages or ports.
|
||||
# Options are True for packages or False for ports.
|
||||
# Default is True.
|
||||
# Options are true for packages or false for ports.
|
||||
# Default is true.
|
||||
nginx_bsd_install_packages: true
|
||||
|
||||
# Choose to update BSD ports collection.
|
||||
# Options are True for update or False for do not update.
|
||||
# Default is True.
|
||||
# Options are true for update or false for do not update.
|
||||
# Default is true.
|
||||
nginx_bsd_update_ports: true
|
||||
|
||||
# Choose to install packages built from BSD ports collection if
|
||||
# available.
|
||||
# Options are True for use packages or False for do not use packages.
|
||||
# Default is True.
|
||||
# Options are true for use packages or false for do not use packages.
|
||||
# Default is true.
|
||||
nginx_bsd_portinstall_use_packages: true
|
||||
|
||||
# FreeBSD extra packages
|
||||
|
@ -105,7 +105,7 @@ nginx_cleanup_config_paths:
|
||||
# nginx_cleanup_config_files:
|
||||
# - /etc/nginx/conf.d/default.conf
|
||||
|
||||
# Set selinux enforcing for nginx (Centos/Redhat only) - you may need to open ports on your own
|
||||
# Set SELinux enforcing for NGINX (Centos/Redhat only) - you may need to open ports on your own
|
||||
nginx_selinux: false
|
||||
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
|
||||
nginx_selinux_enforcing: true
|
||||
|
@ -3,4 +3,4 @@
|
||||
# Use a list of supported NGINX Unit modules.
|
||||
# Default is false.
|
||||
nginx_unit_enable: false
|
||||
nginx_unit_modules: null
|
||||
nginx_unit_modules: []
|
||||
|
@ -1,25 +0,0 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Welcome to nginx!</title>
|
||||
<style>
|
||||
body {
|
||||
width: 35em;
|
||||
margin: 0 auto;
|
||||
font-family: Tahoma, Verdana, Arial, sans-serif;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Welcome to nginx!</h1>
|
||||
<p>If you see this page, the nginx web server is successfully installed and
|
||||
working. Further configuration is required.</p>
|
||||
|
||||
<p>For online documentation and support please refer to
|
||||
<a href="http://nginx.org/">nginx.org</a>.<br/>
|
||||
Commercial support is available at
|
||||
<a href="http://nginx.com/">nginx.com</a>.</p>
|
||||
|
||||
<p><em>Thank you for using nginx.</em></p>
|
||||
</body>
|
||||
</html>
|
@ -1,17 +1,15 @@
|
||||
---
|
||||
# handlers file for ansible-role-nginx
|
||||
- name: "(Handler: All OSs) Check NGINX"
|
||||
command: "nginx -t"
|
||||
changed_when: false
|
||||
|
||||
- name: "(Handler: All OSs) systemd daemon-reload"
|
||||
- name: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
systemd:
|
||||
daemon_reload: yes
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Handler: All OSs) Run NGINX"
|
||||
block:
|
||||
|
||||
- name: "(Handler: All OSs) Start NGINX"
|
||||
service:
|
||||
name: nginx
|
||||
@ -22,7 +20,6 @@
|
||||
- name: "(Handler: All OSs) Reload NGINX"
|
||||
command: "nginx -s reload"
|
||||
changed_when: false
|
||||
|
||||
when:
|
||||
- nginx_start | bool
|
||||
- not ansible_check_mode
|
||||
|
@ -2,7 +2,8 @@
|
||||
galaxy_info:
|
||||
author: Alessandro Fael Garcia
|
||||
description: Official Ansible role for NGINX
|
||||
company: NGINX, Inc.
|
||||
role_name: nginx
|
||||
company: F5 Networks, Inc.
|
||||
|
||||
license: Apache License, Version 2.0
|
||||
|
||||
|
@ -2,44 +2,46 @@
|
||||
- name: Converge
|
||||
hosts: all
|
||||
pre_tasks:
|
||||
- name: "Set repo if Alpine"
|
||||
- name: Set repo if Alpine
|
||||
set_fact:
|
||||
version: "=1.17.10-r1"
|
||||
when: ansible_os_family == "Alpine"
|
||||
- name: "Set repo if Debian"
|
||||
- name: Set repo if Debian
|
||||
set_fact:
|
||||
version: "=1.17.10-1~{{ ansible_distribution_release }}"
|
||||
when: ansible_os_family == "Debian"
|
||||
- name: "Set repo if RedHat"
|
||||
- name: Set repo if RedHat
|
||||
set_fact:
|
||||
version: "-1.17.10-1.el{{ ansible_distribution_major_version }}.ngx"
|
||||
when: ansible_os_family == "RedHat"
|
||||
- name: "Enable Nginx @CentOS-AppStream dnf modules"
|
||||
- name: Enable NGINX @CentOS-AppStream dnf modules
|
||||
shell:
|
||||
args:
|
||||
cmd: dnf module info nginx | grep -q 'Stream.*\[e\]' && echo -n ENABLED || dnf module enable -y nginx # noqa 204 303
|
||||
register: dnf_module_enable
|
||||
changed_when: dnf_module_enable.stdout != 'ENABLED'
|
||||
when: ansible_os_family == "RedHat" and ansible_distribution_major_version == "8"
|
||||
roles:
|
||||
- role: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
nginx_selinux: true
|
||||
nginx_selinux_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
nginx_version: "{{ version }}"
|
||||
nginx_configure: false
|
||||
nginx_logrotate_conf_enable: true
|
||||
nginx_logrotate_conf:
|
||||
paths:
|
||||
- "/var/log/nginx/*.log"
|
||||
options:
|
||||
- daily
|
||||
- missingok
|
||||
- rotate 14
|
||||
- compress
|
||||
- delaycompress
|
||||
- notifempty
|
||||
- sharedscripts
|
||||
tasks:
|
||||
- name: Install NGINX
|
||||
include_role:
|
||||
name: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
nginx_selinux: true
|
||||
nginx_selinux_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
nginx_version: "{{ version }}"
|
