diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index a1e63a0..f962bee 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -26,11 +26,6 @@ jobs: - source - source_alpine - source_centos - - stable_push_alpine - - stable_push_centos - - template - - template_alpine - - template_centos steps: - name: Check out the codebase uses: actions/checkout@v2 diff --git a/CHANGELOG.md b/CHANGELOG.md index 98907ba..b194218 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## 0.19.0 (Unreleased) + +BREAKING CHANGES: + +**The NGINX configuration functionalities included in this role have been removed as of release 0.19.0.** There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX configuration Ansible role repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. + ## 0.18.2 (December 22, 2020) ENHANCEMENTS: @@ -23,7 +29,7 @@ Fix issue whereas SELinux state would not be correctly set back to `enforcing` w BREAKING CHANGES: -**The NGINX Unit functionalities included in this role have been removed as of release 0.18.0.** There now is a separate role to install NGINX Unit available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. +**The NGINX Unit functionalities included in this role have been removed as of release 0.18.0.** There now is a separate role to install NGINX Unit available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit Ansible role repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. ## 0.17.4 (November 12, 2020) diff --git a/README.md b/README.md index 2422d89..35683ca 100644 --- a/README.md +++ b/README.md @@ -14,8 +14,8 @@ This role installs NGINX Open Source, NGINX Plus, or the NGINX Amplify agent on With the advent of Ansible collections and the release of the [NGINX Core Ansible collection](https://github.com/nginxinc/ansible-collection-nginx), the decision has been made to split this role into three smaller roles and reduce the overhead of this role: * The NGINX Ansible role will keep working as is and be used to install and setup NGINX. -* **The NGINX configuration functionalities included in this role will be removed in an upcoming release at some stage after December 1st 2020.** There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. -* **The NGINX Unit functionalities included in this role have been removed as of release 0.18.0.** There now is a separate role to install NGINX Unit available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. This disclaimer will be removed in a future release. +* **The NGINX configuration functionalities included in this role have been removed as of release 0.19.0.** There now is a separate role to manage and create NGINX configurations available [here](https://github.com/nginxinc/ansible-role-nginx-config). Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX configuration Ansible role repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. This disclaimer will be removed in a future release. +* **The NGINX Unit functionalities included in this role have been removed as of release 0.18.0.** There now is a separate role to install NGINX Unit available [here](https://github.com/nginxinc/ansible-role-nginx-unit). Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit Ansible role repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. This disclaimer will be removed in a future release. ## Requirements @@ -133,8 +133,6 @@ This role has multiple variables. The descriptions and defaults for all these va |----|-----------| |**[`main.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/main.yml)**|NGINX installation variables| |**[`amplify.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/amplify.yml)**|NGINX Amplify agent installation variables| -|**[`template.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/template.yml)**|NGINX configuration templating variables| -|**[`upload.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/upload.yml)**|NGINX configuration/HTML/SSL upload variables| |**[`linux.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/linux.yml)**|Linux installation variables| |**[`bsd.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/defaults/main/bsd.yml)**|BSD installation variables| @@ -154,8 +152,6 @@ Working functional playbook examples can be found in the **[`molecule/common/pla |**[`module_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/module_converge.yml)**|Install various NGINX supported modules| |**[`plus_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/plus_converge.yml)**|Install NGINX Plus and various NGINX Plus supported modules| |**[`source_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/source_converge.yml)**|Install NGINX from source| -|**[`stable_push_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/stable_push_converge.yml)**|Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance| -|**[`template_converge.yml`](https://github.com/nginxinc/ansible-role-nginx/blob/main/molecule/common/playbooks/template_converge.yml)**|Use the NGINX configuration templating variables to create an NGINX configuration file| Do note that if you install this repository via Ansible Galaxy, you will have to replace the role variable in the sample playbooks from `ansible-role-nginx` to `nginxinc.nginx`. diff --git a/defaults/main/main.yml b/defaults/main/main.yml index adde940..3d8f7dc 100644 --- a/defaults/main/main.yml +++ b/defaults/main/main.yml @@ -8,12 +8,6 @@ nginx_enable: true # Default is true. nginx_install: true -## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) -# Enable NGINX configuration options. -# Variables for these options can be found in `./template.yml` and `./upload.yml`. -# Default is false. -nginx_configure: false - # Start NGINX service. # Default is true. nginx_start: true @@ -112,17 +106,3 @@ nginx_modules: [] # - subs-filter # NGINX Plus # - waf # NGINX Plus # - xslt - -## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) -# Remove previously existing NGINX configuration files. -# You can specify a list of paths you wish to remove. -# You can also choose whether to recurse through the paths specified. -# Alternatively you can specify the list of files you wish to remove. -# Default is false. -nginx_cleanup_config: false -nginx_cleanup_config_paths: - - directory: - - /etc/nginx/conf.d - recurse: false -# nginx_cleanup_config_files: -# - /etc/nginx/conf.d/default.conf diff --git a/defaults/main/template.yml b/defaults/main/template.yml deleted file mode 100644 index 5df7892..0000000 --- a/defaults/main/template.yml +++ /dev/null @@ -1,404 +0,0 @@ -## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) ---- -# Enable creating dynamic templated NGINX