sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove NGINX configuration features from role (#353)

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2020-12-23 15:03:22 +01:00 committed by GitHub
parent 57947a22dd
commit 5e918e61e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
35 changed files with 15 additions and 2437 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/molecule.yml vendored
View File

@ -26,11 +26,6 @@ jobs:
- source
- source_alpine
- source_centos
- stable_push_alpine
- stable_push_centos
- template
- template_alpine
- template_centos
steps:
- name: Check out the codebase
uses: actions/checkout@v2

8
CHANGELOG.md
View File

@ -1,5 +1,11 @@
# Changelog
## 0.19.0 (Unreleased)
BREAKING CHANGES:
**The NGINX configuration functionalities included in this role have been removed as of release 0.19.0.** There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX configuration Ansible role repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on.
## 0.18.2 (December 22, 2020)
ENHANCEMENTS:
@ -23,7 +29,7 @@ Fix issue whereas SELinux state would not be correctly set back to `enforcing` w
BREAKING CHANGES:
**The NGINX Unit functionalities included in this role have been removed as of release 0.18.0.** There now is a separate role to install NGINX Unit available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on.
**The NGINX Unit functionalities included in this role have been removed as of release 0.18.0.** There now is a separate role to install NGINX Unit available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit Ansible role repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on.
## 0.17.4 (November 12, 2020)

8
README.md
View File

@ -14,8 +14,8 @@ This role installs NGINX Open Source, NGINX Plus, or the NGINX Amplify agent on
With the advent of Ansible collections and the release of the [NGINX Core Ansible collection](https://github.com/nginxinc/ansible-collection-nginx), the decision has been made to split this role into three smaller roles and reduce the overhead of this role:
* The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
* **The NGINX configuration functionalities included in this role will be removed in an upcoming release at some stage after December 1st 2020.** There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on.
* **The NGINX Unit functionalities included in this role have been removed as of release 0.18.0.** There now is a separate role to install NGINX Unit available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. This disclaimer will be removed in a future release.
* **The NGINX configuration functionalities included in this role have been removed as of release 0.19.0.** There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX configuration Ansible role repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. This disclaimer will be removed in a future release.
* **The NGINX Unit functionalities included in this role have been removed as of release 0.18.0.** There now is a separate role to install NGINX Unit available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit Ansible role repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. This disclaimer will be removed in a future release.
## Requirements
@ -133,8 +133,6 @@ This role has multiple variables. The descriptions and defaults for all these va
|----|-----------|
|**[`main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/main.yml)**|NGINX installation variables|
|**[`amplify.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/amplify.yml)**|NGINX Amplify agent installation variables|
|**[`template.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/template.yml)**|NGINX configuration templating variables|
|**[`upload.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/upload.yml)**|NGINX configuration/HTML/SSL upload variables|
|**[`linux.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/linux.yml)**|Linux installation variables|
|**[`bsd.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/bsd.yml)**|BSD installation variables|
@ -154,8 +152,6 @@ Working functional playbook examples can be found in the **[`molecule/common/pla
|**[`module_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml)**|Install various NGINX supported modules|
|**[`plus_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/plus_converge.yml)**|Install NGINX Plus and various NGINX Plus supported modules|
|**[`source_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/source_converge.yml)**|Install NGINX from source|
|**[`stable_push_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/stable_push_converge.yml)**|Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance|
|**[`template_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/template_converge.yml)**|Use the NGINX configuration templating variables to create an NGINX configuration file|
Do note that if you install this repository via Ansible Galaxy, you will have to replace the role variable in the sample playbooks from `ansible-role-nginx` to `nginxinc.nginx`.

20
defaults/main/main.yml
View File

@ -8,12 +8,6 @@ nginx_enable: true
# Default is true.
nginx_install: true
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
# Enable NGINX configuration options.
# Variables for these options can be found in `./template.yml` and `./upload.yml`.
# Default is false.
nginx_configure: false
# Start NGINX service.
# Default is true.
nginx_start: true
@ -112,17 +106,3 @@ nginx_modules: []
# - subs-filter # NGINX Plus
# - waf # NGINX Plus
# - xslt
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
# Remove previously existing NGINX configuration files.
# You can specify a list of paths you wish to remove.
# You can also choose whether to recurse through the paths specified.
# Alternatively you can specify the list of files you wish to remove.
# Default is false.
nginx_cleanup_config: false
nginx_cleanup_config_paths:
- directory:
- /etc/nginx/conf.d
recurse: false
# nginx_cleanup_config_files:
# - /etc/nginx/conf.d/default.conf

404
defaults/main/template.yml
View File

@ -1,404 +0,0 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
# Enable creating dynamic templated NGINX HTML demo websites.
nginx_html_demo_template_enable: false
nginx_html_demo_template:
default:
template_file: www/index.html.j2
html_file_name: index.html
html_file_location: /usr/share/nginx/html
web_server_name: Default
# Enable creating dynamic templated NGINX configuration files.
# Defaults are the values found in a fresh NGINX installation.
nginx_main_template_enable: false
nginx_main_template:
template_file: nginx.conf.j2
conf_file_name: nginx.conf
conf_file_location: /etc/nginx/
user: nginx
worker_processes: auto
# worker_rlimit_nofile: 1024
pid: /var/run/nginx.pid
error_log:
location: /var/log/nginx/error.log
level: warn
worker_connections: 1024
http_enable: true
http_settings:
default_type: application/octet-stream
access_log_format:
- name: main
format: |-
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
access_log_location:
- name: main
location: /var/log/nginx/access.log
tcp_nopush: true
tcp_nodelay: true
keepalive_timeout: 65
cache: false
rate_limit: false
keyval: false
# server_tokens: "off"
http_global_autoindex: false
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
# custom_options: []
# http_custom_options: []
# http_custom_includes: []
# events_custom_options: []
stream_enable: false
# stream_custom_options: []
# auth_request_http: /auth
# auth_request_set_http:
# name: $auth_user
# value: $upstream_http_x_user
# Enable creating dynamic templated NGINX HTTP configuration files.
# Defaults will not produce a valid configuration. Instead they are meant to showcase
# the options available for templating. Each key represents a new configuration file.
nginx_http_template_enable: false
nginx_http_template:
default:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
ip: localhost # Wrap in square brackets for IPv6 addresses
port: 8081
ssl: true
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
ssl:
cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
prefer_server_ciphers: true
session_cache: none
session_timeout: 5m
disable_session_tickets: false
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
stapling: true
stapling_verify: true
buffer_size: 16k
ecdh_curve: auto
server_name: localhost
include_files: []
http_error_pages: {}
error_page: /usr/share/nginx/html
access_log:
- name: main
location: /var/log/nginx/access.log
error_log:
location: /var/log/nginx/error.log
level: warn
root: /usr/share/nginx/html
# https_redirect: $host
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
# auth_request: /auth
# auth_request_set:
# name: $auth_user
# value: $upstream_http_x_user
client_max_body_size: 1m
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
# header_name:
# name: Header-X
# value: Value-X
# always: false
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
# custom_options: []
web_server:
locations:
default:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
# header_name:
# name: Header-X
# value: Value-X
# always: false
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
# auth_request: /auth
# auth_request_set:
# name: $auth_user
# value: $upstream_http_x_user
client_max_body_size: 1m
# returns:
# return302:
# code: 302
# url: https://sso.somehost.local/?url=https://$http_host$request_uri
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
# custom_options: []
http_demo_conf: false
reverse_proxy:
locations:
backend:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
# header_name:
# name: Header-X
# value: Value-X
# always: false
proxy_connect_timeout: null
proxy_pass: http://backend
# rewrites:
# - /foo(.*) /$1 break
# proxy_pass_request_body: off
# allows:
# - 192.168.1.0/24
# denies:
# - all
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
# header_upgrade:
# name: Upgrade
# value: $http_upgrade
# header_connection:
# name: Connection
# value: "Upgrade"
# header_random:
# name: RandomName
# value: RandomValue
# internal: false
# proxy_store: off
# proxy_store_acccess: user:rw
proxy_read_timeout: null
proxy_send_timeout: null
proxy_ssl:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_cookie_path:
path: /web/
replacement: /
proxy_buffering: false
proxy_http_version: 1.0
websocket: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
# auth_request: /auth
# auth_request_set:
# name: $auth_user
# value: $upstream_http_x_user
# returns:
# return302:
# code: 302
# url: https://sso.somehost.local/?url=https://$http_host$request_uri
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
# custom_options: []
health_check_plus: false
returns:
return301:
location: /
code: 301
value: http://$host$request_uri
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
upstreams:
upstream1:
name: backend
lb_method: least_conn
zone_name: backend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
server1:
address: localhost
port: 8081
weight: 1
health_check: max_fails=1 fail_timeout=10s
# custom_options: []
# custom_options: []
# Enable NGINX 'stub_status' data.
# Will enable 'stub_status' in NGINX Open Source.
# Note - NGINX Plus 'status' has been deprecated since NGINX Plus R13.
# Use the Rest API parameter instead.
# Default is false.
nginx_status_enable: false
nginx_status_template_file: http/status.conf.j2
nginx_status_file_location: /etc/nginx/conf.d/status.conf
nginx_status_log: false
nginx_status_port: 80
nginx_status_allow: 127.0.0.1
nginx_status_deny: all
# Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard.
# Requires NGINX Plus.
# Default is false.
nginx_rest_api_enable: false
nginx_rest_api_template_file: http/api.conf.j2
nginx_rest_api_file_location: /etc/nginx/conf.d/api.conf
nginx_rest_api_log: false
nginx_rest_api_port: 80
nginx_rest_api_write: false
nginx_rest_api_dashboard: false
nginx_status_rest_api_allow: 127.0.0.1
nginx_status_rest_api_deny: all
nginx_status_rest_api_dashboard_allow: 127.0.0.1
nginx_status_rest_api_dashboard_deny: all
# Enable creating dynamic templated NGINX stream configuration files.
# Defaults will not produce a valid configuration. Instead they are meant to showcase
# the options available for templating. Each key represents a new configuration file.
nginx_stream_template_enable: false
nginx_stream_template:
default:
template_file: stream/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/stream/
network_streams:
default:
listen:
listen_localhost:
ip: 0.0.0.0 # Wrap in square brackets for IPv6 addresses
port: 80
ssl: false
opts: [] # Listen opts like udp which will be added (ssl is automatically added if you specify 'ssl:').
ssl:
cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
prefer_server_ciphers: true
session_cache: none
session_timeout: 5m
disable_session_tickets: false
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
ecdh_curve: auto
include_files: []
proxy_pass: backend
proxy_timeout: 3s
proxy_connect_timeout: 1s
proxy_protocol: false
proxy_ssl:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
health_check_plus: false
# custom_options: []
upstreams:
upstream1:
name: backend
lb_method: least_conn
zone_name: backend
zone_size: 64k
sticky_cookie: false
servers:
server1:
address: localhost
port: 8080
weight: 1
health_check: max_fails=1 fail_timeout=10s
# custom_options: []
# custom_options: []