||||
nginx_configure: false
|
||||
nginx_logrotate_conf_enable: true
|
||||
nginx_logrotate_conf:
|
||||
paths:
|
||||
- "/var/log/nginx/*.log"
|
||||
options:
|
||||
- daily
|
||||
- missingok
|
||||
- rotate 14
|
||||
- compress
|
||||
- delaycompress
|
||||
- notifempty
|
||||
- sharedscripts
|
||||
|
@ -1,31 +1,33 @@
|
||||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
roles:
|
||||
- role: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
tasks:
|
||||
- name: Install NGINX modules
|
||||
include_role:
|
||||
name: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
|
||||
nginx_service_modify: true
|
||||
nginx_service_timeout: 95
|
||||
nginx_selinux: true
|
||||
nginx_selinux_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
nginx_service_modify: true
|
||||
nginx_service_timeout: 95
|
||||
nginx_selinux: true
|
||||
nginx_selinux_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
|
||||
nginx_cleanup_config: true
|
||||
nginx_cleanup_config_paths:
|
||||
- directory:
|
||||
- /etc/nginx/conf.d
|
||||
recurse: false
|
||||
nginx_cleanup_config_files:
|
||||
- /etc/nginx/conf.d/default.conf
|
||||
nginx_cleanup_config: true
|
||||
nginx_cleanup_config_paths:
|
||||
- directory:
|
||||
- /etc/nginx/conf.d
|
||||
recurse: false
|
||||
nginx_cleanup_config_files:
|
||||
- /etc/nginx/conf.d/default.conf
|
||||
|
||||
nginx_modules:
|
||||
njs: true
|
||||
perl: true
|
||||
waf: false
|
||||
geoip: true
|
||||
image_filter: true
|
||||
rtmp: true
|
||||
xslt: true
|
||||
nginx_modules:
|
||||
njs: true
|
||||
perl: true
|
||||
waf: false
|
||||
geoip: true
|
||||
image_filter: true
|
||||
rtmp: true
|
||||
xslt: true
|
||||
|
@ -1,14 +1,16 @@
|
||||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
roles:
|
||||
- role: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
tasks:
|
||||
- name: Install NGINX from source
|
||||
include_role:
|
||||
name: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
|
||||
nginx_install_from: source
|
||||
nginx_branch: stable
|
||||
nginx_install_source_build_tools: true
|
||||
nginx_install_source_pcre: true
|
||||
nginx_install_source_openssl: true
|
||||
nginx_install_source_zlib: true
|
||||
nginx_install_from: source
|
||||
nginx_branch: stable
|
||||
nginx_install_source_build_tools: true
|
||||
nginx_install_source_pcre: true
|
||||
nginx_install_source_openssl: true
|
||||
nginx_install_source_zlib: true
|
||||
|
@ -1,13 +1,15 @@
|
||||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
roles:
|
||||
- role: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
tasks:
|
||||
- name: Push NGINX config
|
||||
include_role:
|
||||
name: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
|
||||
nginx_branch: stable
|
||||
nginx_main_upload_enable: true
|
||||
nginx_main_upload_src: ../files/nginx.conf
|
||||
nginx_http_upload_enable: true
|
||||
nginx_http_upload_src: ../files/http/*.conf
|
||||
nginx_branch: stable
|
||||
nginx_main_upload_enable: true
|
||||
nginx_main_upload_src: ../files/nginx.conf
|
||||
nginx_http_upload_enable: true
|
||||
nginx_http_upload_src: ../files/http/*.conf
|
||||
|
@ -1,391 +1,393 @@
|
||||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
roles:
|
||||
- role: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
tasks:
|
||||
- name: Configure NGINX
|
||||
include_role:
|
||||
name: ansible-role-nginx
|
||||
vars:
|
||||
nginx_debug_output: true
|
||||
|
||||
nginx_service_modify: true
|
||||
nginx_service_timeout: 95
|
||||
nginx_selinux: true
|
||||
nginx_selinux_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
nginx_service_modify: true
|
||||
nginx_service_timeout: 95
|
||||
nginx_selinux: true
|
||||
nginx_selinux_tcp_ports:
|
||||
- 80
|
||||
- 443
|
||||
|
||||
nginx_main_template_enable: true
|
||||
nginx_main_template:
|
||||
template_file: nginx.conf.j2
|
||||
conf_file_name: nginx.conf
|
||||
conf_file_location: /etc/nginx/
|
||||
user: nginx
|
||||
worker_processes: auto
|
||||
pid: /var/run/nginx.pid
|
||||
error_log:
|
||||
location: /var/log/nginx/error.log
|
||||
level: warn
|
||||
worker_connections: 1024
|
||||
http_enable: true
|
||||
http_settings:
|
||||
default_type: application/octet-stream
|
||||
access_log_format:
|
||||
- name: main
|
||||
format: |
|
||||
'$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"'
|
||||
access_log_location:
|
||||
- name: main
|
||||
location: /var/log/nginx/access.log
|
||||
keepalive_timeout: 65
|
||||
cache: false
|
||||
rate_limit: false
|
||||
keyval: false
|
||||
server_tokens: "off"
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "on"
|
||||
types: "text/html"
|
||||
http_global_autoindex: false
|
||||
custom_options:
|
||||
- master_process on;
|
||||
http_custom_options:
|
||||
- aio off;
|
||||
http_custom_includes:
|
||||
- "/etc/nginx/sites-enabled/*.conf"
|
||||
events_custom_options:
|
||||
- accept_mutex off;
|
||||
stream_enable: true
|
||||
nginx_main_template_enable: true
|
||||
nginx_main_template:
|
||||
template_file: nginx.conf.j2
|
||||
conf_file_name: nginx.conf
|
||||
conf_file_location: /etc/nginx/
|
||||
user: nginx
|
||||
worker_processes: auto
|
||||
pid: /var/run/nginx.pid
|
||||
error_log:
|
||||