HTML demo websites. -nginx_html_demo_template_enable: false -nginx_html_demo_template: - default: - template_file: www/index.html.j2 - html_file_name: index.html - html_file_location: /usr/share/nginx/html - web_server_name: Default - -# Enable creating dynamic templated NGINX configuration files. -# Defaults are the values found in a fresh NGINX installation. -nginx_main_template_enable: false -nginx_main_template: - template_file: nginx.conf.j2 - conf_file_name: nginx.conf - conf_file_location: /etc/nginx/ - user: nginx - worker_processes: auto - # worker_rlimit_nofile: 1024 - pid: /var/run/nginx.pid - error_log: - location: /var/log/nginx/error.log - level: warn - worker_connections: 1024 - http_enable: true - http_settings: - default_type: application/octet-stream - access_log_format: - - name: main - format: |- - '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"' - access_log_location: - - name: main - location: /var/log/nginx/access.log - tcp_nopush: true - tcp_nodelay: true - keepalive_timeout: 65 - cache: false - rate_limit: false - keyval: false - # server_tokens: "off" - http_global_autoindex: false - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "on" - types: "text/html" - # custom_options: [] - # http_custom_options: [] - # http_custom_includes: [] - # events_custom_options: [] - stream_enable: false - # stream_custom_options: [] - # auth_request_http: /auth - # auth_request_set_http: - # name: $auth_user - # value: $upstream_http_x_user - -# Enable creating dynamic templated NGINX HTTP configuration files. -# Defaults will not produce a valid configuration. Instead they are meant to showcase -# the options available for templating. Each key represents a new configuration file. -nginx_http_template_enable: false -nginx_http_template: - default: - template_file: http/default.conf.j2 - conf_file_name: default.conf - conf_file_location: /etc/nginx/conf.d/ - servers: - server1: - listen: - listen_localhost: - ip: localhost # Wrap in square brackets for IPv6 addresses - port: 8081 - ssl: true - opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:'). - ssl: - cert: /etc/ssl/certs/default.crt - key: /etc/ssl/private/default.key - dhparam: /etc/ssl/private/dh_param.pem - protocols: TLSv1 TLSv1.1 TLSv1.2 - ciphers: HIGH:!aNULL:!MD5 - prefer_server_ciphers: true - session_cache: none - session_timeout: 5m - disable_session_tickets: false - trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt - stapling: true - stapling_verify: true - buffer_size: 16k - ecdh_curve: auto - server_name: localhost - include_files: [] - http_error_pages: {} - error_page: /usr/share/nginx/html - access_log: - - name: main - location: /var/log/nginx/access.log - error_log: - location: /var/log/nginx/error.log - level: warn - root: /usr/share/nginx/html - # https_redirect: $host - autoindex: false - auth_basic: null - auth_basic_user_file: null - try_files: $uri $uri/index.html $uri.html =404 - # auth_request: /auth - # auth_request_set: - # name: $auth_user - # value: $upstream_http_x_user - client_max_body_size: 1m - proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application - add_headers: - strict_transport_security: - name: Strict-Transport-Security - value: max-age=15768000; includeSubDomains - always: true - # header_name: - # name: Header-X - # value: Value-X - # always: false - - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "on" - types: "text/html" - # custom_options: [] - web_server: - locations: - default: - location: / - include_files: [] - proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application - add_headers: - strict_transport_security: - name: Strict-Transport-Security - value: max-age=15768000; includeSubDomains - always: true - # header_name: - # name: Header-X - # value: Value-X - # always: false - html_file_location: /usr/share/nginx/html - html_file_name: index.html - autoindex: false - auth_basic: null - auth_basic_user_file: null - try_files: $uri $uri/index.html $uri.html =404 - # auth_request: /auth - # auth_request_set: - # name: $auth_user - # value: $upstream_http_x_user - client_max_body_size: 1m - # returns: - # return302: - # code: 302 - # url: https://sso.somehost.local/?url=https://$http_host$request_uri - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "on" - types: "text/html" - # custom_options: [] - http_demo_conf: false - reverse_proxy: - locations: - backend: - location: / - include_files: [] - proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application - add_headers: - strict_transport_security: - name: Strict-Transport-Security - value: max-age=15768000; includeSubDomains - always: true - # header_name: - # name: Header-X - # value: Value-X - # always: false - proxy_connect_timeout: null - proxy_pass: http://backend - # rewrites: - # - /foo(.*) /$1 break - # proxy_pass_request_body: off - # allows: - # - 192.168.1.0/24 - # denies: - # - all - proxy_set_header: - header_host: - name: Host - value: $host - header_x_real_ip: - name: X-Real-IP - value: $remote_addr - header_x_forwarded_for: - name: X-Forwarded-For - value: $proxy_add_x_forwarded_for - header_x_forwarded_proto: - name: X-Forwarded-Proto - value: $scheme - # header_upgrade: - # name: Upgrade - # value: $http_upgrade - # header_connection: - # name: Connection - # value: "Upgrade" - # header_random: - # name: RandomName - # value: RandomValue - # internal: false - # proxy_store: off - # proxy_store_acccess: user:rw - proxy_read_timeout: null - proxy_send_timeout: null - proxy_ssl: - cert: /etc/ssl/certs/proxy_default.crt - key: /etc/ssl/private/proxy_default.key - trusted_cert: /etc/ssl/certs/proxy_ca.crt - protocols: TLSv1 TLSv1.1 TLSv1.2 - ciphers: HIGH:!aNULL:!MD5 - verify: false - verify_depth: 1 - session_reuse: true - proxy_cache: backend_proxy_cache - proxy_cache_valid: - - code: 200 - time: 10m - - code: 301 - time: 1m - proxy_temp_path: - path: /var/cache/nginx/proxy/backend/temp - proxy_cache_lock: false - proxy_cache_min_uses: 3 - proxy_cache_revalidate: false - proxy_cache_use_stale: - - http_403 - - http_404 - proxy_ignore_headers: - - Vary - - Cache-Control - proxy_cookie_path: - path: /web/ - replacement: / - proxy_buffering: false - proxy_http_version: 1.0 - websocket: false - auth_basic: null - auth_basic_user_file: null - try_files: $uri $uri/index.html $uri.html =404 - # auth_request: /auth - # auth_request_set: - # name: $auth_user - # value: $upstream_http_x_user - # returns: - # return302: - # code: 302 - # url: https://sso.somehost.local/?url=https://$http_host$request_uri - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "on" - types: "text/html" - # custom_options: [] - health_check_plus: false - returns: - return301: - location: / - code: 301 - value: http://$host$request_uri - proxy_cache: - proxy_cache_path: - - path: /var/cache/nginx/proxy/backend - keys_zone: - name: backend_proxy_cache - size: 10m - levels: "1:2" - max_size: 10g - inactive: 60m - use_temp_path: true - proxy_temp_path: - path: /var/cache/nginx/proxy/temp - proxy_cache_valid: - - code: 200 - time: 10m - - code: 301 - time: 1m - proxy_cache_lock: true - proxy_cache_min_uses: 5 - proxy_cache_revalidate: true - proxy_cache_use_stale: - - error - - timeout - proxy_ignore_headers: - - Expires - upstreams: - upstream1: - name: backend - lb_method: least_conn - zone_name: backend_mem_zone - zone_size: 64k - sticky_cookie: false - servers: - server1: - address: localhost - port: 8081 - weight: 1 - health_check: max_fails=1 fail_timeout=10s - # custom_options: [] - # custom_options: [] - -# Enable NGINX 'stub_status' data. -# Will enable 'stub_status' in NGINX Open Source. -# Note - NGINX Plus 'status' has been deprecated since NGINX Plus R13. -# Use the Rest API parameter instead. -# Default is false. -nginx_status_enable: false -nginx_status_template_file: http/status.conf.j2 -nginx_status_file_location: /etc/nginx/conf.d/status.conf -nginx_status_log: false -nginx_status_port: 80 -nginx_status_allow: 127.0.0.1 -nginx_status_deny: all - -# Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard. -# Requires NGINX Plus. -# Default is false. -nginx_rest_api_enable: false -nginx_rest_api_template_file: http/api.conf.j2 -nginx_rest_api_file_location: /etc/nginx/conf.d/api.conf -nginx_rest_api_log: false -nginx_rest_api_port: 80 -nginx_rest_api_write: false -nginx_rest_api_dashboard: false -nginx_status_rest_api_allow: 127.0.0.1 -nginx_status_rest_api_deny: all -nginx_status_rest_api_dashboard_allow: 127.0.0.1 -nginx_status_rest_api_dashboard_deny: all - -# Enable creating dynamic templated NGINX stream configuration files. -# Defaults will not produce a valid configuration. Instead they are meant to showcase -# the options available for templating. Each key represents a new configuration file. -nginx_stream_template_enable: false -nginx_stream_template: - default: - template_file: stream/default.conf.j2 - conf_file_name: default.conf - conf_file_location: /etc/nginx/conf.d/stream/ - network_streams: - default: - listen: - listen_localhost: - ip: 0.0.0.0 # Wrap in square brackets for IPv6 addresses - port: 80 - ssl: false - opts: [] # Listen opts like udp which will be added (ssl is automatically added if you specify 'ssl:'). - ssl: - cert: /etc/ssl/certs/default.crt - key: /etc/ssl/private/default.key - dhparam: /etc/ssl/private/dh_param.pem - protocols: TLSv1 TLSv1.1 TLSv1.2 - ciphers: HIGH:!aNULL:!MD5 - prefer_server_ciphers: true - session_cache: none - session_timeout: 5m - disable_session_tickets: false - trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt - ecdh_curve: auto - include_files: [] - proxy_pass: backend - proxy_timeout: 3s - proxy_connect_timeout: 1s - proxy_protocol: false - proxy_ssl: - cert: /etc/ssl/certs/proxy_default.crt - key: /etc/ssl/private/proxy_default.key - trusted_cert: /etc/ssl/certs/proxy_ca.crt - protocols: TLSv1 TLSv1.1 TLSv1.2 - ciphers: HIGH:!aNULL:!MD5 - verify: false - verify_depth: 1 - session_reuse: true - health_check_plus: false - # custom_options: [] - upstreams: - upstream1: - name: backend - lb_method: least_conn - zone_name: backend - zone_size: 64k - sticky_cookie: false - servers: - server1: - address: localhost - port: 8080 - weight: 1 - health_check: max_fails=1 fail_timeout=10s - # custom_options: [] - # custom_options: [] diff --git a/defaults/main/upload.yml b/defaults/main/upload.yml deleted file mode 100644 index f19f332..0000000 --- a/defaults/main/upload.yml +++ /dev/null @@ -1,27 +0,0 @@ -## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) ---- -# Enable uploading NGINX configuration files to your system. -# Default for uploading files is false. -# Default location of files is the files folder within the NGINX Ansible role. -# Upload the main NGINX configuration file. -nginx_main_upload_enable: false -nginx_main_upload_src: conf/nginx.conf -nginx_main_upload_dest: /etc/nginx/ -# Upload HTTP NGINX configuration files. -nginx_http_upload_enable: false -nginx_http_upload_src: conf/http/*.conf -nginx_http_upload_dest: /etc/nginx/conf.d/ -# Upload Stream NGINX configuration files. -nginx_stream_upload_enable: false -nginx_stream_upload_src: conf/stream/*.conf -nginx_stream_upload_dest: /etc/nginx/conf.d/ -# Upload HTML files. -nginx_html_upload_enable: false -nginx_html_upload_src: www/* -nginx_html_upload_dest: /usr/share/nginx/html -# Upload SSL certificates and keys. -nginx_ssl_upload_enable: false -nginx_ssl_crt_upload_src: ssl/*.crt -nginx_ssl_crt_upload_dest: /etc/ssl/certs/ -nginx_ssl_key_upload_src: ssl/*.key -nginx_ssl_key_upload_dest: /etc/ssl/private/ diff --git a/files/conf/http/.gitkeep b/files/conf/http/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/files/conf/stream/.gitkeep b/files/conf/stream/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/files/ssl/.gitkeep b/files/ssl/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/files/www/.gitkeep b/files/www/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/molecule/common/Dockerfile.j2 b/molecule/common/Dockerfile.j2 index d5a90a7..a84fd9d 100644 --- a/molecule/common/Dockerfile.j2 +++ b/molecule/common/Dockerfile.j2 @@ -21,11 +21,11 @@ RUN \ && apt-get clean; \ elif [ $(command -v dnf) ]; then \ dnf makecache \ - && dnf --assumeyes install bash iproute /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \ + && dnf --assumeyes install bash iproute sudo /usr/bin/dnf-3 /usr/bin/python3 /usr/bin/python3-config vim \ && dnf clean all; \ elif [ $(command -v yum) ]; then \ yum makecache fast \ - && yum install -y bash iproute /usr/bin/python /usr/bin/python2-config sudo vim yum-plugin-ovl \ + && yum install -y bash iproute sudo /usr/bin/python /usr/bin/python2-config vim yum-plugin-ovl \ && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf \ && yum clean all; \ elif [ $(command -v zypper) ]; then \ diff --git a/molecule/common/files/http/default.conf b/molecule/common/files/http/default.conf deleted file mode 100755 index 4559b82..0000000 --- a/molecule/common/files/http/default.conf +++ /dev/null @@ -1,44 +0,0 @@ -server { - listen 80; - server_name localhost; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - - location / { - root /usr/share/nginx/html; - index index.html index.htm; - } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - # proxy the PHP scripts to Apache listening on 127.0.0.1:80 - # - #location ~ \.php$ { - # proxy_pass http://127.0.0.1; - #} - - # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 - # - #location ~ \.php$ { - # root html; - # fastcgi_pass 127.0.0.1:9000; - # fastcgi_index index.php; - # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; - # include fastcgi_params; - #} - - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} -} diff --git a/molecule/common/files/nginx.conf b/molecule/common/files/nginx.conf deleted file mode 100755 index ba09f41..0000000 --- a/molecule/common/files/nginx.conf +++ /dev/null @@ -1,31 +0,0 @@ -user nginx; -worker_processes 4; - -error_log /var/log/nginx/error.