27
defaults/main/upload.yml
View File

@ -1,27 +0,0 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
# Enable uploading NGINX configuration files to your system.
# Default for uploading files is false.
# Default location of files is the files folder within the NGINX Ansible role.
# Upload the main NGINX configuration file.
nginx_main_upload_enable: false
nginx_main_upload_src: conf/nginx.conf
nginx_main_upload_dest: /etc/nginx/
# Upload HTTP NGINX configuration files.
nginx_http_upload_enable: false
nginx_http_upload_src: conf/http/*.conf
nginx_http_upload_dest: /etc/nginx/conf.d/
# Upload Stream NGINX configuration files.
nginx_stream_upload_enable: false
nginx_stream_upload_src: conf/stream/*.conf
nginx_stream_upload_dest: /etc/nginx/conf.d/
# Upload HTML files.
nginx_html_upload_enable: false
nginx_html_upload_src: www/*
nginx_html_upload_dest: /usr/share/nginx/html
# Upload SSL certificates and keys.
nginx_ssl_upload_enable: false
nginx_ssl_crt_upload_src: ssl/*.crt
nginx_ssl_crt_upload_dest: /etc/ssl/certs/
nginx_ssl_key_upload_src: ssl/*.key
nginx_ssl_key_upload_dest: /etc/ssl/private/

0
files/conf/http/.gitkeep
View File

0
files/conf/stream/.gitkeep
View File

0
files/ssl/.gitkeep
View File

0
files/www/.gitkeep
View File

4
molecule/common/Dockerfile.j2
View File

@ -21,11 +21,11 @@ RUN \
&& apt-get clean; \
elif [ $(command -v dnf) ]; then \
dnf makecache \
&& dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \
&& dnf --assumeyes install bash iproute sudo /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \
&& dnf clean all; \
elif [ $(command -v yum) ]; then \
yum makecache fast \
&& yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \
&& yum install -y bash iproute sudo /usr/bin/python /usr/bin/python2-config vim yum-plugin-ovl \
&& sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \
&& yum clean all; \
elif [ $(command -v zypper) ]; then \

44
molecule/common/files/http/default.conf
View File

@ -1,44 +0,0 @@
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

31
molecule/common/files/nginx.conf
View File

@ -1,31 +0,0 @@
user nginx;
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

9
molecule/common/playbooks/module_converge.yml
View File

@ -15,15 +15,6 @@
- 80
- 443
nginx_configure: true
nginx_cleanup_config: true
nginx_cleanup_config_paths:
- directory:
- /etc/nginx/conf.d
recurse: false
nginx_cleanup_config_files:
- /etc/nginx/conf.d/default.conf
nginx_modules:
- brotli
- geoip

10
molecule/common/playbooks/module_verify.yml
View File

@ -18,9 +18,7 @@
register: service
failed_when: (service is changed) or (service is failed)
- name: Check default.conf does not exist
stat:
path: /etc/nginx/conf.d/default.conf
check_mode: yes
register: stat_result
failed_when: stat_result.stat.exists
- name: Verify NGINX is up and running
uri:
url: http://localhost
status_code: 200

15
molecule/common/playbooks/stable_push_converge.yml
View File

@ -1,15 +0,0 @@
---
- name: Converge
hosts: all
tasks:
- name: Push NGINX config
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_branch: stable
nginx_main_upload_enable: true
nginx_main_upload_src: ../files/nginx.conf
nginx_http_upload_enable: true
nginx_http_upload_src: ../files/http/*.conf

40
molecule/common/playbooks/stable_push_verify.yml
View File

@ -1,40 +0,0 @@
---
- name: Verify
hosts: all
tasks:
- name: Check if NGINX is installed
package:
name: nginx
check_mode: yes
register: install
failed_when: (install is changed) or (install is failed)
- name: Check if NGINX service is running
service:
name: nginx
state: started
enabled: yes
check_mode: yes
register: service
failed_when: (service is changed) or (service is failed)
- name: Verify NGINX is up and running
uri:
url: http://localhost
status_code: 200
- name: Check default.conf exists
stat:
path: /etc/nginx/conf.d/default.conf
check_mode: yes
register: stat_result
failed_when: not stat_result.stat.exists
- name: Ensure default.conf contains 'location /'
lineinfile:
path: /etc/nginx/conf.d/default.conf
line: " location / {"
state: present
check_mode: yes
register: conf
failed_when: (conf is changed) or (conf is failed)

387
molecule/common/playbooks/template_converge.yml
View File

@ -1,387 +0,0 @@
---
- name: Converge
hosts: all
tasks:
- name: Configure NGINX
include_role:
name: ansible-role-nginx
vars:
nginx_debug_output: true
nginx_configure: true
nginx_main_template_enable: true
nginx_main_template:
template_file: nginx.conf.j2
conf_file_name: nginx.conf
conf_file_location: /etc/nginx/
user: nginx
worker_processes: auto
pid: /var/run/nginx.pid
error_log:
location: /var/log/nginx/error.log
level: warn
worker_connections: 1024
http_enable: true
http_settings:
default_type: application/octet-stream
access_log_format:
- name: main
format: |
'$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
access_log_location:
- name: main
location: /var/log/nginx/access.log
keepalive_timeout: 65
cache: false
rate_limit: false
keyval: false
server_tokens: "off"
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
http_global_autoindex: false
custom_options:
- master_process on;
http_custom_options:
- aio off;
http_custom_includes:
- "/etc/nginx/sites-enabled/*.conf"
events_custom_options:
- accept_mutex off;
stream_enable: true
nginx_status_enable: true
nginx_status_port: 8080
nginx_status_log: true
nginx_http_template_enable: true
nginx_http_template:
app:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
http_error_pages:
404: /404.html
error_page: /usr/share/nginx/html
client_max_body_size: 512k
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
# custom_options: []
reverse_proxy:
locations:
frontend:
location: /
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
another_header:
name: Fancy-New-Header-To-Test
value: testing=true
always: false
proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/frontend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_redirect: false
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_buffering: false
client_max_body_size: 5m
sub_filter:
# sub_filters: []
last_modified: "off"
once: "on"
types: "text/html"
backend:
location: /backend
proxy_pass: http://backend_servers/
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- time: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
proxy_redirect: default
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_cookie_path:
path: /web/
replacement: /
returns:
return301:
location: ^~ /old-path
code: 301
value: http://$host/new-path
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend
keys_zone:
name: frontend_proxy_cache
size: 5m
levels: "1:2"
max_size: 5g
inactive: 30m
use_temp_path: true
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
upstreams:
frontend_upstream:
name: frontend_servers
lb_method: least_conn
zone_name: frontend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
frontend_server_1:
address: 0.0.0.0
port: 8081
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_upstream:
name: backend_servers
lb_method: least_conn
zone_name: backend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8082
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_server_2:
address: unix:/var/run/control.unit.sock
weight: 1
health_check: max_fails=3 fail_timeout=5s
backend_server_3:
address: 0.0.0.0
port: 8083
down: true
frontend:
template_file: http/default.conf.j2
conf_file_name: frontend_default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
sub_filter:
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
last_modified: "off"
once: "off"
types: "text/html"
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html
autoindex: false
sub_filter:
# sub_filters: []
last_modified: "off"
once: "off"
types: "text/html"
http_demo_conf: false
backend:
template_file: http/default.conf.j2
conf_file_name: backend_default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
server1:
listen:
listen_localhost:
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
sub_filter:
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
last_modified: "off"
once: "off"
types: "text/html"
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: backend_index.html
autoindex: false
php:
location: ~ \.php$
html_file_location: /usr/share/nginx/html
autoindex: false
custom_options:
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- fastcgi_pass unix:/run/php/php7.2-fpm.sock;
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
sub_filter:
# sub_filters: []
last_modified: "off"
once: "off"
types: "text/html"
http_demo_conf: false
nginx_html_demo_template_enable: true
nginx_html_demo_template:
frontend:
template_file: www/index.html.j2
html_file_name: frontend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Frontend
backend:
template_file: www/index.html.j2
html_file_name: backend_index.html
html_file_location: /usr/share/nginx/html
web_server_name: Backend
nginx_stream_template_enable: true
nginx_stream_template:
default:
template_file: stream/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/stream
network_streams:
app:
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- udp
proxy_pass: backend
proxy_timeout: 3s
proxy_connect_timeout: 1s
proxy_protocol: false
health_check_plus: false
upstreams:
backend_upstream:
name: backend
lb_method: least_conn
zone_name: backend
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: 0.0.0.0
port: 8091
weight: 1
health_check: max_fails=1 fail_timeout=10s
backend_server_2:
address: 0.0.0.0
port: 8092
down: true