location: /var/log/nginx/error.log
|
||||
level: warn
|
||||
worker_connections: 1024
|
||||
http_enable: true
|
||||
http_settings:
|
||||
default_type: application/octet-stream
|
||||
access_log_format:
|
||||
- name: main
|
||||
format: |
|
||||
'$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"'
|
||||
access_log_location:
|
||||
- name: main
|
||||
location: /var/log/nginx/access.log
|
||||
keepalive_timeout: 65
|
||||
cache: false
|
||||
rate_limit: false
|
||||
keyval: false
|
||||
server_tokens: "off"
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "on"
|
||||
types: "text/html"
|
||||
http_global_autoindex: false
|
||||
custom_options:
|
||||
- master_process on;
|
||||
http_custom_options:
|
||||
- aio off;
|
||||
http_custom_includes:
|
||||
- "/etc/nginx/sites-enabled/*.conf"
|
||||
events_custom_options:
|
||||
- accept_mutex off;
|
||||
stream_enable: true
|
||||
|
||||
nginx_status_enable: true
|
||||
nginx_status_port: 8080
|
||||
nginx_status_log: true
|
||||
nginx_status_enable: true
|
||||
nginx_status_port: 8080
|
||||
nginx_status_log: true
|
||||
|
||||
nginx_http_template_enable: true
|
||||
nginx_http_template:
|
||||
app:
|
||||
template_file: http/default.conf.j2
|
||||
conf_file_name: default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/
|
||||
servers:
|
||||
server1:
|
||||
listen:
|
||||
listen_localhost:
|
||||
ip: 0.0.0.0
|
||||
port: 80
|
||||
opts:
|
||||
- default_server
|
||||
server_name: localhost
|
||||
http_error_pages:
|
||||
404: /404.html
|
||||
error_page: /usr/share/nginx/html
|
||||
client_max_body_size: 512k
|
||||
proxy_hide_headers:
|
||||
- X-Powered-By
|
||||
add_headers:
|
||||
strict_transport_security:
|
||||
name: Strict-Transport-Security
|
||||
value: max-age=15768000; includeSubDomains
|
||||
always: true
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "on"
|
||||
types: "text/html"
|
||||
# custom_options: []
|
||||
reverse_proxy:
|
||||
locations:
|
||||
frontend:
|
||||
location: /
|
||||
proxy_hide_headers:
|
||||
- X-Powered-By
|
||||
add_headers:
|
||||
strict_transport_security:
|
||||
name: Strict-Transport-Security
|
||||
value: max-age=15768000; includeSubDomains
|
||||
always: true
|
||||
another_header:
|
||||
name: Fancy-New-Header-To-Test
|
||||
value: testing=true
|
||||
always: false
|
||||
proxy_pass: http://frontend_servers/
|
||||
proxy_cache: frontend_proxy_cache
|
||||
proxy_cache_valid:
|
||||
- code: 200
|
||||
time: 10m
|
||||
- code: 301
|
||||
time: 1m
|
||||
proxy_temp_path:
|
||||
path: /var/cache/nginx/proxy/frontend/temp
|
||||
proxy_cache_lock: false
|
||||
proxy_cache_min_uses: 3
|
||||
proxy_cache_revalidate: false
|
||||
proxy_cache_use_stale:
|
||||
- http_403
|
||||
- http_404
|
||||
proxy_ignore_headers:
|
||||
- Vary
|
||||
- Cache-Control
|
||||
proxy_redirect: false
|
||||
proxy_set_header:
|
||||
header_host:
|
||||
name: Host
|
||||
value: $host
|
||||
header_x_real_ip:
|
||||
name: X-Real-IP
|
||||
value: $remote_addr
|
||||
header_x_forwarded_for:
|
||||
name: X-Forwarded-For
|
||||
value: $proxy_add_x_forwarded_for
|
||||
header_x_forwarded_proto:
|
||||
name: X-Forwarded-Proto
|
||||
value: $scheme
|
||||
proxy_buffering: false
|
||||
client_max_body_size: 5m
|
||||
nginx_http_template_enable: true
|
||||
nginx_http_template:
|
||||
app:
|
||||
template_file: http/default.conf.j2
|
||||
conf_file_name: default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/
|
||||
servers:
|
||||
server1:
|
||||
listen:
|
||||
listen_localhost:
|
||||
ip: 0.0.0.0
|
||||
port: 80
|
||||
opts:
|
||||
- default_server
|
||||
server_name: localhost
|
||||
http_error_pages:
|
||||
404: /404.html
|
||||
error_page: /usr/share/nginx/html
|
||||
client_max_body_size: 512k
|
||||
proxy_hide_headers:
|
||||
- X-Powered-By
|
||||
add_headers:
|
||||
strict_transport_security:
|
||||
name: Strict-Transport-Security
|
||||
value: max-age=15768000; includeSubDomains
|
||||
always: true
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "on"
|
||||
types: "text/html"
|
||||
# custom_options: []
|
||||
reverse_proxy:
|
||||
locations:
|
||||
frontend:
|
||||
location: /
|
||||
proxy_hide_headers:
|
||||
- X-Powered-By
|
||||
add_headers:
|
||||
strict_transport_security:
|
||||
name: Strict-Transport-Security
|
||||
value: max-age=15768000; includeSubDomains
|
||||
always: true
|
||||
another_header:
|
||||
name: Fancy-New-Header-To-Test
|
||||
value: testing=true
|
||||
always: false
|
||||
proxy_pass: http://frontend_servers/
|
||||
proxy_cache: frontend_proxy_cache
|
||||
proxy_cache_valid:
|
||||
- code: 200
|
||||
time: 10m
|
||||
- code: 301
|
||||
time: 1m
|
||||
proxy_temp_path:
|
||||
path: /var/cache/nginx/proxy/frontend/temp
|
||||
proxy_cache_lock: false
|
||||
proxy_cache_min_uses: 3
|
||||
proxy_cache_revalidate: false
|
||||
proxy_cache_use_stale:
|
||||
- http_403
|
||||
- http_404
|
||||
proxy_ignore_headers:
|
||||
- Vary
|
||||
- Cache-Control
|
||||
proxy_redirect: false
|
||||
proxy_set_header:
|
||||
header_host:
|
||||
name: Host
|
||||
value: $host
|
||||
header_x_real_ip:
|
||||
name: X-Real-IP
|
||||
value: $remote_addr
|
||||
header_x_forwarded_for:
|
||||
name: X-Forwarded-For