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - #gzip on; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/molecule/common/playbooks/module_converge.yml b/molecule/common/playbooks/module_converge.yml index 2accda5..9c68740 100644 --- a/molecule/common/playbooks/module_converge.yml +++ b/molecule/common/playbooks/module_converge.yml @@ -15,15 +15,6 @@ - 80 - 443 - nginx_configure: true - nginx_cleanup_config: true - nginx_cleanup_config_paths: - - directory: - - /etc/nginx/conf.d - recurse: false - nginx_cleanup_config_files: - - /etc/nginx/conf.d/default.conf - nginx_modules: - brotli - geoip diff --git a/molecule/common/playbooks/module_verify.yml b/molecule/common/playbooks/module_verify.yml index 7ddf299..8e590fb 100644 --- a/molecule/common/playbooks/module_verify.yml +++ b/molecule/common/playbooks/module_verify.yml @@ -18,9 +18,7 @@ register: service failed_when: (service is changed) or (service is failed) - - name: Check default.conf does not exist - stat: - path: /etc/nginx/conf.d/default.conf - check_mode: yes - register: stat_result - failed_when: stat_result.stat.exists + - name: Verify NGINX is up and running + uri: + url: http://localhost + status_code: 200 diff --git a/molecule/common/playbooks/stable_push_converge.yml b/molecule/common/playbooks/stable_push_converge.yml deleted file mode 100644 index 2004d17..0000000 --- a/molecule/common/playbooks/stable_push_converge.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: Converge - hosts: all - tasks: - - name: Push NGINX config - include_role: - name: ansible-role-nginx - vars: - nginx_debug_output: true - - nginx_branch: stable - nginx_main_upload_enable: true - nginx_main_upload_src: ../files/nginx.conf - nginx_http_upload_enable: true - nginx_http_upload_src: ../files/http/*.conf diff --git a/molecule/common/playbooks/stable_push_verify.yml b/molecule/common/playbooks/stable_push_verify.yml deleted file mode 100644 index 5b3a376..0000000 --- a/molecule/common/playbooks/stable_push_verify.yml +++ /dev/null @@ -1,40 +0,0 @@ ---- -- name: Verify - hosts: all - tasks: - - name: Check if NGINX is installed - package: - name: nginx - check_mode: yes - register: install - failed_when: (install is changed) or (install is failed) - - - name: Check if NGINX service is running - service: - name: nginx - state: started - enabled: yes - check_mode: yes - register: service - failed_when: (service is changed) or (service is failed) - - - name: Verify NGINX is up and running - uri: - url: http://localhost - status_code: 200 - - - name: Check default.conf exists - stat: - path: /etc/nginx/conf.d/default.conf - check_mode: yes - register: stat_result - failed_when: not stat_result.stat.exists - - - name: Ensure default.conf contains 'location /' - lineinfile: - path: /etc/nginx/conf.d/default.conf - line: " location / {" - state: present - check_mode: yes - register: conf - failed_when: (conf is changed) or (conf is failed) diff --git a/molecule/common/playbooks/template_converge.yml b/molecule/common/playbooks/template_converge.yml deleted file mode 100644 index 06763e9..0000000 --- a/molecule/common/playbooks/template_converge.yml +++ /dev/null @@ -1,387 +0,0 @@ ---- -- name: Converge - hosts: all - tasks: - - name: Configure NGINX - include_role: - name: ansible-role-nginx - vars: - nginx_debug_output: true - - nginx_configure: true - nginx_main_template_enable: true - nginx_main_template: - template_file: nginx.conf.j2 - conf_file_name: nginx.conf - conf_file_location: /etc/nginx/ - user: nginx - worker_processes: auto - pid: /var/run/nginx.pid - error_log: - location: /var/log/nginx/error.log - level: warn - worker_connections: 1024 - http_enable: true - http_settings: - default_type: application/octet-stream - access_log_format: - - name: main - format: | - '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"' - access_log_location: - - name: main - location: /var/log/nginx/access.log - keepalive_timeout: 65 - cache: false - rate_limit: false - keyval: false - server_tokens: "off" - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "on" - types: "text/html" - http_global_autoindex: false - custom_options: - - master_process on; - http_custom_options: - - aio off; - http_custom_includes: - - "/etc/nginx/sites-enabled/*.conf" - events_custom_options: - - accept_mutex off; - stream_enable: true - - nginx_status_enable: true - nginx_status_port: 8080 - nginx_status_log: true - - nginx_http_template_enable: true - nginx_http_template: - app: - template_file: http/default.conf.j2 - conf_file_name: default.conf - conf_file_location: /etc/nginx/conf.d/ - servers: - server1: - listen: - listen_localhost: - ip: 0.0.0.0 - port: 80 - opts: - - default_server - server_name: localhost - http_error_pages: - 404: /404.html - error_page: /usr/share/nginx/html - client_max_body_size: 512k - proxy_hide_headers: - - X-Powered-By - add_headers: - strict_transport_security: - name: Strict-Transport-Security - value: max-age=15768000; includeSubDomains - always: true - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "on" - types: "text/html" - # custom_options: [] - reverse_proxy: - locations: - frontend: - location: / - proxy_hide_headers: - - X-Powered-By - add_headers: - strict_transport_security: - name: Strict-Transport-Security - value: max-age=15768000; includeSubDomains - always: true - another_header: - name: Fancy-New-Header-To-Test - value: testing=true - always: false - proxy_pass: http://frontend_servers/ - proxy_cache: frontend_proxy_cache - proxy_cache_valid: - - code: 200 - time: 10m - - code: 301 - time: 1m - proxy_temp_path: - path: /var/cache/nginx/proxy/frontend/temp - proxy_cache_lock: false - proxy_cache_min_uses: 3 - proxy_cache_revalidate: false - proxy_cache_use_stale: - - http_403 - - http_404 - proxy_ignore_headers: - - Vary - - Cache-Control - proxy_redirect: false - proxy_set_header: - header_host: - name: Host - value: $host - header_x_real_ip: - name: X-Real-IP - value: $remote_addr - header_x_forwarded_for: - name: X-Forwarded-For - value: $proxy_add_x_forwarded_for - header_x_forwarded_proto: - name: X-Forwarded-Proto - value: $scheme - proxy_buffering: false - client_max_body_size: 5m - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "on" - types: "text/html" - backend: - location: /backend - proxy_pass: http://backend_servers/ - proxy_cache: backend_proxy_cache - proxy_cache_valid: - - time: 10m - proxy_temp_path: - path: /var/cache/nginx/proxy/backend/temp - proxy_cache_lock: true - proxy_cache_min_uses: 2 - proxy_cache_revalidate: true - proxy_cache_use_stale: - - http_500 - - http_502 - - http_503 - proxy_redirect: default - proxy_set_header: - header_host: - name: Host - value: $host - header_x_real_ip: - name: X-Real-IP - value: $remote_addr - header_x_forwarded_for: - name: X-Forwarded-For - value: $proxy_add_x_forwarded_for - header_x_forwarded_proto: - name: X-Forwarded-Proto - value: $scheme - proxy_cookie_path: - path: /web/ - replacement: / - returns: - return301: - location: ^~ /old-path - code: 301 - value: http://$host/new-path - proxy_cache: - proxy_cache_path: - - path: /var/cache/nginx/proxy/frontend - keys_zone: - name: frontend_proxy_cache - size: 5m - levels: "1:2" - max_size: 5g - inactive: 30m - use_temp_path: true - - path: /var/cache/nginx/proxy/backend - keys_zone: - name: backend_proxy_cache - size: 10m - levels: "1:2" - max_size: 10g - inactive: 60m - use_temp_path: true - proxy_temp_path: - path: /var/cache/nginx/proxy/temp - proxy_cache_lock: true - proxy_cache_min_uses: 5 - proxy_cache_revalidate: true - proxy_cache_use_stale: - - error - - timeout - proxy_ignore_headers: - - Expires - upstreams: - frontend_upstream: - name: frontend_servers - lb_method: least_conn - zone_name: frontend_mem_zone - zone_size: 64k - sticky_cookie: false - servers: - frontend_server_1: - address: 0.0.0.0 - port: 8081 - weight: 1 - health_check: max_fails=3 fail_timeout=5s - backend_upstream: - name: backend_servers - lb_method: least_conn - zone_name: backend_mem_zone - zone_size: 64k - sticky_cookie: false - servers: - backend_server_1: - address: 0.0.0.0 - port: 8082 - weight: 1 - health_check: max_fails=3 fail_timeout=5s - backend_server_2: - address: unix:/var/run/control.unit.sock - weight: 1 - health_check: max_fails=3 fail_timeout=5s - backend_server_3: - address: 0.0.0.0 - port: 8083 - down: true - frontend: - template_file: http/default.conf.j2 - conf_file_name: frontend_default.conf - conf_file_location: /etc/nginx/conf.d/ - servers: - server1: - listen: - listen_localhost: - port: 8081 - opts: [] - server_name: localhost - error_page: /usr/share/nginx/html - autoindex: false - sub_filter: - sub_filters: - - "'server_hostname' '$hostname'" - - "'server_address' '$server_addr:$server_port'" - - "'server_url' '$request_uri'" - - "'remote_addr' '$remote_addr:$remote_port'" - - "'server_date' '$time_local'" - - "'client_browser' '$http_user_agent'" - - "'request_id' '$request_id'" - - "'nginx_version' '$nginx_version'" - - "'document_root' '$document_root'" - - "'proxied_for_ip' '$http_x_forwarded_for'" - last_modified: "off" - once: "off" - types: "text/html" - web_server: - locations: - frontend_site: - location: / - proxy_hide_headers: - - X-Powered-By - html_file_location: /usr/share/nginx/html - html_file_name: frontend_index.html - autoindex: false - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "off" - types: "text/html" - http_demo_conf: false - backend: - template_file: http/default.conf.j2 - conf_file_name: backend_default.conf - conf_file_location: /etc/nginx/conf.d/ - servers: - server1: - listen: - listen_localhost: - port: 8082 - opts: [] - server_name: localhost - error_page: /usr/share/nginx/html - autoindex: false - sub_filter: - sub_filters: - - "'server_hostname' '$hostname'" - - "'server_address' '$server_addr:$server_port'" - - "'server_url' '$request_uri'" - - "'remote_addr' '$remote_addr:$remote_port'" - - "'server_date' '$time_local'" - - "'client_browser' '$http_user_agent'" - - "'request_id' '$request_id'" - - "'nginx_version' '$nginx_version'" - - "'document_root' '$document_root'" - - "'proxied_for_ip' '$http_x_forwarded_for'" - last_modified: "off" - once: "off" - types: "text/html" - web_server: - locations: - backend_site: - location: / - html_file_location: /usr/share/nginx/html - html_file_name: backend_index.html - autoindex: false - php: - location: ~ \.php$ - html_file_location: /usr/share/nginx/html - autoindex: false - custom_options: - - fastcgi_split_path_info ^(.+\.php)(/.+)$; - - fastcgi_pass unix:/run/php/php7.2-fpm.sock; - - fastcgi_index index.php; - - include fastcgi_params; - - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - sub_filter: - # sub_filters: [] - last_modified: "off" - once: "off" - types: "text/html" - http_demo_conf: false - nginx_html_demo_template_enable: true - nginx_html_demo_template: - frontend: - template_file: www/index.html.j2 - html_file_name: frontend_index.html - html_file_location: /usr/share/nginx/html - web_server_name: Frontend - backend: - template_file: www/index.html.j2 - html_file_name: backend_index.html - html_file_location: /usr/share/nginx/html - web_server_name: Backend - - nginx_stream_template_enable: true - nginx_stream_template: - default: - template_file: stream/default.conf.j2 - conf_file_name: default.conf - conf_file_location: /etc/nginx/conf.d/stream - network_streams: - app: - listen: - listen_localhost: - ip: 0.0.0.0 - port: 80 - opts: - - udp - proxy_pass: backend - proxy_timeout: 3s - proxy_connect_timeout: 1s - proxy_protocol: false - health_check_plus: false - upstreams: - backend_upstream: - name: backend - lb_method: least_conn - zone_name: backend - zone_size: 64k - sticky_cookie: false - servers: - backend_server_1: - address: 0.0.0.0 - port: 8091 - weight: 1 - health_check: max_fails=1 fail_timeout=10s - backend_server_2: - address: 0.0.0.0 - port: 8092 - down: true diff --git a/molecule/common/playbooks/template_verify.yml b/molecule/common/playbooks/template_verify.yml deleted file mode 100644 index 9ec1020..0000000 --- a/molecule/common/playbooks/template_verify.yml +++ /dev/null @@ -1,72 +0,0 @@ ---- -- name: Verify - hosts: all - tasks: - - name: Check if NGINX is installed - package: - name: nginx - check_mode: yes - register: install - failed_when: (install is changed) or (install is failed) - - - name: Check if NGINX service is running - service: - name: nginx - state: started - enabled: yes - check_mode: yes - register: service - failed_when: (service is changed) or (service is failed) - - - name: Verify