72
molecule/common/playbooks/template_verify.yml
View File

@ -1,72 +0,0 @@
---
- name: Verify
hosts: all
tasks:
- name: Check if NGINX is installed
package:
name: nginx
check_mode: yes
register: install
failed_when: (install is changed) or (install is failed)
- name: Check if NGINX service is running
service:
name: nginx
state: started
enabled: yes
check_mode: yes
register: service
failed_when: (service is changed) or (service is failed)
- name: Verify NGINX is up and running
uri:
url: http://localhost
status_code: 200
- name: Check default.conf exists
stat:
path: /etc/nginx/conf.d/default.conf
check_mode: yes
register: stat_result
failed_when: not stat_result.stat.exists
- name: Check frontend_default.conf exists
stat:
path: /etc/nginx/conf.d/frontend_default.conf
check_mode: yes
register: stat_result
failed_when: not stat_result.stat.exists
- name: Check backend_default.conf exists
stat:
path: /etc/nginx/conf.d/backend_default.conf
check_mode: yes
register: stat_result
failed_when: not stat_result.stat.exists
- name: Ensure default.conf contains 'location /'
lineinfile:
path: /etc/nginx/conf.d/default.conf
line: " location / {"
state: present
check_mode: yes
register: conf
failed_when: (conf is changed) or (conf is failed)
- name: Ensure default.conf contains 'location /backend'
lineinfile:
path: /etc/nginx/conf.d/default.conf
line: " location /backend {"
state: present
check_mode: yes
register: conf
failed_when: (conf is changed) or (conf is failed)
- name: Ensure default.conf contains 'client_max_body_size 512k;'
lineinfile:
path: /etc/nginx/conf.d/default.conf
line: " client_max_body_size 512k;"
state: present
check_mode: yes
register: conf
failed_when: (conf is changed) or (conf is failed)

48
molecule/stable_push/molecule.yml
View File

@ -1,48 +0,0 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: debian-stretch
image: debian:stretch-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-xenial
image: ubuntu:xenial
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-bionic
image: ubuntu:bionic
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-focal
image: ubuntu:focal
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/stable_push_converge.yml
verify: ../common/playbooks/stable_push_verify.yml

34
molecule/stable_push_alpine/molecule.yml
View File

@ -1,34 +0,0 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: alpine-3.10
image: alpine:3.10
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.11
image: alpine:3.11
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.12
image: alpine:3.12
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/stable_push_converge.yml
verify: ../common/playbooks/stable_push_verify.yml

27
molecule/stable_push_centos/molecule.yml
View File

@ -1,27 +0,0 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: centos-7
image: centos:7
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-8
image: centos:8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/stable_push_converge.yml
verify: ../common/playbooks/stable_push_verify.yml

48
molecule/template/molecule.yml
View File

@ -1,48 +0,0 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: debian-stretch
image: debian:stretch-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: debian-buster
image: debian:buster-slim
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-xenial
image: ubuntu:xenial
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-bionic
image: ubuntu:bionic
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: ubuntu-focal
image: ubuntu:focal
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/template_converge.yml
verify: ../common/playbooks/template_verify.yml

34
molecule/template_alpine/molecule.yml
View File

@ -1,34 +0,0 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: alpine-3.10
image: alpine:3.10
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.11
image: alpine:3.11
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
- name: alpine-3.12
image: alpine:3.12
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/template_converge.yml
verify: ../common/playbooks/template_verify.yml

27
molecule/template_centos/molecule.yml
View File

@ -1,27 +0,0 @@
---
driver:
name: docker
lint: |
set -e
yamllint .
ansible-lint --force-color
platforms:
- name: centos-7
image: centos:7
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
- name: centos-8
image: centos:8
dockerfile: ../common/Dockerfile.j2
privileged: true
volumes:
- "/sys/fs/cgroup:/sys/fs/cgroup:rw"
command: "/usr/sbin/init"
provisioner:
name: ansible
playbooks:
converge: ../common/playbooks/template_converge.yml
verify: ../common/playbooks/template_verify.yml

21
tasks/config/cleanup-config.yml
View File

@ -1,21 +0,0 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
- name: Deprecation warning
debug:
msg: DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
- name: (DEPRECATED) Find NGINX Configuration Files
find:
paths: "{{ item.directory }}"
patterns: "*.conf"
recurse: "{{ item.recurse | default(false) }}"
loop: "{{ nginx_cleanup_config_paths }}"
when: nginx_cleanup_config_paths is defined
register: nginx_config_files
- name: (DEPRECATED) Remove NGINX Configuration Files
file:
path: "{{ item }}"
state: absent
loop: "{{ nginx_config_files.results | default('') | map(attribute='files') | sum(start=[]) | map(attribute='path') | list
+ nginx_cleanup_config_files | default('') }}"

104
tasks/config/template-config.yml
View File

@ -1,104 +0,0 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
- name: Deprecation warning
debug:
msg: DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
- name: (DEPRECATED) Ensure HTML Directory Exists
file:
path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
state: directory
mode: 0755
with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool
- name: (DEPRECATED) Dynamically Generate HTML Files
template:
src: "{{ item.value.template_file | default('www/index.html.j2') }}"
dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
backup: yes
mode: 0644
with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable | bool
- name: (DEPRECATED) Ensure NGINX Main Directory Exists
file:
path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
state: directory
mode: 0755
when: nginx_main_template_enable | bool
- name: (DEPRECATED) Dynamically Generate NGINX Main Configuration File
template:
src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
backup: yes
mode: 0644
when: nginx_main_template_enable | bool
notify: "(Handler) Run NGINX"
- name: (DEPRECATED) Ensure NGINX HTTP Directory Exists
file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool
- name: (DEPRECATED) Ensure NGINX Proxy Cache Directories Exist
file:
path: "{{ item.1.path }}"
state: directory
owner: "{{ nginx_main_template.user | default('nginx') }}"
mode: 0755
with_subelements:
- "{{ nginx_http_template }}"
- proxy_cache.proxy_cache_path
- skip_missing: yes
when: nginx_http_template_enable | bool
- name: (DEPRECATED) Dynamically Generate NGINX HTTP Configuration Files
template:
src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
backup: yes
mode: 0644
with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable | bool
notify: (Handler) Run NGINX
- name: (DEPRECATED) Dynamically Generate NGINX Stub Status Configuration File
template:
src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}"
dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
backup: yes
mode: 0644
when: nginx_status_enable | bool
notify: (Handler) Run NGINX
- name: (DEPRECATED) Dynamically Generate NGINX API Configuration File
template:
src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}"
dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
backup: yes
mode: 0644
when: nginx_rest_api_enable | bool
notify: (Handler) Run NGINX
- name: (DEPRECATED) Ensure NGINX Stream Directory Exists
file:
path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
state: directory
mode: 0755
with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool
- name: (DEPRECATED) Dynamically Generate NGINX Stream Configuration Files
template:
src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
backup: yes
mode: 0644
with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable | bool
notify: (Handler) Run NGINX

107
tasks/config/upload-config.yml
View File

@ -1,107 +0,0 @@
## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
---
- name: Deprecation warning
debug:
msg: DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config)
- name: (DEPRECATED) Ensure NGINX HTML Directory Exists
file:
path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
state: directory
mode: 0755
when: nginx_html_upload_enable | bool
- name: (DEPRECATED) Upload NGINX HTML Files
copy:
src: "{{ item }}"
dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
backup: yes
mode: 0644
with_fileglob: "{{ nginx_html_upload_src }}"
when: nginx_html_upload_enable | bool
notify: (Handler) Run NGINX
- name: (DEPRECATED) Ensure NGINX Main Directory Exists
file:
path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
state: directory
mode: 0755
when: nginx_main_upload_enable | bool
- name: (DEPRECATED) Upload NGINX Main Configuration File
copy:
src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
backup: yes
mode: 0644
when: nginx_main_upload_enable | bool
notify: "(Handler) Run NGINX"
- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists"
file:
path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
when: nginx_http_upload_enable | bool
- name: (DEPRECATED) Upload NGINX HTTP Configuration Files
copy:
src: "{{ item }}"
dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
backup: yes
mode: 0644
with_fileglob: "{{ nginx_http_upload_src }}"
when: nginx_http_upload_enable | bool
notify: (Handler) Run NGINX
- name: (DEPRECATED) Ensure NGINX Stream Directory Exists
file:
path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory
mode: 0755
when: nginx_stream_upload_enable | bool
- name: (DEPRECATED) Upload NGINX Stream Configuration Files
copy:
src: "{{ item }}"
dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
backup: yes
mode: 0644
with_fileglob: "{{ nginx_stream_upload_src }}"
when: nginx_stream_upload_enable | bool
notify: (Handler) Run NGINX
- name: (DEPRECATED) Ensure SSL Certificate Directory Exists
file:
path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
state: directory
mode: 0755
when: nginx_ssl_upload_enable | bool
- name: (DEPRECATED) Ensure SSL Key Directory Exists
file:
path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
state: directory
mode: 0755
when: nginx_ssl_upload_enable | bool
- name: (DEPRECATED) Upload NGINX SSL Certificates
copy:
src: "{{ item }}"
dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
decrypt: yes
backup: yes
mode: 0640
with_fileglob: "{{ nginx_ssl_crt_upload_src }}"
when: nginx_ssl_upload_enable | bool
- name: (DEPRECATED) Upload NGINX SSL Keys
copy:
src: "{{ item }}"
dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
decrypt: yes
backup: yes
mode: 0640
with_fileglob: "{{ nginx_ssl_key_upload_src }}"
no_log: yes
when: nginx_ssl_upload_enable | bool