|
||||
value: $proxy_add_x_forwarded_for
|
||||
header_x_forwarded_proto:
|
||||
name: X-Forwarded-Proto
|
||||
value: $scheme
|
||||
proxy_buffering: false
|
||||
client_max_body_size: 5m
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "on"
|
||||
types: "text/html"
|
||||
backend:
|
||||
location: /backend
|
||||
proxy_pass: http://backend_servers/
|
||||
proxy_cache: backend_proxy_cache
|
||||
proxy_cache_valid:
|
||||
- time: 10m
|
||||
proxy_temp_path:
|
||||
path: /var/cache/nginx/proxy/backend/temp
|
||||
proxy_cache_lock: true
|
||||
proxy_cache_min_uses: 2
|
||||
proxy_cache_revalidate: true
|
||||
proxy_cache_use_stale:
|
||||
- http_500
|
||||
- http_502
|
||||
- http_503
|
||||
proxy_redirect: default
|
||||
proxy_set_header:
|
||||
header_host:
|
||||
name: Host
|
||||
value: $host
|
||||
header_x_real_ip:
|
||||
name: X-Real-IP
|
||||
value: $remote_addr
|
||||
header_x_forwarded_for:
|
||||
name: X-Forwarded-For
|
||||
value: $proxy_add_x_forwarded_for
|
||||
header_x_forwarded_proto:
|
||||
name: X-Forwarded-Proto
|
||||
value: $scheme
|
||||
proxy_cookie_path:
|
||||
path: /web/
|
||||
replacement: /
|
||||
returns:
|
||||
return301:
|
||||
location: ^~ /old-path
|
||||
code: 301
|
||||
value: http://$host/new-path
|
||||
proxy_cache:
|
||||
proxy_cache_path:
|
||||
- path: /var/cache/nginx/proxy/frontend
|
||||
keys_zone:
|
||||
name: frontend_proxy_cache
|
||||
size: 5m
|
||||
levels: "1:2"
|
||||
max_size: 5g
|
||||
inactive: 30m
|
||||
use_temp_path: true
|
||||
- path: /var/cache/nginx/proxy/backend
|
||||
keys_zone:
|
||||
name: backend_proxy_cache
|
||||
size: 10m
|
||||
levels: "1:2"
|
||||
max_size: 10g
|
||||
inactive: 60m
|
||||
use_temp_path: true
|
||||
proxy_temp_path:
|
||||
path: /var/cache/nginx/proxy/temp
|
||||
proxy_cache_lock: true
|
||||
proxy_cache_min_uses: 5
|
||||
proxy_cache_revalidate: true
|
||||
proxy_cache_use_stale:
|
||||
- error
|
||||
- timeout
|
||||
proxy_ignore_headers:
|
||||
- Expires
|
||||
upstreams:
|
||||
frontend_upstream:
|
||||
name: frontend_servers
|
||||
lb_method: least_conn
|
||||
zone_name: frontend_mem_zone
|
||||
zone_size: 64k
|
||||
sticky_cookie: false
|
||||
servers:
|
||||
frontend_server_1:
|
||||
address: 0.0.0.0
|
||||
port: 8081
|
||||
weight: 1
|
||||
health_check: max_fails=3 fail_timeout=5s
|
||||
backend_upstream:
|
||||
name: backend_servers
|
||||
lb_method: least_conn
|
||||
zone_name: backend_mem_zone
|
||||
zone_size: 64k
|
||||
sticky_cookie: false
|
||||
servers:
|
||||
backend_server_1:
|
||||
address: 0.0.0.0
|
||||
port: 8082
|
||||
weight: 1
|
||||
health_check: max_fails=3 fail_timeout=5s
|
||||
backend_server_2:
|
||||
address: unix:/var/run/control.unit.sock
|
||||
weight: 1
|
||||
health_check: max_fails=3 fail_timeout=5s
|
||||
backend_server_3:
|
||||
address: 0.0.0.0
|
||||
port: 8083
|
||||
down: true
|
||||
frontend:
|
||||
template_file: http/default.conf.j2
|
||||
conf_file_name: frontend_default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/
|
||||
servers:
|
||||
server1:
|
||||
listen:
|
||||
listen_localhost:
|
||||
port: 8081
|
||||
opts: []
|
||||
server_name: localhost
|
||||
error_page: /usr/share/nginx/html
|
||||
autoindex: false
|
||||
sub_filter:
|
||||
sub_filters:
|
||||
- "'server_hostname' '$hostname'"
|
||||
- "'server_address' '$server_addr:$server_port'"
|
||||
- "'server_url' '$request_uri'"
|
||||
- "'remote_addr' '$remote_addr:$remote_port'"
|
||||
- "'server_date' '$time_local'"
|
||||
- "'client_browser' '$http_user_agent'"
|
||||
- "'request_id' '$request_id'"
|
||||
- "'nginx_version' '$nginx_version'"
|
||||
- "'document_root' '$document_root'"
|
||||
- "'proxied_for_ip' '$http_x_forwarded_for'"
|
||||
last_modified: "off"
|
||||
once: "off"
|
||||
types: "text/html"
|
||||
web_server:
|
||||
locations:
|
||||
frontend_site:
|
||||
location: /
|
||||
proxy_hide_headers:
|
||||
- X-Powered-By
|
||||
html_file_location: /usr/share/nginx/html
|
||||
html_file_name: frontend_index.html
|
||||
autoindex: false
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "on"
|
||||
once: "off"
|
||||
types: "text/html"
|
||||
backend:
|
||||
location: /backend
|
||||
proxy_pass: http://backend_servers/
|
||||
proxy_cache: backend_proxy_cache
|
||||
proxy_cache_valid:
|
||||
- time: 10m
|
||||
proxy_temp_path:
|
||||
path: /var/cache/nginx/proxy/backend/temp
|
||||
proxy_cache_lock: true
|
||||
proxy_cache_min_uses: 2
|
||||
proxy_cache_revalidate: true
|
||||
proxy_cache_use_stale:
|
||||
- http_500
|
||||
- http_502
|
||||
- http_503
|
||||
proxy_redirect: default
|
||||
proxy_set_header:
|
||||
header_host:
|
||||
name: Host
|
||||
value: $host
|
||||
header_x_real_ip:
|
||||
name: X-Real-IP
|
||||
value: $remote_addr
|
||||
header_x_forwarded_for:
|
||||
name: X-Forwarded-For
|
||||
value: $proxy_add_x_forwarded_for
|
||||
header_x_forwarded_proto:
|
||||
name: X-Forwarded-Proto
|
||||
value: $scheme
|
||||
proxy_cookie_path:
|
||||
path: /web/
|
||||
replacement: /
|
||||
returns:
|
||||
return301:
|
||||
location: ^~ /old-path
|
||||
code: 301
|
||||
value: http://$host/new-path
|
||||
proxy_cache:
|
||||
proxy_cache_path:
|
||||
- path: /var/cache/nginx/proxy/frontend
|
||||
keys_zone:
|
||||
name: frontend_proxy_cache
|
||||
size: 5m
|
||||
levels: "1:2"
|
||||
max_size: 5g
|
||||
inactive: 30m
|
||||
use_temp_path: true
|
||||
- path: /var/cache/nginx/proxy/backend
|
||||
keys_zone:
|
||||
name: backend_proxy_cache
|
||||
size: 10m
|
||||
levels: "1:2"
|
||||
max_size: 10g
|
||||
inactive: 60m
|
||||
use_temp_path: true
|
||||
proxy_temp_path:
|
||||
path: /var/cache/nginx/proxy/temp
|
||||
proxy_cache_lock: true
|
||||
proxy_cache_min_uses: 5
|
||||
proxy_cache_revalidate: true
|
||||
proxy_cache_use_stale:
|
||||
- error
|
||||
- timeout
|
||||
proxy_ignore_headers:
|
||||
- Expires
|
||||
upstreams:
|
||||
frontend_upstream:
|
||||
name: frontend_servers
|
||||
lb_method: least_conn
|
||||
zone_name: frontend_mem_zone
|
||||
zone_size: 64k
|
||||
sticky_cookie: false
|
||||
http_demo_conf: false
|
||||
backend:
|
||||
template_file: http/default.conf.j2
|
||||
conf_file_name: backend_default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/
|
||||
servers:
|
||||
frontend_server_1:
|
||||
address: 0.0.0.0
|
||||
port: 8081
|
||||
weight: 1
|
||||
health_check: max_fails=3 fail_timeout=5s
|
||||
backend_upstream:
|
||||
name: backend_servers
|
||||
lb_method: least_conn
|
||||
zone_name: backend_mem_zone
|
||||
zone_size: 64k
|
||||
sticky_cookie: false
|
||||
servers:
|
||||
backend_server_1:
|
||||
address: 0.0.0.0
|
||||
port: 8082
|
||||
weight: 1
|
||||
health_check: max_fails=3 fail_timeout=5s
|
||||
backend_server_2:
|
||||
address: unix:/var/run/control.unit.sock
|
||||
weight: 1
|
||||
health_check: max_fails=3 fail_timeout=5s
|
||||
backend_server_3:
|
||||
address: 0.0.0.0
|
||||
port: 8083
|
||||
down: true
|
||||
frontend:
|
||||
template_file: http/default.conf.j2
|
||||
conf_file_name: frontend_default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/
|
||||
servers:
|
||||
server1:
|
||||
listen:
|
||||
listen_localhost:
|
||||
port: 8081
|
||||
opts: []
|
||||
server_name: localhost
|
||||
error_page: /usr/share/nginx/html
|
||||
autoindex: false
|
||||
sub_filter:
|
||||
sub_filters:
|
||||
- "'server_hostname' '$hostname'"
|
||||
- "'server_address' '$server_addr:$server_port'"
|
||||
- "'server_url' '$request_uri'"
|
||||
- "'remote_addr' '$remote_addr:$remote_port'"
|
||||
- "'server_date' '$time_local'"
|
||||
- "'client_browser' '$http_user_agent'"
|
||||
- "'request_id' '$request_id'"
|
||||
- "'nginx_version' '$nginx_version'"
|
||||
- "'document_root' '$document_root'"
|
||||
- "'proxied_for_ip' '$http_x_forwarded_for'"
|
||||
last_modified: "off"
|
||||
once: "off"
|
||||
types: "text/html"
|
||||
web_server:
|
||||
locations:
|
||||
frontend_site:
|
||||
location: /
|
||||
proxy_hide_headers:
|
||||
- X-Powered-By
|
||||
html_file_location: /usr/share/nginx/html
|
||||
html_file_name: frontend_index.html
|
||||
autoindex: false
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "off"
|
||||
types: "text/html"
|
||||
http_demo_conf: false
|
||||
backend:
|
||||
template_file: http/default.conf.j2
|
||||
conf_file_name: backend_default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/
|
||||
servers:
|
||||
server1:
|
||||
listen:
|
||||
listen_localhost:
|
||||
port: 8082
|
||||
opts: []
|
||||
server_name: localhost
|
||||
error_page: /usr/share/nginx/html
|
||||
autoindex: false
|
||||
sub_filter:
|
||||
sub_filters:
|
||||
- "'server_hostname' '$hostname'"
|
||||
- "'server_address' '$server_addr:$server_port'"
|
||||
- "'server_url' '$request_uri'"
|
||||
- "'remote_addr' '$remote_addr:$remote_port'"
|
||||
- "'server_date' '$time_local'"
|
||||
- "'client_browser' '$http_user_agent'"
|
||||
- "'request_id' '$request_id'"
|
||||
- "'nginx_version' '$nginx_version'"
|
||||
- "'document_root' '$document_root'"
|
||||
- "'proxied_for_ip' '$http_x_forwarded_for'"
|
||||
last_modified: "off"
|
||||
once: "off"
|
||||
types: "text/html"
|
||||
web_server:
|
||||
locations:
|
||||
backend_site:
|
||||
location: /
|
||||
html_file_location: /usr/share/nginx/html
|
||||
html_file_name: backend_index.html
|
||||
autoindex: false
|
||||
php:
|
||||
location: ~ \.php$
|
||||
html_file_location: /usr/share/nginx/html
|
||||
autoindex: false
|
||||
custom_options:
|
||||
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
|
||||
- fastcgi_index index.php;
|
||||
- include fastcgi_params;
|
||||
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "off"
|
||||
types: "text/html"
|
||||
http_demo_conf: false
|
||||
nginx_html_demo_template_enable: true
|
||||
nginx_html_demo_template:
|
||||
frontend:
|
||||
template_file: www/index.html.j2
|
||||
html_file_name: frontend_index.html
|
||||
html_file_location: /usr/share/nginx/html
|
||||
web_server_name: Frontend
|
||||
backend:
|
||||
template_file: www/index.html.j2
|
||||
html_file_name: backend_index.html
|
||||
html_file_location: /usr/share/nginx/html
|
||||
web_server_name: Backend
|
||||
server1:
|
||||
listen:
|
||||
listen_localhost:
|
||||
port: 8082
|
||||
opts: []
|
||||
server_name: localhost
|
||||
error_page: /usr/share/nginx/html
|
||||
autoindex: false
|
||||
sub_filter:
|
||||
sub_filters:
|
||||
- "'server_hostname' '$hostname'"
|
||||