25
tasks/main.yml
View File

@ -65,31 +65,6 @@
when: nginx_install | bool
tags: nginx_install
- name: (DEPRECATED) Configure NGINX
block:
- name: (DEPRECATED) Cleanup NGINX Config
include_tasks: "{{ role_path }}/tasks/config/cleanup-config.yml"
when: nginx_cleanup_config | bool
tags: nginx_cleanup_config
- name: (DEPRECATED) Upload NGINX Config
include_tasks: "{{ role_path }}/tasks/config/upload-config.yml"
when: nginx_main_upload_enable | bool
or nginx_http_upload_enable | bool
or nginx_stream_upload_enable | bool
or nginx_html_upload_enable | bool
or nginx_ssl_upload_enable | bool
tags: nginx_upload_config
- name: (DEPRECATED) Create NGINX Config
include_tasks: "{{ role_path }}/tasks/config/template-config.yml"
when: nginx_main_template_enable | bool
or nginx_http_template_enable | bool
or nginx_stream_template_enable | bool
or nginx_rest_api_enable | bool
tags: nginx_template_config
when: nginx_configure | bool
- name: Ensure NGINX is running
meta: flush_handlers

31
templates/http/api.conf.j2
View File

@ -1,31 +0,0 @@
{# DEPRECATED #}
{{ ansible_managed | comment }}
server {
listen {{ nginx_rest_api_port | default('80') }};
access_log {{ nginx_rest_api_log | ternary('on', 'off') }};
location /api {
{% if nginx_rest_api_write %}
api write=on;
{% else %}
api;
{% endif %}
{% if nginx_status_rest_api_allow is defined %}
allow {{ nginx_status_rest_api_allow }};
{% endif %}
{% if nginx_status_rest_api_deny is defined %}
deny {{ nginx_status_rest_api_deny }};
{% endif %}
}
{% if nginx_rest_api_dashboard %}
location = /dashboard.html {
root /usr/share/nginx/html;
{% if nginx_status_rest_api_dashboard_allow is defined %}
allow {{ nginx_status_rest_api_dashboard_allow }};
{% endif %}
{% if nginx_status_rest_api_dashboard_deny is defined %}
deny {{ nginx_status_rest_api_dashboard_deny }};
{% endif %}
}
{% endif %}
}