- "'server_address' '$server_addr:$server_port'"
|
||||
- "'server_url' '$request_uri'"
|
||||
- "'remote_addr' '$remote_addr:$remote_port'"
|
||||
- "'server_date' '$time_local'"
|
||||
- "'client_browser' '$http_user_agent'"
|
||||
- "'request_id' '$request_id'"
|
||||
- "'nginx_version' '$nginx_version'"
|
||||
- "'document_root' '$document_root'"
|
||||
- "'proxied_for_ip' '$http_x_forwarded_for'"
|
||||
last_modified: "off"
|
||||
once: "off"
|
||||
types: "text/html"
|
||||
web_server:
|
||||
locations:
|
||||
backend_site:
|
||||
location: /
|
||||
html_file_location: /usr/share/nginx/html
|
||||
html_file_name: backend_index.html
|
||||
autoindex: false
|
||||
php:
|
||||
location: ~ \.php$
|
||||
html_file_location: /usr/share/nginx/html
|
||||
autoindex: false
|
||||
custom_options:
|
||||
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
|
||||
- fastcgi_index index.php;
|
||||
- include fastcgi_params;
|
||||
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
sub_filter:
|
||||
# sub_filters: []
|
||||
last_modified: "off"
|
||||
once: "off"
|
||||
types: "text/html"
|
||||
http_demo_conf: false
|
||||
nginx_html_demo_template_enable: true
|
||||
nginx_html_demo_template:
|
||||
frontend:
|
||||
template_file: www/index.html.j2
|
||||
html_file_name: frontend_index.html
|
||||
html_file_location: /usr/share/nginx/html
|
||||
web_server_name: Frontend
|
||||
backend:
|
||||
template_file: www/index.html.j2
|
||||
html_file_name: backend_index.html
|
||||
html_file_location: /usr/share/nginx/html
|
||||
web_server_name: Backend
|
||||
|
||||
nginx_stream_template_enable: true
|
||||
nginx_stream_template:
|
||||
default:
|
||||
template_file: stream/default.conf.j2
|
||||
conf_file_name: default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/stream
|
||||
network_streams:
|
||||
app:
|
||||
listen:
|
||||
listen_localhost:
|
||||
ip: 0.0.0.0
|
||||
port: 80
|
||||
opts:
|
||||
- udp
|
||||
proxy_pass: backend
|
||||
proxy_timeout: 3s
|
||||
proxy_connect_timeout: 1s
|
||||
proxy_protocol: false
|
||||
health_check_plus: false
|
||||
upstreams:
|
||||
backend_upstream:
|
||||
name: backend
|
||||
lb_method: least_conn
|
||||
zone_name: backend
|
||||
zone_size: 64k
|
||||
sticky_cookie: false
|
||||
servers:
|
||||
backend_server_1:
|
||||
address: 0.0.0.0
|
||||
port: 8091
|
||||
weight: 1
|
||||
health_check: max_fails=1 fail_timeout=10s
|
||||
backend_server_2:
|
||||
address: 0.0.0.0
|
||||
port: 8092
|
||||
down: true
|
||||
nginx_stream_template_enable: true
|
||||
nginx_stream_template:
|
||||
default:
|
||||
template_file: stream/default.conf.j2
|
||||
conf_file_name: default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/stream
|
||||
network_streams:
|
||||
app:
|
||||
listen:
|
||||
listen_localhost:
|
||||
ip: 0.0.0.0
|
||||
port: 80
|
||||
opts:
|
||||
- udp
|
||||
proxy_pass: backend
|
||||
proxy_timeout: 3s
|
||||
proxy_connect_timeout: 1s
|
||||
proxy_protocol: false
|
||||
health_check_plus: false
|
||||
upstreams:
|
||||
backend_upstream:
|
||||
name: backend
|
||||
lb_method: least_conn
|
||||
zone_name: backend
|
||||
zone_size: 64k
|
||||
sticky_cookie: false
|
||||
servers:
|
||||
backend_server_1:
|
||||
address: 0.0.0.0
|
||||
port: 8091
|
||||
weight: 1
|
||||
health_check: max_fails=1 fail_timeout=10s
|
||||
backend_server_2:
|
||||
address: 0.0.0.0
|
||||
port: 8092
|
||||
down: true
|
||||
|
@ -2,29 +2,31 @@
|
||||
- name: Converge
|
||||
hosts: all
|
||||
pre_tasks:
|
||||
- name: "Set module if Alpine"
|
||||
- name: Set module if Alpine
|
||||
set_fact:
|
||||
module:
|
||||
- "unit-perl"
|
||||
- "unit-php7"
|
||||
- "unit-python3"
|
||||
- unit-perl
|
||||
- unit-php7
|
||||
- unit-python3
|
||||
when: ansible_os_family == "Alpine"
|
||||
- name: "Set module if Debian/RedHat"
|
||||
- name: Set module if Debian/RedHat
|
||||
set_fact:
|
||||
module:
|
||||
- "unit-perl"
|
||||
- "unit-php"
|
||||
- "unit-ruby"
|
||||
- unit-perl
|
||||
- unit-php
|
||||
- unit-ruby
|
||||
when: ansible_os_family == "Debian"
|
||||
- name: "Set module if RedHat"
|
||||
- name: Set module if RedHat
|
||||
set_fact:
|
||||
module:
|
||||
- "unit-php"
|
||||
- "unit-go"
|
||||
- unit-php
|
||||
- unit-go
|
||||
when: ansible_os_family == "RedHat"
|
||||
roles:
|
||||
- role: ansible-role-nginx
|
||||
vars:
|
||||
nginx_enable: false
|
||||
nginx_unit_enable: true
|
||||
nginx_unit_modules: "{{ module }}"
|
||||
tasks:
|
||||
- name: Install NGINX Unit
|
||||
include_role:
|
||||
name: ansible-role-nginx
|
||||
vars:
|
||||
nginx_enable: false
|
||||
nginx_unit_enable: true
|
||||
nginx_unit_modules: "{{ module }}"
|
||||
|
@ -1,8 +1,8 @@
|
||||
---
|
||||
- include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
or ansible_os_family == "Redhat"
|
||||
- name: "(Setup: All OSs) Configure NGINX Amplify Agent Repository"
|
||||
include_tasks: "{{ role_path }}/tasks/amplify/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
or ansible_os_family == "Redhat"
|
||||
|
||||
- name: "(Install: All OSs) Install NGINX Amplify Agent"
|
||||
package:
|
||||
|
@ -9,7 +9,7 @@
|
||||
when: ansible_os_family == "Debian"
|
||||
tags: nginx_aptkey
|
||||
|
||||
- name: "(Setup: Keys) CentOS/RedHat/Suse"
|
||||
- name: "(Setup: Keys) CentOS/RedHat/SUSE"
|
||||
include_tasks: "{{ role_path }}/tasks/keys/rpm-key.yml"
|
||||
when: ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "Suse"
|
||||
|
@ -11,8 +11,8 @@
|
||||
or ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "Suse"
|
||||
- nginx_install_from == "nginx_repository"
|
||||
or nginx_amplify_enable
|
||||
or nginx_unit_enable
|
||||
or nginx_amplify_enable | bool
|
||||
or nginx_unit_enable | bool
|
||||
tags: nginx_key
|
||||
|
||||
- name: "(Install/Config: All OSs) Install and Configure NGINX"
|
||||
@ -38,7 +38,7 @@
|
||||
include_tasks: "{{ role_path }}/tasks/plus/delete-license.yml"
|
||||
when:
|
||||
- nginx_type == "plus"
|
||||
- nginx_delete_license
|
||||
- nginx_delete_license | bool
|
||||
tags: nginx_delete_license
|
||||
when: nginx_install | bool
|
||||
|
||||
@ -51,19 +51,19 @@
|
||||
|
||||
- name: "(Config: All OSs) Upload NGINX Config"
|
||||
include_tasks: "{{ role_path }}/tasks/conf/upload-config.yml"
|
||||
when: nginx_main_upload_enable
|
||||
or nginx_http_upload_enable
|
||||
or nginx_stream_upload_enable
|
||||
or nginx_html_upload_enable
|
||||
or nginx_ssl_upload_enable
|
||||
when: nginx_main_upload_enable | bool
|
||||
or nginx_http_upload_enable | bool
|
||||
or nginx_stream_upload_enable | bool
|
||||
or nginx_html_upload_enable | bool
|
||||
or nginx_ssl_upload_enable | bool
|
||||
tags: nginx_upload_config
|
||||
|
||||
- name: "(Config: All OSs) Create NGINX Config"
|
||||
include_tasks: "{{ role_path }}/tasks/conf/template-config.yml"
|
||||
when: nginx_main_template_enable
|
||||
or nginx_http_template_enable
|
||||
or nginx_stream_template_enable
|
||||
or nginx_rest_api_enable
|
||||
when: nginx_main_template_enable | bool
|
||||
or nginx_http_template_enable | bool
|
||||
or nginx_stream_template_enable | bool
|
||||
or nginx_rest_api_enable | bool
|
||||
tags: nginx_template_config
|
||||
when: nginx_configure | bool
|
||||
|
||||
|
@ -24,5 +24,5 @@
|
||||
loop:
|
||||
- load_module modules/ngx_http_geoip_module.so;
|
||||
- load_module modules/ngx_stream_geoip_module.so;
|
||||
when: not nginx_main_template_enable
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
@ -16,5 +16,5 @@
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_http_image_filter_module.so;
|
||||
when: not nginx_main_template_enable
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
@ -19,5 +19,5 @@
|
||||
loop:
|
||||
- load_module modules/ngx_http_js_module.so;
|
||||
- load_module modules/ngx_stream_js_module.so;
|
||||
when: not nginx_main_template_enable
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
@ -21,5 +21,5 @@
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_http_perl_module.so;
|
||||
when: not nginx_main_template_enable
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
@ -9,5 +9,5 @@
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_rtmp_module.so;
|
||||
when: not nginx_main_template_enable
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
@ -9,5 +9,5 @@
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_http_modsecurity_module.so;
|
||||
when: not nginx_main_template_enable
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
@ -16,5 +16,5 @@
|
||||
path: /etc/nginx/nginx.conf
|
||||
insertbefore: BOF
|
||||
line: load_module modules/ngx_http_xslt_filter_module.so;
|
||||
when: not nginx_main_template_enable
|
||||
when: not nginx_main_template_enable | bool
|
||||
notify: "(Handler: All OSs) Reload NGINX"
|
||||
|
@ -12,7 +12,7 @@
|
||||
creates: /usr/ports
|
||||
when:
|
||||
- ansible_system == "FreeBSD"
|
||||
- nginx_bsd_update_ports
|
||||
- nginx_bsd_update_ports | bool
|
||||
|
||||
- name: "(Install: FreeBSD)"
|
||||
block:
|
||||
@ -20,7 +20,7 @@
|
||||
pkgng:
|
||||
name: "www/nginx{{ nginx_version | default('') }}"
|
||||
state: "{{ nginx_state }}"
|
||||
when: nginx_bsd_install_packages
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: FreeBSD) Install NGINX Port"
|
||||
@ -28,7 +28,7 @@
|
||||
name: "www/nginx{{ nginx_version | default('') }}"
|
||||
use_packages: "{{ nginx_bsd_portinstall_use_packages | default(omit) }}"
|
||||
state: "{{ nginx_state }}"
|
||||
when: not nginx_bsd_install_packages
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_system == "FreeBSD"
|
||||
|
||||
@ -39,7 +39,7 @@
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
build: no
|
||||
state: "{{ nginx_state }}"
|
||||
when: nginx_bsd_install_packages
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: OpenBSD) Install NGINX Port"
|
||||
@ -47,7 +47,7 @@
|
||||
name: "nginx{{ nginx_version | default('') }}"
|
||||
build: yes
|
||||
state: "{{ nginx_state }}"
|
||||
when: not nginx_bsd_install_packages
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
when: ansible_system == "OpenBSD"
|
||||
|
||||
@ -55,37 +55,37 @@
|
||||
block:
|
||||
- name: "(Install: NetBSD) Install NGINX Package"
|
||||
command: "pkg_add www/nginx{{ nginx_version | default('') }}"
|
||||
when: nginx_bsd_install_packages
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: NetBSD) Install NGINX Port"
|
||||
fail:
|
||||
msg: "{{ ansible_system }} Install NGINX port not implemented."