505
templates/http/default.conf.j2
View File

@ -1,505 +0,0 @@
{# DEPRECATED #}
{{ ansible_managed | comment }}
{% if item.value.upstreams is defined and item.value.upstreams %}
{% for upstream in item.value.upstreams %}
upstream {{ item.value.upstreams[upstream].name }} {
{% if item.value.upstreams[upstream].lb_method is defined and item.value.upstreams[upstream].lb_method | length %}
{{ item.value.upstreams[upstream].lb_method }};
{% endif %}
{% if item.value.upstreams[upstream].zone_name is defined and item.value.upstreams[upstream].zone_name %}
zone {{ item.value.upstreams[upstream].zone_name }} {{ item.value.upstreams[upstream].zone_size }};
{% endif %}
{% for server in item.value.upstreams[upstream].servers %}
server {{ item.value.upstreams[upstream].servers[server].address }}{{(":" + item.value.upstreams[upstream].servers[server].port | string) if item.value.upstreams[upstream].servers[server].port is defined}} {% if item.value.upstreams[upstream].servers[server].down is defined and item.value.upstreams[upstream].servers[server].down %}down{% else %}weight={{ item.value.upstreams[upstream].servers[server].weight | default("1") }} {{ item.value.upstreams[upstream].servers[server].health_check | default("") }}{% endif %};
{% endfor %}
{% if item.value.upstreams[upstream].sticky_cookie %}
sticky cookie srv_id expires=1h path=/;
{% endif %}
{% if item.value.upstreams[upstream].custom_options is defined and item.value.upstreams[upstream].custom_options | length %}
{% for inline_option in item.value.upstreams[upstream].custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
{% if item.value.proxy_cache is defined and item.value.proxy_cache %}
{% if item.value.proxy_cache.proxy_cache_path is defined and item.value.proxy_cache.proxy_cache_path %}
{% for proxy_cache_path in item.value.proxy_cache.proxy_cache_path %}
proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
{% endfor %}
{% if item.value.proxy_cache.proxy_cache_background_update is defined and item.value.proxy_cache.proxy_cache_background_update%}
proxy_cache_background_update {{ item.value.proxy_cache.proxy_cache_background_update | ternary("on", "off") }};
{% endif %}
{% if item.value.proxy_cache.proxy_cache_lock is defined and item.value.proxy_cache.proxy_cache_lock %}
proxy_cache_lock {{ item.value.proxy_cache.proxy_cache_lock | ternary("on", "off") }};
{% endif %}
{% if item.value.proxy_cache.proxy_cache_min_uses is defined and item.value.proxy_cache.proxy_cache_min_uses %}
proxy_cache_min_uses {{ item.value.proxy_cache.proxy_cache_min_uses }};
{% endif %}
{% if item.value.proxy_cache.proxy_cache_revalidate is defined and item.value.proxy_cache.proxy_cache_revalidate %}
proxy_cache_revalidate {{ item.value.proxy_cache.proxy_cache_revalidate | ternary("on", "off") }};
{% endif %}
{% if item.value.proxy_cache.proxy_cache_use_stale is defined and item.value.proxy_cache.proxy_cache_use_stale %}
proxy_cache_use_stale {{ item.value.proxy_cache.proxy_cache_use_stale | join(" ") }};
{% endif %}
{% if item.value.proxy_cache.proxy_ignore_headers is defined and item.value.proxy_cache.proxy_ignore_headers %}
proxy_ignore_headers {{ item.value.proxy_cache.proxy_ignore_headers | join(" ") }};
{% endif %}
{% if item.value.proxy_cache.proxy_temp_path is defined and item.value.proxy_cache.proxy_temp_path.path %}
proxy_temp_path {{ item.value.proxy_cache.proxy_temp_path.path }} {{ item.value.proxy_cache.proxy_temp_path.level_1 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_2 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_3 | default("") }};
{% endif %}
{% if item.value.proxy_cache.proxy_cache_valid is defined %}
{% for proxy_cache_valid in item.value.proxy_cache.proxy_cache_valid %}
{% if proxy_cache_valid.code is defined %}
proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
proxy_cache_valid {{ proxy_cache_valid.time }};
{% endif %}
{% endfor %}
{% endif %}
{% endif %}
{% endif %}
{% if item.value.auth_request_http is defined %}
auth_request {{ item.value.auth_request_http }};
{% endif %}
{% if item.value.auth_request_set_http is defined %}
auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }};
{% endif %}
{% if item.value.custom_options is defined and item.value.custom_options | length %}
{% for inline_option in item.value.custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
{% if item.value.servers is defined %}
{% for server in item.value.servers %}
server {
{% for listen in item.value.servers[server].listen %}
listen {% if item.value.servers[server].listen[listen].ip is defined and item.value.servers[server].listen[listen].ip | length %}{{ item.value.servers[server].listen[listen].ip }}:{% endif %}{{ item.value.servers[server].listen[listen].port }}{% if item.value.servers[server].listen[listen].ssl is defined and item.value.servers[server].listen[listen].ssl %} ssl{% endif %}{% if item.value.servers[server].listen[listen].opts is defined and item.value.servers[server].listen[listen].opts | length %} {{ item.value.servers[server].listen[listen].opts | join(" ") }}{% endif %};
{% endfor %}
server_name {{ item.value.servers[server].server_name | default('localhost') }};
{% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %}
ssl_certificate {{ item.value.servers[server].ssl.cert }};
ssl_certificate_key {{ item.value.servers[server].ssl.key }};
{% if item.value.servers[server].ssl.trusted_cert is defined %}
ssl_trusted_certificate {{ item.value.servers[server].ssl.trusted_cert }};
{% endif %}
{% if item.value.servers[server].ssl.dhparam is defined %}
ssl_dhparam {{ item.value.servers[server].ssl.dhparam }};
{% endif %}
{% if item.value.servers[server].ssl.protocols is defined and item.value.servers[server].ssl.protocols %}
ssl_protocols {{ item.value.servers[server].ssl.protocols }};
{% endif %}
{% if item.value.servers[server].ssl.ciphers is defined and item.value.servers[server].ssl.ciphers %}
ssl_ciphers {{ item.value.servers[server].ssl.ciphers }};
{% endif %}
{% if item.value.servers[server].ssl.prefer_server_ciphers is defined and item.value.servers[server].ssl.prefer_server_ciphers %}
ssl_prefer_server_ciphers on;
{% endif %}
{% if item.value.servers[server].ssl.session_cache is defined and item.value.servers[server].ssl.session_cache %}
ssl_session_cache {{ item.value.servers[server].ssl.session_cache }};
{% endif %}
{% if item.value.servers[server].ssl.session_timeout is defined and item.value.servers[server].ssl.session_timeout %}
ssl_session_timeout {{ item.value.servers[server].ssl.session_timeout }};
{% endif %}
{% if item.value.servers[server].ssl.disable_session_tickets is defined and item.value.servers[server].ssl.disable_session_tickets %}
ssl_session_tickets off;
{% endif %}
{% if item.value.servers[server].ssl.stapling is defined and item.value.servers[server].ssl.stapling %}
ssl_stapling on;
{% endif %}
{% if item.value.servers[server].ssl.stapling_verify is defined and item.value.servers[server].ssl.stapling_verify %}
ssl_stapling_verify on;
{% endif %}
{% if item.value.servers[server].ssl.ecdh_curve is defined and item.value.servers[server].ssl.ecdh_curve %}
ssl_ecdh_curve {{ item.value.servers[server].ssl.ecdh_curve }};
{% endif %}
{% if item.value.servers[server].ssl.buffer_size is defined and item.value.servers[server].ssl.buffer_size %}
ssl_buffer_size {{ item.value.servers[server].ssl.buffer_size }};
{% endif %}
{% endif %}
{% if item.value.servers[server].include_files is defined and item.value.servers[server].include_files | length %}
{% for file in item.value.servers[server].include_files %}
include "{{ file }}";
{% endfor %}
{% endif %}
{% if item.value.servers[server].proxy_hide_headers is defined %}
{% for header in item.value.servers[server].proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].add_headers is defined %}
{% for header in item.value.servers[server].add_headers %}
add_header {{ item.value.servers[server].add_headers[header].name }} "{{ item.value.servers[server].add_headers[header].value }}"{% if item.value.servers[server].add_headers[header].always is defined and item.value.servers[server].add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.servers[server].auth_basic is defined and item.value.servers[server].auth_basic %}
auth_basic "{{ item.value.servers[server].auth_basic }}";
{% endif %}
{% if item.value.servers[server].auth_basic_user_file is defined and item.value.servers[server].auth_basic_user_file %}
auth_basic_user_file {{ item.value.servers[server].auth_basic_user_file }};
{% endif %}
{% if item.value.servers[server].root is defined and item.value.servers[server].root %}
root {{ item.value.servers[server].root }};
{% endif %}
{% if item.value.servers[server].https_redirect is defined and item.value.servers[server].https_redirect %}
return 301 https://{{ item.value.servers[server].https_redirect }}$request_uri;
{% endif %}
{% if item.value.servers[server].autoindex is defined and item.value.servers[server].autoindex %}
autoindex on;
{% endif %}
{% if item.value.servers[server].try_files is defined %}
try_files {{ item.value.servers[server].try_files }};
{% endif %}
{% if item.value.servers[server].auth_request is defined %}
auth_request {{ item.value.servers[server].auth_request }};
{% endif %}
{% if item.value.servers[server].auth_request_set is defined %}
auth_request_set {{ item.value.servers[server].auth_request_set.name }} {{ item.value.servers[server].auth_request_set.value }};
{% endif %}
{% if item.value.servers[server].client_max_body_size is defined and item.value.servers[server].client_max_body_size %}
client_max_body_size {{ item.value.servers[server].client_max_body_size }};
{% endif %}
{% if item.value.servers[server].sub_filter.sub_filters is defined and item.value.servers[server].sub_filter.sub_filters | length %}
{% for sub_filter in item.value.servers[server].sub_filter.sub_filters %}
sub_filter {{ sub_filter }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].sub_filter.last_modified is defined %}
sub_filter_last_modified {{ item.value.servers[server].sub_filter.last_modified | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].sub_filter.once is defined %}
sub_filter_once {{ item.value.servers[server].sub_filter.once | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].sub_filter.types is defined and item.value.servers[server].sub_filter.types %}
sub_filter_types {{ item.value.servers[server].sub_filter.types }};
{% endif %}
{% if item.value.servers[server].custom_options is defined and item.value.servers[server].custom_options | length %}
{% for inline_option in item.value.servers[server].custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy is defined and item.value.servers[server].reverse_proxy %}
{% for location in item.value.servers[server].reverse_proxy.locations %}
location {{ item.value.servers[server].reverse_proxy.locations[location].location }} {
{% if item.value.servers[server].reverse_proxy.locations[location].internal is sameas true %}
internal;
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].include_files is defined and item.value.servers[server].reverse_proxy.locations[location].include_files | length %}
{% for file in item.value.servers[server].reverse_proxy.locations[location].include_files %}
include "{{ file }}";
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers is defined %}
{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].add_headers is defined %}
{% for header in item.value.servers[server].reverse_proxy.locations[location].add_headers %}
add_header {{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always is defined and item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].auth_request is defined %}
auth_request {{ item.value.servers[server].reverse_proxy.locations[location].auth_request }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].auth_request_set is defined %}
auth_request_set {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.value }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic %}
auth_basic "{{ item.value.servers[server].reverse_proxy.locations[location].auth_basic }}";
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file %}
auth_basic_user_file {{ item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].returns is defined %}
{% for code in item.value.servers[server].reverse_proxy.locations[location].returns %}
{% if item.value.servers[server].reverse_proxy.locations[location].returns[code] is defined %}
return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].code }} {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }};
{% else %}
return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }};
{% endif %}
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout %}
proxy_connect_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout }};
{% endif %}
proxy_pass {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass }};
{% if item.value.servers[server].reverse_proxy.locations[location].rewrites is defined %}
{% for rewrite in item.value.servers[server].reverse_proxy.locations[location].rewrites %}
rewrite {{ rewrite }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout %}
proxy_read_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout %}
proxy_send_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body is defined %}
proxy_pass_request_body {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store is defined %}
proxy_store {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store_access is defined %}
proxy_store_access {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store_access }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].allows is defined %}
{% for allow in item.value.servers[server].reverse_proxy.locations[location].allows %}
allow {{ allow }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].denies is defined %}
{% for deny in item.value.servers[server].reverse_proxy.locations[location].denies %}
deny {{ deny }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_set_header is defined %}
{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_set_header %}
proxy_set_header {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].value }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_http_version is defined %}
proxy_http_version {{ item.value.servers[server].reverse_proxy.locations[location].proxy_http_version }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].websocket is defined and item.value.servers[server].reverse_proxy.locations[location].websocket %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].try_files is defined %}
try_files {{ item.value.servers[server].reverse_proxy.locations[location].try_files }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_ssl %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert is defined %}
proxy_ssl_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key is defined %}
proxy_ssl_certificate_key {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %}
proxy_ssl_trusted_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name is defined %}
proxy_ssl_server_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name is defined %}
proxy_ssl_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols is defined %}
proxy_ssl_protocols {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers is defined %}
proxy_ssl_ciphers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify is defined %}
proxy_ssl_verify {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %}
proxy_ssl_verify_depth {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %}
proxy_ssl_session_reuse {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }};
{% endif %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_redirect is defined %}
proxy_redirect {{ item.value.servers[server].reverse_proxy.locations[location].proxy_redirect | ternary(item.value.servers[server].reverse_proxy.locations[location].proxy_redirect, "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache is defined %}
proxy_cache {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid is defined %}
{% for proxy_cache_valid in item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid %}
{% if proxy_cache_valid.code is defined %}
proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
proxy_cache_valid {{ proxy_cache_valid.time }};
{% endif %}
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update is defined %}
proxy_cache_background_update {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock is defined %}
proxy_cache_lock {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
proxy_cache_min_uses {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
proxy_cache_revalidate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
proxy_cache_use_stale {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path is defined %}
proxy_temp_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers is defined %}
proxy_ignore_headers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].client_max_body_size is defined and item.value.servers[server].reverse_proxy.locations[location].client_max_body_size %}
client_max_body_size {{ item.value.servers[server].reverse_proxy.locations[location].client_max_body_size }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path is defined %}
proxy_cookie_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.replacement }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_buffering is defined %}
proxy_buffering {{ item.value.servers[server].reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters is defined and item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters | length %}
{% for sub_filter in item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters %}
sub_filter {{ sub_filter }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.last_modified is defined %}
sub_filter_last_modified {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.last_modified | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.once is defined %}
sub_filter_once {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.once | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.types is defined and item.value.servers[server].reverse_proxy.locations[location].sub_filter.types %}
sub_filter_types {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.types }};
{% endif %}
{% if item.value.servers[server].reverse_proxy.locations[location].custom_options is defined and item.value.servers[server].reverse_proxy.locations[location].custom_options | length %}
{% for inline_option in item.value.servers[server].reverse_proxy.locations[location].custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
{% if (item.value.servers[server].reverse_proxy.health_check_plus is defined) and item.value.servers[server].reverse_proxy.health_check_plus %}
health_check;
{% endif %}
}
{% endfor %}
{% endif %}
{% if item.value.servers[server].web_server is defined %}
{% for location in item.value.servers[server].web_server.locations %}
location {{ item.value.servers[server].web_server.locations[location].location }} {
{% if item.value.servers[server].web_server.locations[location].html_file_location is defined %}
root {{ item.value.servers[server].web_server.locations[location].html_file_location }};
{% endif %}
{% if item.value.servers[server].web_server.locations[location].html_file_name is defined %}
index {{ item.value.servers[server].web_server.locations[location].html_file_name }};
{% endif %}
{% if item.value.servers[server].web_server.locations[location].autoindex | default(false) %}
autoindex on;
{% endif %}
{% if item.value.servers[server].web_server.locations[location].try_files is defined %}
try_files {{ item.value.servers[server].web_server.locations[location].try_files }};
{% endif %}
{% if item.value.servers[server].web_server.locations[location].include_files is defined and item.value.servers[server].web_server.locations[location].include_files | length %}
{% for file in item.value.servers[server].web_server.locations[location].include_files %}
include "{{ file }}";
{% endfor %}
{% endif %}
{% if item.value.servers[server].web_server.locations[location].custom_options is defined and item.value.servers[server].web_server.locations[location].custom_options | length %}
{% for inline_option in item.value.servers[server].web_server.locations[location].custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
{% if item.value.servers[server].web_server.locations[location].proxy_hide_headers is defined %}
{% for header in item.value.servers[server].web_server.locations[location].proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].web_server.locations[location].add_headers is defined %}
{% for header in item.value.servers[server].web_server.locations[location].add_headers %}
add_header {{ item.value.servers[server].web_server.locations[location].add_headers[header].name }} "{{ item.value.servers[server].web_server.locations[location].add_headers[header].value }}"{% if item.value.servers[server].web_server.locations[location].add_headers[header].always is defined and item.value.servers[server].web_server.locations[location].add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.servers[server].web_server.locations[location].returns is defined %}
{% for code in item.value.servers[server].web_server.locations[location].returns %}
{% if item.value.servers[server].web_server.locations[location].returns[code] is defined %}
return {{ item.value.servers[server].web_server.locations[location].returns[code].code }} {{ item.value.servers[server].web_server.locations[location].returns[code].url }};
{% else %}
return {{ item.value.servers[server].web_server.locations[location].returns[code].url }};
{% endif %}
{% endfor %}
{% endif %}
{% if item.value.servers[server].web_server.locations[location].auth_basic is defined and item.value.servers[server].web_server.locations[location].auth_basic %}
auth_basic "{{ item.value.servers[server].web_server.locations[location].auth_basic }}";
{% endif %}
{% if item.value.servers[server].web_server.locations[location].auth_basic_user_file is defined and item.value.servers[server].web_server.locations[location].auth_basic_user_file %}
auth_basic_user_file {{ item.value.servers[server].web_server.locations[location].auth_basic_user_file }};
{% endif %}
{% if item.value.servers[server].web_server.locations[location].auth_request is defined %}
auth_request {{ item.value.servers[server].web_server.locations[location].auth_request }};
{% endif %}
{% if item.value.servers[server].web_server.locations[location].auth_request_set is defined %}
auth_request_set {{ item.value.servers[server].web_server.locations[location].auth_request_set.name }} {{ item.value.servers[server].web_server.locations[location].auth_request_set.value }};
{% endif %}
{% if item.value.servers[server].web_server.locations[location].sub_filter.sub_filters is defined and item.value.servers[server].web_server.locations[location].sub_filter.sub_filters | length %}
{% for sub_filter in item.value.servers[server].web_server.locations[location].sub_filter.sub_filters %}
sub_filter {{ sub_filter }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].web_server.locations[location].sub_filter.last_modified is defined %}
sub_filter_last_modified {{ item.value.servers[server].web_server.locations[location].sub_filter.last_modified | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].web_server.locations[location].sub_filter.once is defined %}
sub_filter_once {{ item.value.servers[server].web_server.locations[location].sub_filter.once | ternary("on", "off") }};
{% endif %}
{% if item.value.servers[server].web_server.locations[location].sub_filter.types is defined and item.value.servers[server].web_server.locations[location].sub_filter.types %}
sub_filter_types {{ item.value.servers[server].web_server.locations[location].sub_filter.types }};
{% endif %}
}
{% endfor %}
{% if item.value.servers[server].web_server.http_demo_conf is defined and item.value.servers[server].web_server.http_demo_conf %}
sub_filter_once off;
sub_filter 'server_hostname' '$hostname';
sub_filter 'server_address' '$server_addr:$server_port';
sub_filter 'server_url' '$request_uri';
sub_filter 'remote_addr' '$remote_addr:$remote_port';
sub_filter 'server_date' '$time_local';
sub_filter 'client_browser' '$http_user_agent';
sub_filter 'request_id' '$request_id';
sub_filter 'nginx_version' '$nginx_version';
sub_filter 'document_root' '$document_root';
sub_filter 'proxied_for_ip' '$http_x_forwarded_for';
{% endif %}
{% endif %}
{% if item.value.servers[server].returns is defined %}
{% for return in item.value.servers[server].returns %}
location {{ item.value.servers[server].returns[return].location }} {
return {{ item.value.servers[server].returns[return].code }}{% if item.value.servers[server].returns[return].value is defined %} {{ item.value.servers[server].returns[return].value }}{% endif %};
}
{% endfor %}
{% endif %}
{% if item.value.servers[server].http_error_pages is defined %}
# redirect server error pages
{% for error_code in item.value.servers[server].http_error_pages %}
error_page {{ error_code }} {{ item.value.servers[server].http_error_pages[error_code] }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].error_page is defined %}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root {{ item.value.servers[server].error_page }};
}
{% endif %}
{% if item.value.servers[server].access_log is defined %}
{% for access_log in item.value.servers[server].access_log %}
access_log {{ access_log.location }} {{ access_log.name }};
{% endfor %}
{% endif %}
{% if item.value.servers[server].error_log is defined %}
error_log {{ item.value.servers[server].error_log.location }} {{ item.value.servers[server].error_log.level }};
{% endif %}
}
{% endfor %}
{% endif %}