|
||||
when: not nginx_bsd_install_packages
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_system == "NetBSD"
|
||||
|
||||
- name: "(Install: DragonFlyBSD)"
|
||||
block:
|
||||
- name: "(Install: DragonFlyBSD) Install NGINX Package"
|
||||
command: "pkg install www/nginx{{ nginx_version | default('') }}"
|
||||
when: nginx_bsd_install_packages
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: DragonFlyBSD) Install NGINX port"
|
||||
fail:
|
||||
msg: "{{ ansible_system }} Install NGINX port not implemented."
|
||||
when: not nginx_bsd_install_packages
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_system == "DragonFlyBSD"
|
||||
|
||||
- name: "(Install: HardenedBSD)"
|
||||
block:
|
||||
- name: "(Install: HardenedBSD) Install NGINX package"
|
||||
command: "pkg install www/nginx{{ nginx_version | default('') }}"
|
||||
when: nginx_bsd_install_packages
|
||||
when: nginx_bsd_install_packages | bool
|
||||
notify: "(Handler: All OSs) Start NGINX"
|
||||
|
||||
- name: "(Install: HardenedBSD) Install NGINX port"
|
||||
fail:
|
||||
msg: "{{ ansible_system }} Install NGINX port not implemented."
|
||||
when: not nginx_bsd_install_packages
|
||||
when: not nginx_bsd_install_packages | bool
|
||||
when: ansible_system == "HardenedBSD"
|
||||
|
@ -4,5 +4,4 @@
|
||||
name:
|
||||
- apt-transport-https
|
||||
- dirmngr
|
||||
- python-apt
|
||||
update_cache: yes
|
||||
|
@ -2,5 +2,5 @@
|
||||
- name: "(Setup: RedHat/CentOS) Setup SELinux"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
|
||||
when:
|
||||
- nginx_selinux
|
||||
- nginx_selinux | bool
|
||||
- ansible_selinux.mode is defined
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: "(Setup: SELinux) Install Required CentOS Dependencies"
|
||||
- name: "(Setup: SELinux) Install Required CentOS/RHEL 6/7 Dependencies"
|
||||
package:
|
||||
name:
|
||||
- policycoreutils-python
|
||||
@ -9,7 +9,7 @@
|
||||
- ansible_os_family == "RedHat"
|
||||
- ansible_distribution_major_version != "8"
|
||||
|
||||
- name: "(Setup: SELinux) Install Required RHEL8 Dependencies"
|
||||
- name: "(Setup: SELinux) Install Required CentOS/RHEL 8 Dependencies"
|
||||
package:
|
||||
name:
|
||||
- selinux-policy-targeted
|
||||
|
@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: "(Setup: Suse) Setup SELinux"
|
||||
- name: "(Setup: SUSE) Setup SELinux"
|
||||
include_tasks: "{{ role_path }}/tasks/prerequisites/setup-selinux.yml"
|
||||
when:
|
||||
- nginx_selinux
|
||||
- nginx_selinux | bool
|
||||
- ansible_selinux.mode is defined
|
||||
|
@ -3,7 +3,7 @@
|
||||
file:
|
||||
path: "{{ nginx_service_overridepath }}"
|
||||
state: directory
|
||||
mode: '0755'
|
||||
mode: 0755
|
||||
|
||||
- name: "(Setup: Linux) Create Override For NGINX Systemd Service"
|
||||
template:
|
||||
@ -11,11 +11,11 @@
|
||||
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: "(Handler: All OSs) systemd daemon-reload"
|
||||
mode: 0644
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
when:
|
||||
- not nginx_service_custom
|
||||
- not nginx_service_clean
|
||||
- not nginx_service_custom | bool
|
||||
- not nginx_service_clean | bool
|
||||
|
||||
- name: "(Setup: Linux) Customize Override For NGINX Systemd Service"
|
||||
copy:
|
||||
@ -23,15 +23,15 @@
|
||||
dest: "{{ nginx_service_overridepath }}/{{ nginx_service_overridefilename }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
notify: "(Handler: All OSs) systemd daemon-reload"
|
||||
mode: 0644
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
when:
|
||||
- nginx_service_custom
|
||||
- not nginx_service_clean
|
||||
- nginx_service_custom | bool
|
||||
- not nginx_service_clean | bool
|
||||
|
||||
- name: "(Setup: Linux) Remove Override For NGINX Systemd Service"
|
||||
file:
|
||||
path: "{{ nginx_service_overridepath }}"
|
||||
state: absent
|
||||
notify: "(Handler: All OSs) systemd daemon-reload"
|
||||
when: nginx_service_clean
|
||||
notify: "(Handler: All OSs) Systemd Daemon-Reload"
|
||||
when: nginx_service_clean | bool
|
||||
|
@ -1,9 +1,9 @@
|
||||
---
|
||||
- include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when:
|
||||
- ansible_os_family == "Debian"
|
||||
or ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "FreeBSD"
|
||||
- name: "(Setup: All OSs) Configure NGINX Unit Repository"
|
||||
include_tasks: "{{ role_path }}/tasks/unit/setup-{{ ansible_os_family | lower }}.yml"
|
||||
when: ansible_os_family == "Debian"
|
||||
or ansible_os_family == "RedHat"
|
||||
or ansible_os_family == "FreeBSD"
|
||||
|
||||
- name: "(Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX Unit"
|
||||
package:
|
||||
@ -19,5 +19,6 @@
|
||||
when: ansible_os_family == "FreeBSD"
|
||||
notify: "(Handler: FreeBSD) Start NGINX Unit"
|
||||
|
||||
- include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
|
||||
when: nginx_unit_modules is defined and nginx_unit_modules
|
||||
- name: "(Install: All OSs) Install NGINX Unit modules"
|
||||
include_tasks: "{{ role_path }}/tasks/unit/install-modules.yml"
|
||||
when: nginx_unit_modules is defined
|
||||
|
@ -95,7 +95,7 @@ clearTimeout(ref);
|
||||
<div id="footer">
|
||||
<div id="center" align="center">
|
||||
Request ID: request_id<br/>
|
||||
© NGINX, Inc. 2018 - 2019
|
||||
© NGINX, Inc. 2018 - <script>document.write(new Date().getFullYear())</script>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
|
Loading…
Reference in New Issue
Block a user