16
templates/http/status.conf.j2
View File

@ -1,16 +0,0 @@
{# DEPRECATED #}
{{ ansible_managed | comment }}
server {
listen {{ nginx_status_port | default('80') }};
access_log {{ nginx_status_log | ternary('on', 'off') }};
location /nginx_status {
stub_status on;
{% if nginx_status_allow is defined %}
allow {{ nginx_status_allow }};
{% endif %}
{% if nginx_status_deny is defined %}
deny {{ nginx_status_deny }};
{% endif %}
}
}

111
templates/nginx.conf.j2
View File

@ -1,111 +0,0 @@
{# DEPRECATED #}
{{ ansible_managed | comment }}
user {{ nginx_main_template.user }};
worker_processes {{ nginx_main_template.worker_processes }};
{% if nginx_main_template.worker_rlimit_nofile is defined %}
worker_rlimit_nofile {{ nginx_main_template.worker_rlimit_nofile }};
{% endif %}
{% if nginx_main_template.custom_options is defined and nginx_main_template.custom_options | length %}
{% for inline_option in nginx_main_template.custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
error_log {{ nginx_main_template.error_log.location | default("/var/log/nginx/error.log") }} {{ nginx_main_template.error_log.level | default("warn") }};
pid {{ nginx_main_template.pid | default("/var/run/nginx.pid") }};
events {
worker_connections {{ nginx_main_template.worker_connections }};
{% if nginx_main_template.events_custom_options is defined and nginx_main_template.events_custom_options | length %}
{% for inline_option in nginx_main_template.events_custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
}
{% if nginx_main_template.http_enable %}
http {
include /etc/nginx/mime.types;
{% if nginx_main_template.http_settings.default_type is defined and nginx_main_template.http_settings.default_type %}
default_type {{ nginx_main_template.http_settings.default_type }};
{% endif %}
{% for access_log in nginx_main_template.http_settings.access_log_format %}
log_format {{ access_log.name }} {{ access_log.format }};
{% endfor %}
{% for access_log in nginx_main_template.http_settings.access_log_location %}
access_log {{ access_log.location }} {{ access_log.name }};
{% endfor %}
sendfile on;
{% if nginx_main_template.http_settings.tcp_nopush is defined and nginx_main_template.http_settings.tcp_nopush %}
tcp_nopush on;
{% endif %}
{% if nginx_main_template.http_settings.tcp_nodelay is defined and nginx_main_template.http_settings.tcp_nodelay %}
tcp_nodelay on;
{% endif %}
{% if nginx_main_template.http_settings.server_tokens is defined and nginx_main_template.http_settings.server_tokens | length %}
server_tokens {{ nginx_main_template.http_settings.server_tokens }};
{% endif %}
keepalive_timeout {{ nginx_main_template.http_settings.keepalive_timeout }};
#gzip on;
{% if nginx_main_template.http_settings.cache %}
proxy_cache_path /tmp/cache keys_zone=one:10m;
{% endif %}
{% if nginx_main_template.http_settings.rate_limit %}
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;
{% endif %}
{% if nginx_main_template.http_settings.keyval %}
keyval_zone zone={{nginx_main_template.http_settings.keyval.zone}}:32k state=one.keyval;
keyval $arg_text $text zone=one;
{% endif %}
{% if nginx_main_template.http_global_autoindex | default(false) %}
autoindex on;
{% endif %}
{% if nginx_main_template.sub_filter.sub_filters is defined and nginx_main_template.sub_filter.sub_filters | length %}
{% for sub_filter in nginx_main_template.sub_filter.sub_filters %}
sub_filter {{ sub_filter }};
{% endfor %}
{% endif %}
{% if nginx_main_template.sub_filter.last_modified is defined %}
sub_filter_last_modified {{ nginx_main_template.sub_filter.last_modified | ternary("on", "off") }};
{% endif %}
{% if nginx_main_template.sub_filter.once is defined %}
sub_filter_once {{ nginx_main_template.sub_filter.once | ternary("on", "off") }};
{% endif %}
{% if nginx_main_template.sub_filter.types is defined and nginx_main_template.sub_filter.types %}
sub_filter_types {{ nginx_main_template.sub_filter.types }};
{% endif %}
{% if nginx_main_template.http_custom_options is defined and nginx_main_template.http_custom_options | length %}
{% for inline_option in nginx_main_template.http_custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
include /etc/nginx/conf.d/*.conf;
{% if nginx_main_template.http_custom_includes is defined and nginx_main_template.http_custom_includes | length %}
{% for inline_include in nginx_main_template.http_custom_includes %}
include {{ inline_include }};
{% endfor %}
{% endif %}
}
{% endif %}
{% if nginx_main_template.stream_enable %}
stream {
{% if nginx_main_template.stream_custom_options is defined and nginx_main_template.stream_custom_options | length %}
{% for inline_option in nginx_main_template.stream_custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
include /etc/nginx/conf.d/stream/*.conf;
}
{% endif %}

127
templates/stream/default.conf.j2
View File

@ -1,127 +0,0 @@
{# DEPRECATED #}
{{ ansible_managed | comment }}
{% if item.value.upstreams is defined %}
{% for upstream in item.value.upstreams %}
upstream {{ item.value.upstreams[upstream].name }} {
{% if item.value.upstreams[upstream].lb_method is defined %}
{{ item.value.upstreams[upstream].lb_method }};
{% endif %}
zone {{ item.value.upstreams[upstream].zone_name }} {{ item.value.upstreams[upstream].zone_size }};
{% for server in item.value.upstreams[upstream].servers %}
server {{ item.value.upstreams[upstream].servers[server].address }}{{(":" + item.value.upstreams[upstream].servers[server].port | string) if item.value.upstreams[upstream].servers[server].port is defined}} {% if item.value.upstreams[upstream].servers[server].down is defined and item.value.upstreams[upstream].servers[server].down %}down{% else %}weight={{ item.value.upstreams[upstream].servers[server].weight | default("1") }} {{ item.value.upstreams[upstream].servers[server].health_check | default("") }}{% endif %};
{% endfor %}
{% if item.value.upstreams[upstream].sticky_cookie is defined %}
{% if item.value.upstreams[upstream].sticky_cookie %}
sticky cookie srv_id expires=1h path=/;
{% endif %}
{% endif %}
{% if item.value.upstreams[upstream].custom_options is defined and item.value.upstreams[upstream].custom_options | length %}
{% for inline_option in item.value.upstreams[upstream].custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}
{% if item.value.custom_options is defined and item.value.custom_options | length %}
{% for inline_option in item.value.custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
{% if item.value.network_streams is defined %}
{% for stream in item.value.network_streams %}
server {
{% for listen in item.value.network_streams[stream].listen %}
listen {% if item.value.network_streams[stream].listen[listen].ip is defined and item.value.network_streams[stream].listen[listen].ip | length %}{{ item.value.network_streams[stream].listen[listen].ip }}:{% endif %}{{ item.value.network_streams[stream].listen[listen].port }}{% if item.value.network_streams[stream].listen[listen].ssl is defined and item.value.network_streams[stream].listen[listen].ssl %} ssl{% endif %}{% if item.value.network_streams[stream].listen[listen].opts is defined and item.value.network_streams[stream].listen[listen].opts | length %} {{ item.value.network_streams[stream].listen[listen].opts | join(" ") }}{% endif %};
{% endfor %}
{% if item.value.network_streams[stream].ssl is defined and item.value.network_streams[stream].ssl %}
ssl_certificate {{ item.value.network_streams[stream].ssl.cert }};
ssl_certificate_key {{ item.value.network_streams[stream].ssl.key }};
{% if item.value.network_streams[stream].ssl.trusted_cert is defined %}
ssl_trusted_certificate {{ item.value.network_streams[stream].ssl.trusted_cert }};
{% endif %}
{% if item.value.network_streams[stream].ssl.dhparam is defined %}
ssl_dhparam {{ item.value.network_streams[stream].ssl.dhparam }};
{% endif %}
{% if item.value.network_streams[stream].ssl.protocols is defined and item.value.network_streams[stream].ssl.protocols %}
ssl_protocols {{ item.value.network_streams[stream].ssl.protocols }};
{% endif %}
{% if item.value.network_streams[stream].ssl.ciphers is defined and item.value.network_streams[stream].ssl.ciphers %}
ssl_ciphers {{ item.value.network_streams[stream].ssl.ciphers }};
{% endif %}
{% if item.value.network_streams[stream].ssl.prefer_server_ciphers is defined and item.value.network_streams[stream].ssl.prefer_server_ciphers %}
ssl_prefer_server_ciphers on;
{% endif %}
{% if item.value.network_streams[stream].ssl.session_cache is defined and item.value.network_streams[stream].ssl.session_cache %}
ssl_session_cache {{ item.value.network_streams[stream].ssl.session_cache }};
{% endif %}
{% if item.value.network_streams[stream].ssl.session_timeout is defined and item.value.network_streams[stream].ssl.session_timeout %}
ssl_session_timeout {{ item.value.network_streams[stream].ssl.session_timeout }};
{% endif %}
{% if item.value.network_streams[stream].ssl.disable_session_tickets is defined and item.value.network_streams[stream].ssl.disable_session_tickets %}
ssl_session_tickets off;
{% endif %}
{% if item.value.network_streams[stream].ssl.ecdh_curve is defined and item.value.network_streams[stream].ssl.ecdh_curve %}
ssl_ecdh_curve {{ item.value.network_streams[stream].ssl.ecdh_curve }};
{% endif %}
{% endif %}
{% if item.value.network_streams[stream].include_files is defined and item.value.network_streams[stream].include_files | length %}
{% for file in item.value.network_streams[stream].include_files %}
include "{{ file }}";
{% endfor %}
{% endif %}
proxy_pass {{ item.value.network_streams[stream].proxy_pass }};
proxy_timeout {{ item.value.network_streams[stream].proxy_timeout }};
proxy_connect_timeout {{ item.value.network_streams[stream].proxy_connect_timeout }};
{% if item.value.network_streams[stream].proxy_protocol %}
proxy_protocol on;
{% else %}
proxy_protocol off;
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl is defined %}
proxy_ssl on;
{% if item.value.network_streams[stream].proxy_ssl.cert is defined %}
proxy_ssl_certificate {{ item.value.network_streams[stream].proxy_ssl.cert }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.key is defined %}
proxy_ssl_certificate_key {{ item.value.network_streams[stream].proxy_ssl.key }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.server_name is defined %}
proxy_ssl_server_name {{ item.value.network_streams[stream].proxy_ssl.server_name | ternary("on", "off") }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.name is defined %}
proxy_ssl_name {{ item.value.network_streams[stream].proxy_ssl.name }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.protocols is defined %}
proxy_ssl_protocols {{ item.value.network_streams[stream].proxy_ssl.protocols }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.ciphers is defined %}
proxy_ssl_ciphers {{ item.value.network_streams[stream].proxy_ssl.ciphers }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.trusted_cert is defined %}
proxy_ssl_trusted_certificate {{ item.value.network_streams[stream].proxy_ssl.trusted_cert }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.verify is defined %}
proxy_ssl_verify {{ item.value.network_streams[stream].proxy_ssl.verify | ternary("on", "off") }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.verify_depth is defined %}
proxy_ssl_verify_depth {{ item.value.network_streams[stream].proxy_ssl.verify_depth }};
{% endif %}
{% if item.value.network_streams[stream].proxy_ssl.session_reuse is defined %}
proxy_ssl_session_reuse {{ item.value.network_streams[stream].proxy_ssl.session_reuse | ternary("on", "off") }};
{% endif %}
{% endif %}
{% if item.value.network_streams[stream].health_check_plus %}
health_check;
{% endif %}
{% if item.value.network_streams[stream].custom_options is defined and item.value.network_streams[stream].custom_options | length %}
{% for inline_option in item.value.network_streams[stream].custom_options %}
{{ inline_option }}
{% endfor %}
{% endif %}
}
{% endfor %}
{% endif %}

103
templates/www/index.html.j2
View File

@ -1,103 +0,0 @@
<!-- DEPRECATED -->
<!-- {{ ansible_managed }} -->
<!DOCTYPE html>
<html>
<head>
<title>Hello World - {{ item.value.web_server_name }}</title>
<link href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEAAAABACAYAAACqaXHeAAAGPElEQVR42u1bDUyUdRj/iwpolMlcbZqtXFnNsuSCez/OIMg1V7SFONuaU8P1MWy1lcPUyhK1uVbKcXfvy6GikTGKCmpEyoejJipouUBcgsinhwUKKKJ8PD3vnzsxuLv35Q644+Ue9mwH3P3f5/d7n6/3/3+OEJ/4xCc+8YQYtQuJwB0kIp+JrzUTB7iJuweBf4baTlJ5oCqw11C/JHp+tnqBb1ngT4z8WgReTUGbWCBGq0qvKRFcHf4eT/ZFBKoLvMBGIbhiYkaQIjcAfLAK+D8z9YhjxMgsVUGc84+gyx9AYD0khXcMfLCmUBL68HMZ+PnHxyFw3Uwi8B8hgJYh7j4c7c8PV5CEbUTUzBoHcU78iIl/FYFXWmPaNeC3q4mz5YcqJPI1JGKql2Z3hkcjD5EUznmcu6qiNT+Y2CPEoH3Wm4A/QERWQFe9QQ0caeCDlSZJrht1HxG0D3sOuCEiCA1aj4ZY3Ipzl8LiVtn8hxi5zRgWM8YYPBODF/9zxOLcVRVs+YGtwFzxCs1Bo9y+avBiOTQeUzwI3F5+kOwxsXkkmWNHHrjUokqtqtSyysW5gUHV4mtmZEHSdRkl+aELvcFIRN397gPPXD4ZgbxJW1S5OJdA60MgUAyHu1KfAz+pfCUtwr+HuQc8ORQ1jK4ZgGsTvcY5uQP5oYkY2HfcK5sGLpS6l1xZQwNn7Xkedp3OgMrWC1DX0Qwnms/A1rK9cF9atNVo18DP/3o5fF99BGo7LFDRWgMJJQaYQv/PyOcHySP0TITrBIhYb+WSHLrlNGEx5NeXgj2paW8C5rs46h3Dc3kt3G2Ogr9aqoes+f5RvbL1aJ5iXnKnxkfIEoB3N/zHeHAmF9ovwryvYvC9TysnICkEonPX212vvOU8+As6eS+QCDAw0aNLABq6LO8DkJMSSznMMEfScFFGwCJYXbDV7lq17RYIQu+QTYpjRUBM3gZQIt+cOwyTpWRpYBQRsKrgU4ceNS4JkCSxLI1+ZsIS0NvXB6sLE/tL5EQkQJKOm52YON9y7glqJkCSOqzrD6Uvc1wZ1EBA07V/IafmN4ckHG+ugJkSEHuVQQ0ENFy9BLP3R0NR4ymHJGRWFWBnZ6fPVwMBF9EDgrD2z0USqtoaHJKw49SBoZ2dWggIxmcEsvspYLLi4PKNDrvv68OfuKLt/68MqiJAan4Q0IpDm6G7r8fue692X4fI7PiByqA6AqygNh0XHIaClDOkpz9aGVRJABo8CTP+3sqfHZJQeqkSgvHZn+xaqEICKAlhECSGO60MWdVF4IcesDL/ExUSYN3okCrD31fqHZLwcWkq5owPVUoA3UcIgdBv10BrV7vdz3b39kBhw0kVE2BNirG/bqRghyPqIcBKQkKJcVgE1LQ1wR3S5ooqCDBKlSEUzGdyFBNwvq1RTQT0b4BOF5+BgoayCUqAtTLMSXsRzl6uHX8EONoUtXS2KCfAusOsyVwFLV1tznNAuzflAGxb+R/esGuodDcD0bUVbYLelhRf/mWD08ogdYtTjNwYbIsrORhBIwJMPOTWHh1i6Lriz107FUKviivcZvfp8WZvN8TmbVS2rtsHI8mMtn9gSe50KAz79yWw8490OGYpp8lsTUGictd3EA6PHVwB20+mYUNURo/aMs4dhqjsdcoOWGxH5yYu0g0P0EzFBd7DxZoVHY7aHmWtB6VunwhLB6P0gFULk6zhJnvnBw5HW9D9N5GkpQEjMBcQOg+JMBNxjMZgHISawvGZHiKw+0mybv5ozP0txgvk07AQvWxAoh98sXsur3RmwMStxIud9fiIzMAIXTV6yNqxHaH7gg1GA7bgxVvHfEjq1hAl10ZM/A46gO0x0bOPoiHpSEDvsMZhXVVbVRL4TLz2E140EK1dgsnnd9mBaHcmwuigJHeCGLkXvHNaNHOBP4J/HYmoGbGwsJU1ka0nAvM2ht40758ZNmvvRRJ24l3roMa7MxVq4jpRdyMRc8bh9wR0TyIRWdR9hzNXaJs3Ftif6KDWuBcBH0hErky2bNraV5E9jcBjiapE1ExHkO8iEY1OvjLTjAkugezh7ySqFUPoXHTtZAR7ncY4rRrYYgtcCtGHPUgmjEhPmiKXjXc/l4g6HfGJT3ziEw/If86JzB/YMku9AAAAAElFTkSuQmCC" rel="icon" type="image/png" />
<style>
body {
margin: 0px;
font: 20px 'RobotoRegular', Arial, sans-serif;
font-weight: 100;
height: 100%;
color: #0f1419;
}
div.info {
display: table;
background: #e8eaec;
padding: 20px 20px 20px 20px;
border: 1px dashed black;
border-radius: 10px;
margin: 0px auto auto auto;
}
div.info p {
display: table-row;
margin: 5px auto auto auto;
}
div.info p span {
display: table-cell;
padding: 10px;
}
img {
width: 176px;
margin: 36px auto 36px auto;
display:block;
}
div.smaller p span {
color: #3D5266;
}
h1, h2 {
font-weight: 100;
}
div.check {
padding: 0px 0px 0px 0px;
display: table;
margin: 36px auto auto auto;
font: 12px 'RobotoRegular', Arial, sans-serif;
}
#footer {
position: fixed;
bottom: 36px;
width: 100%;
}
#center {
width: 400px;
margin: 0 auto;
font: 18px Courier;
}
</style>
<script>
var ref;
function checkRefresh(){
if (document.cookie == "refresh=1") {
document.getElementById("check").checked = true;
ref = setTimeout(function(){location.reload();}, 1000);
} else {
}
}
function changeCookie() {
if (document.getElementById("check").checked) {
document.cookie = "refresh=1";
ref = setTimeout(function(){location.reload();}, 1000);
} else {
document.cookie = "refresh=0";
clearTimeout(ref);
}
}
</script>
</head>
<body onload="checkRefresh();">
<img alt="NGINX Logo" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAWAAAABICAMAAAD/N9+RAAAAVFBMVEUAAAAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQAAmQDBect+AAAAG3RSTlMAB0AY8SD5SM82v1npsJ/YjSl0EVLftqllgMdZgsoQAAAHd0lEQVR42szZ6XabMBCG4ZGFxSazLzZz//fZc9I4JpbEN8LQ0/dnGwJ5DJGG0HdpM9kkuzVXiqussmRpLrRdnwqDp9ePyY7zXdFbqptHOz00RTVUxWiyquvJ26Upknp2/heWN0Uyzt3qYtKMn805ybsW/LdK01YVC6sVELH81XJ9o6j5q6Qkcepe83dJp8ipf161HSgm1TyPK5//cuN1d5KmE342bsnkLK6hre78LNG0KuWfOrFDwats69w8ln+qFIlrx9Vxf8808e8eJGx9YEXhCpZ3kX2gfFtbrX4m05IonTE7wsGLnpXY1/Kqr3v/5r+NcAOvy8HXCRt74W+alH568KqCJKmM37LafVhe3ZTU1/mmA7uV9Ar8vPjZVCPDZI+CDdwFC68yIooZnbhmIAx8XyoZu5mcYO9HzhSo47gGCqR53ULPlAGPkuyazJVeKWYsjH15Djy/VhPO8LoM/OJE4XNfeJ19LUfRj18KF9gLA2GZL4/UsLdFHQVccWyTCDjZD9wm7Kt2PgIgjH3ZBlf46iDgnOO7nwusavZmVoCaPU0q1pcnshyoOwa44PiS66nANw7U0isbK5x7j3gQB0uPAB54T8WZwA/RHrxhLIx9TbsBnLSfA6uRd9WdBzywCFiNUcJ5wr4eRByu7j8G7nhfpj0LuE0A8OtsSBj7ZooIL+dyYLxFm27+EvfSzgHua/GYXrK3Qol9a03bwNxEAeMt2ix/bptzgCeGwFhY7ouAufwIOA/PSni3nJ8B3DAElgtjXwxs8k+Al/BdiVfDWh0PPDAAjhXGvgTnVjkwujzbk1t4TWkOB24TBBwrjH2JQZnaC6xGsPdCT296MHA/MgKWC2NfL7Blp2ov8AM88/gNbX8osCrc5xMAA2Ho6wIXHTt1+4C1iZwMW8NvzYcCN67vAICBMPZ1galip3QXcAXHXzyVlB8AYyiT5wAYCWNfF1gtYGYWAufhNynyTWqiDwPOjeelnQiYShMQBr5+YNIWzMwy4CX69afv1NNRwHr07FKEwDT4hTPs6wL7P+tCxQKXm/eifJ963wmMF7hCYWBXGJdpAsBUopkZAyv3j3+i9PUtTa/U9VcAGC1wmgAwFsa+LnBooLxj4K0t2qjo8AAwWuAIAO8TznoSANMEZmYErA14p3EyMF7gSgLAQBj4ImBVg5kZAM/8u4VAJwJ7l+2GADAQBr4A2D+1Z0oMnKM3Y2cD4wUOAANh5IuB6cJOsxg4Q0eeCwwXuFETBnZLDfSVA1NwZsbAJXwN/C+B7771BAAjYeyLgX0z8yACVlawx1NaXh+5TcMLHACGwtgXA6OZ2QUObdGsorfabjIsr4wcNOACB4CBMPLFwOHpcuwx8NWgLXTJURW0H1gtngUOA8cLLz1FAsOZWQ4MfFH5B8CV7x75b4D/NHduS47CMBCVwYFAiDEmCQT+/z/3ZWumah1otZdL/MxMZc5gybJanU8tLI9DhF8PESXJ10k64PAxyn1LiPisMhr/N8kNHF+bpwPOis95+juS3IJOrsgQYBlXj2mWFVHRgHGC+4pj2kKjbG4ufKGRLmdtTTJgc12WKn1BofE7zBTXzAhwtlIqP9h5gmTAbq1xcHqpvBbHBgRY7suXPTl/ROMB4wR36mUPKjXnNwLcrVxXXimRZTLgDBSiZ15XYj3XAwAWv3zh7gnAXtIAx6Etnq888cIdX/fZDgDul1tGvf4Vtn0S4M8J7i7ROq1lhCVHzzwGvBpYbJ5AOEgq4EEzZn5K01MrmqvNOmDTLrft+8FSRzQecFBpO05p26tlnw7oIso14YnJ3i5aL6DF0wMuleqkM4Qn+smcAKRTL1Y65UDQVAO+WK2+7gTplH54usjWAXek+K+LCuxEwGMLul0R4EPFfz8L18zzKmDxIKSCN95LIuBGr3GujpevErqxGQDuLaPuyUAfBAPGg6Mx4OME2DhQVgUJWAIzQnBFfRAeMI5N1XEjBBiwjCxg0+qHYG7wt/GA8capDh+CqYkpCoykjPKWesio2gywEwD4qDEuDNjUJGCptQqUAB5MB3w1APBhg4gYsPQtCbib00Zpi3wrwM1FAOBjR2lrZBXCARY3J623bAS4yAQAPnIYHAOWkgSc2xS+T7MV4CAA8LF2BhiwBAwYP4+lPBsBdgIAH2XIgQHjTf+SrRw5auEAG5Dg9ID3t5TBgM3EWR88eMAVCVieYM5aDXgHUyQAmKiZR9nIFckJC/gFnALUgHew9QKAiZq5A3+EXspDAw7gP64GvIcxXQvfHl2B7tiozSf+y1JSNQ31gRYDQb6HteKQ4B3s4QucflRrDW8OKiHBujCO3s0u5qAjwKR0vnkDozL1emgd5W6EWa1ud7l97G0n3jhYzACOEMlHtVpjeBA/mLf/7IOoQsa7y+b7GDR3Rbw98fKQLy+5xv7VIXowIhy1ztUfbdzLYrz7cbrvRb/K+nf7wPPQpAXsEQ/7l2AXW97/AGkCwaNsIif8zU3y5eZaO/mK/jKDV1s872/Fz11K5TLE1zzEiP1km8ndDMcj3JvmFfqdvubhD8TgHPiN+LViAAAAAElFTkSuQmCC"/>
<div class="info">
<p><span>Web Server name:</span> <span> {{ item.value.web_server_name }} </span></p>
<p><span>Server name:</span> <span>server_hostname</span></p>
<p><span>Server address:</span> <span>server_address</span></p>
<p><span>User Agent:</span> <span><small>client_browser</small></span></p>
<p class="smaller"><span>URI:</span> <span>server_url</span></p>
<p class="smaller"><span>Doc Root:</span> <span>document_root</span></p>
<p class="smaller"><span>Date:</span> <span>server_date</span></p>
<p class="smaller"><span>NGINX Front-End Load Balancer IP:</span><span>remote_addr</span></p>
<p class="smaller"><span>Client IP:</span> <span>proxied_for_ip</span></p>
<p class="smaller"><span>NGINX Version:</span> <span>nginx_version</span></p>
</div>
<div class="check"><input type="checkbox" id="check" onchange="changeCookie()"> Auto Refresh</div>
<div id="footer">
<div id="center" align="center">
Request ID: request_id<br/>
&copy; NGINX, Inc. 2018 - <script>document.write(new Date().getFullYear())</script>
</div>
</div>
</body>
</html>