NGINX is up and running - uri: - url: http://localhost - status_code: 200 - - - name: Check default.conf exists - stat: - path: /etc/nginx/conf.d/default.conf - check_mode: yes - register: stat_result - failed_when: not stat_result.stat.exists - - - name: Check frontend_default.conf exists - stat: - path: /etc/nginx/conf.d/frontend_default.conf - check_mode: yes - register: stat_result - failed_when: not stat_result.stat.exists - - - name: Check backend_default.conf exists - stat: - path: /etc/nginx/conf.d/backend_default.conf - check_mode: yes - register: stat_result - failed_when: not stat_result.stat.exists - - - name: Ensure default.conf contains 'location /' - lineinfile: - path: /etc/nginx/conf.d/default.conf - line: " location / {" - state: present - check_mode: yes - register: conf - failed_when: (conf is changed) or (conf is failed) - - - name: Ensure default.conf contains 'location /backend' - lineinfile: - path: /etc/nginx/conf.d/default.conf - line: " location /backend {" - state: present - check_mode: yes - register: conf - failed_when: (conf is changed) or (conf is failed) - - - name: Ensure default.conf contains 'client_max_body_size 512k;' - lineinfile: - path: /etc/nginx/conf.d/default.conf - line: " client_max_body_size 512k;" - state: present - check_mode: yes - register: conf - failed_when: (conf is changed) or (conf is failed) diff --git a/molecule/stable_push/molecule.yml b/molecule/stable_push/molecule.yml deleted file mode 100644 index 92a0209..0000000 --- a/molecule/stable_push/molecule.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint --force-color -platforms: - - name: debian-stretch - image: debian:stretch-slim - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: debian-buster - image: debian:buster-slim - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: ubuntu-xenial - image: ubuntu:xenial - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: ubuntu-bionic - image: ubuntu:bionic - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: ubuntu-focal - image: ubuntu:focal - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" -provisioner: - name: ansible - playbooks: - converge: ../common/playbooks/stable_push_converge.yml - verify: ../common/playbooks/stable_push_verify.yml diff --git a/molecule/stable_push_alpine/molecule.yml b/molecule/stable_push_alpine/molecule.yml deleted file mode 100644 index a11a9d6..0000000 --- a/molecule/stable_push_alpine/molecule.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint --force-color -platforms: - - name: alpine-3.10 - image: alpine:3.10 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: alpine-3.11 - image: alpine:3.11 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: alpine-3.12 - image: alpine:3.12 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" -provisioner: - name: ansible - playbooks: - converge: ../common/playbooks/stable_push_converge.yml - verify: ../common/playbooks/stable_push_verify.yml diff --git a/molecule/stable_push_centos/molecule.yml b/molecule/stable_push_centos/molecule.yml deleted file mode 100644 index 1786d0d..0000000 --- a/molecule/stable_push_centos/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint --force-color -platforms: - - name: centos-7 - image: centos:7 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/usr/sbin/init" - - name: centos-8 - image: centos:8 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/usr/sbin/init" -provisioner: - name: ansible - playbooks: - converge: ../common/playbooks/stable_push_converge.yml - verify: ../common/playbooks/stable_push_verify.yml diff --git a/molecule/template/molecule.yml b/molecule/template/molecule.yml deleted file mode 100644 index f73a7c7..0000000 --- a/molecule/template/molecule.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint --force-color -platforms: - - name: debian-stretch - image: debian:stretch-slim - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: debian-buster - image: debian:buster-slim - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: ubuntu-xenial - image: ubuntu:xenial - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: ubuntu-bionic - image: ubuntu:bionic - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: ubuntu-focal - image: ubuntu:focal - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" -provisioner: - name: ansible - playbooks: - converge: ../common/playbooks/template_converge.yml - verify: ../common/playbooks/template_verify.yml diff --git a/molecule/template_alpine/molecule.yml b/molecule/template_alpine/molecule.yml deleted file mode 100644 index cce0a2f..0000000 --- a/molecule/template_alpine/molecule.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint --force-color -platforms: - - name: alpine-3.10 - image: alpine:3.10 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: alpine-3.11 - image: alpine:3.11 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" - - name: alpine-3.12 - image: alpine:3.12 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/sbin/init" -provisioner: - name: ansible - playbooks: - converge: ../common/playbooks/template_converge.yml - verify: ../common/playbooks/template_verify.yml diff --git a/molecule/template_centos/molecule.yml b/molecule/template_centos/molecule.yml deleted file mode 100644 index 8fcb42e..0000000 --- a/molecule/template_centos/molecule.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -driver: - name: docker -lint: | - set -e - yamllint . - ansible-lint --force-color -platforms: - - name: centos-7 - image: centos:7 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/usr/sbin/init" - - name: centos-8 - image: centos:8 - dockerfile: ../common/Dockerfile.j2 - privileged: true - volumes: - - "/sys/fs/cgroup:/sys/fs/cgroup:rw" - command: "/usr/sbin/init" -provisioner: - name: ansible - playbooks: - converge: ../common/playbooks/template_converge.yml - verify: ../common/playbooks/template_verify.yml diff --git a/tasks/config/cleanup-config.yml b/tasks/config/cleanup-config.yml deleted file mode 100644 index 6bbd169..0000000 --- a/tasks/config/cleanup-config.yml +++ /dev/null @@ -1,21 +0,0 @@ -## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) ---- -- name: Deprecation warning - debug: - msg: DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) - -- name: (DEPRECATED) Find NGINX Configuration Files - find: - paths: "{{ item.directory }}" - patterns: "*.conf" - recurse: "{{ item.recurse | default(false) }}" - loop: "{{ nginx_cleanup_config_paths }}" - when: nginx_cleanup_config_paths is defined - register: nginx_config_files - -- name: (DEPRECATED) Remove NGINX Configuration Files - file: - path: "{{ item }}" - state: absent - loop: "{{ nginx_config_files.results | default('') | map(attribute='files') | sum(start=[]) | map(attribute='path') | list - + nginx_cleanup_config_files | default('') }}" diff --git a/tasks/config/template-config.yml b/tasks/config/template-config.yml deleted file mode 100644 index 92f9cab..0000000 --- a/tasks/config/template-config.yml +++ /dev/null @@ -1,104 +0,0 @@ -## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) ---- -- name: Deprecation warning - debug: - msg: DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) - -- name: (DEPRECATED) Ensure HTML Directory Exists - file: - path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}" - state: directory - mode: 0755 - with_dict: "{{ nginx_html_demo_template }}" - when: nginx_html_demo_template_enable | bool - -- name: (DEPRECATED) Dynamically Generate HTML Files - template: - src: "{{ item.value.template_file | default('www/index.html.j2') }}" - dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}" - backup: yes - mode: 0644 - with_dict: "{{ nginx_html_demo_template }}" - when: nginx_html_demo_template_enable | bool - -- name: (DEPRECATED) Ensure NGINX Main Directory Exists - file: - path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}" - state: directory - mode: 0755 - when: nginx_main_template_enable | bool - -- name: (DEPRECATED) Dynamically Generate NGINX Main Configuration File - template: - src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}" - dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}" - backup: yes - mode: 0644 - when: nginx_main_template_enable | bool - notify: "(Handler) Run NGINX" - -- name: (DEPRECATED) Ensure NGINX HTTP Directory Exists - file: - path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}" - state: directory - mode: 0755 - with_dict: "{{ nginx_http_template }}" - when: nginx_http_template_enable | bool - -- name: (DEPRECATED) Ensure NGINX Proxy Cache Directories Exist - file: - path: "{{ item.1.path }}" - state: directory - owner: "{{ nginx_main_template.user | default('nginx') }}" - mode: 0755 - with_subelements: - - "{{ nginx_http_template }}" - - proxy_cache.proxy_cache_path - - skip_missing: yes - when: nginx_http_template_enable | bool - -- name: (DEPRECATED) Dynamically Generate NGINX HTTP Configuration Files - template: - src: "{{ item.value.template_file | default('http/default.conf.j2') }}" - dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}" - backup: yes - mode: 0644 - with_dict: "{{ nginx_http_template }}" - when: nginx_http_template_enable | bool - notify: (Handler) Run NGINX - -- name: (DEPRECATED) Dynamically Generate NGINX Stub Status Configuration File - template: - src: "{{ nginx_status_template_file | default('http/status.conf.j2') }}" - dest: "{{ nginx_status_file_location | default('/etc/nginx/conf.d/status.conf') }}" - backup: yes - mode: 0644 - when: nginx_status_enable | bool - notify: (Handler) Run NGINX - -- name: (DEPRECATED) Dynamically Generate NGINX API Configuration File - template: - src: "{{ nginx_rest_api_template_file | default('http/api.conf.j2') }}" - dest: "{{ nginx_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}" - backup: yes - mode: 0644 - when: nginx_rest_api_enable | bool - notify: (Handler) Run NGINX - -- name: (DEPRECATED) Ensure NGINX Stream Directory Exists - file: - path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}" - state: directory - mode: 0755 - with_dict: "{{ nginx_stream_template }}" - when: nginx_stream_template_enable | bool - -- name: (DEPRECATED) Dynamically Generate NGINX Stream Configuration Files - template: - src: "{{ item.value.template_file | default('stream/default.conf.j2') }}" - dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}" - backup: yes - mode: 0644 - with_dict: "{{ nginx_stream_template }}" - when: nginx_stream_template_enable | bool - notify: (Handler) Run NGINX diff --git a/tasks/config/upload-config.yml b/tasks/config/upload-config.yml deleted file mode 100644 index 3f30966..0000000 --- a/tasks/config/upload-config.yml +++ /dev/null @@ -1,107 +0,0 @@ -## DEPRECATED -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) ---- -- name: Deprecation warning - debug: - msg: DEPRECATED TASKS -- Use nginxinc.nginx_config role instead (https://github.com/nginxinc/ansible-role-nginx-config) - -- name: (DEPRECATED) Ensure NGINX HTML Directory Exists - file: - path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}" - state: directory - mode: 0755 - when: nginx_html_upload_enable | bool - -- name: (DEPRECATED) Upload NGINX HTML Files - copy: - src: "{{ item }}" - dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}" - backup: yes - mode: 0644 - with_fileglob: "{{ nginx_html_upload_src }}" - when: nginx_html_upload_enable | bool - notify: (Handler) Run NGINX - -- name: (DEPRECATED) Ensure NGINX Main Directory Exists - file: - path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}" - state: directory - mode: 0755 - when: nginx_main_upload_enable | bool - -- name: (DEPRECATED) Upload NGINX Main Configuration File - copy: - src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}" - dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}" - backup: yes - mode: 0644 - when: nginx_main_upload_enable | bool - notify: "(Handler) Run NGINX" - -- name: "(DEPRECATED) Ensure NGINX HTTP Directory Exists" - file: - path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}" - state: directory - mode: 0755 - when: nginx_http_upload_enable | bool - -- name: (DEPRECATED) Upload NGINX HTTP Configuration Files - copy: - src: "{{ item }}" - dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}" - backup: yes - mode: 0644 - with_fileglob: "{{ nginx_http_upload_src }}" - when: nginx_http_upload_enable | bool - notify: (Handler) Run NGINX - -- name: (DEPRECATED) Ensure NGINX Stream Directory Exists - file: - path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}" - state: directory - mode: 0755 - when: nginx_stream_upload_enable | bool - -- name: (DEPRECATED) Upload NGINX Stream Configuration Files - copy: - src: "{{ item }}" - dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}" - backup: yes - mode: 0644 - with_fileglob: "{{ nginx_stream_upload_src }}" - when: nginx_stream_upload_enable | bool - notify: (Handler) Run NGINX - -- name: (DEPRECATED) Ensure SSL Certificate Directory Exists - file: - path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}" - state: directory - mode: 0755 - when: nginx_ssl_upload_enable | bool - -- name: (DEPRECATED) Ensure SSL Key Directory Exists - file: - path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}" - state: directory - mode: 0755 - when: nginx_ssl_upload_enable | bool - -- name: (DEPRECATED) Upload NGINX SSL Certificates - copy: - src: "{{ item }}" - dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}" - decrypt: yes - backup: yes - mode: 0640 - with_fileglob: "{{ nginx_ssl_crt_upload_src }}" - when: nginx_ssl_upload_enable | bool - -- name: (DEPRECATED) Upload NGINX SSL Keys - copy: - src: "{{ item }}" - dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}" - decrypt: yes - backup: yes - mode: 0640 - with_fileglob: "{{ nginx_ssl_key_upload_src }}" - no_log: yes - when: nginx_ssl_upload_enable | bool diff --git a/tasks/main.yml b/tasks/main.yml index c5760da..59a2865 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -65,31 +65,6 @@ when: nginx_install | bool tags: nginx_install - - name: (DEPRECATED) Configure NGINX - block: - - name: (DEPRECATED) Cleanup NGINX Config - include_tasks: "{{ role_path }}/tasks/config/cleanup-config.yml" - when: nginx_cleanup_config | bool - tags: nginx_cleanup_config - - - name: (DEPRECATED) Upload NGINX Config - include_tasks: "{{ role_path }}/tasks/config/upload-config.yml" - when: nginx_main_upload_enable | bool - or nginx_http_upload_enable | bool - or nginx_stream_upload_enable | bool - or nginx_html_upload_enable | bool - or nginx_ssl_upload_enable | bool - tags: nginx_upload_config - - - name: (DEPRECATED) Create NGINX Config - include_tasks: "{{ role_path }}/tasks/config/template-config.yml" - when: nginx_main_template_enable | bool - or nginx_http_template_enable | bool - or nginx_stream_template_enable | bool - or nginx_rest_api_enable | bool - tags: nginx_template_config - when: nginx_configure | bool - - name: Ensure NGINX is running meta: flush_handlers diff --git a/templates/http/api.conf.j2 b/templates/http/api.conf.j2 deleted file mode 100644 index 07a805a..0000000 --- a/templates/http/api.conf.j2 +++ /dev/null @@ -1,31 +0,0 @@ -{# DEPRECATED #} -{{ ansible_managed | comment }} - -server { - listen {{ nginx_rest_api_port | default('80') }}; - access_log {{ nginx_rest_api_log | ternary('on', 'off') }}; - location /api { -{% if nginx_rest_api_write %} - api write=on; -{% else %} - api; -{% endif %} -{% if nginx_status_rest_api_allow is defined %} - allow {{ nginx_status_rest_api_allow }}; -{% endif %} -{% if nginx_status_rest_api_deny is defined %} - deny {{ nginx_status_rest_api_deny }}; -{% endif %} - } -{% if nginx_rest_api_dashboard %} - location = /dashboard.html { - root /usr/share/nginx/html; -{% if nginx_status_rest_api_dashboard_allow is defined %} - allow {{ nginx_status_rest_api_dashboard_allow }}; -{% endif %} -{% if nginx_status_rest_api_dashboard_deny is defined %} - deny {{ nginx_status_rest_api_dashboard_deny }}; -{% endif %} - } -{% endif %} -} diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2 deleted file mode 100644 index 03c2356..0000000 --- a/templates/http/default.conf.j2 +++ /dev/null @@ -1,505 +0,0 @@ -{# DEPRECATED #} -{{ ansible_managed | comment }} - -{% if item.value.upstreams is defined and item.value.upstreams %} -{% for upstream in item.value.upstreams %} -upstream {{ item.value.upstreams[upstream].name }} { -{% if item.value.upstreams[upstream].lb_method is defined and item.value.upstreams[upstream].lb_method | length %} - {{ item.value.upstreams[upstream].lb_method }}; -{% endif %} -{% if item.value.upstreams[upstream].zone_name is defined and item.value.upstreams[upstream].zone_name %} - zone {{ item.value.upstreams[upstream].zone_name }} {{ item.value.upstreams[upstream].zone_size }}; -{% endif %} -{% for server in item.value.upstreams[upstream].servers %} - server {{ item.value.upstreams[upstream].servers[server].address }}{{(":" + item.value.upstreams[upstream].servers[server].port | string) if item.value.upstreams[upstream].servers[server].port is defined}} {% if item.value.upstreams[upstream].servers[server].down is defined and item.value.upstreams[upstream].servers[server].down %}down{% else %}weight={{ item.value.upstreams[upstream].servers[server].weight | default("1") }} {{ item.value.upstreams[upstream].servers[server].health_check | default("") }}{% endif %}; -{% endfor %} -{% if item.value.upstreams[upstream].sticky_cookie %} - sticky cookie srv_id expires=1h path=/; -{% endif %} -{% if item.value.upstreams[upstream].custom_options is defined and item.value.upstreams[upstream].custom_options | length %} -{% for inline_option in item.value.upstreams[upstream].custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} -} -{% endfor %} -{% endif %} - -{% if item.value.proxy_cache is defined and item.value.proxy_cache %} -{% if item.value.proxy_cache.proxy_cache_path is defined and item.value.proxy_cache.proxy_cache_path %} -{% for proxy_cache_path in item.value.proxy_cache.proxy_cache_path %} -proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }} - levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }} - inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }}; -{% endfor %} -{% if item.value.proxy_cache.proxy_cache_background_update is defined and item.value.proxy_cache.proxy_cache_background_update%} -proxy_cache_background_update {{ item.value.proxy_cache.proxy_cache_background_update | ternary("on", "off") }}; -{% endif %} -{% if item.value.proxy_cache.proxy_cache_lock is defined and item.value.proxy_cache.proxy_cache_lock %} -proxy_cache_lock {{ item.value.proxy_cache.proxy_cache_lock | ternary("on", "off") }}; -{% endif %} -{% if item.value.proxy_cache.proxy_cache_min_uses is defined and item.value.proxy_cache.proxy_cache_min_uses %} -proxy_cache_min_uses {{ item.value.proxy_cache.proxy_cache_min_uses }}; -{% endif %} -{% if item.value.proxy_cache.proxy_cache_revalidate is defined and item.value.proxy_cache.proxy_cache_revalidate %} -proxy_cache_revalidate {{ item.value.proxy_cache.proxy_cache_revalidate | ternary("on", "off") }}; -{% endif %} -{% if item.value.proxy_cache.proxy_cache_use_stale is defined and item.value.proxy_cache.proxy_cache_use_stale %} -proxy_cache_use_stale {{ item.value.proxy_cache.proxy_cache_use_stale | join(" ") }}; -{% endif %} -{% if item.value.proxy_cache.proxy_ignore_headers is defined and item.value.proxy_cache.proxy_ignore_headers %} -proxy_ignore_headers {{ item.value.proxy_cache.proxy_ignore_headers | join(" ") }}; -{% endif %} -{% if item.value.proxy_cache.proxy_temp_path is defined and item.value.proxy_cache.proxy_temp_path.path %} -proxy_temp_path {{ item.value.proxy_cache.proxy_temp_path.path }} {{ item.value.proxy_cache.proxy_temp_path.level_1 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_2 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_3 | default("") }}; -{% endif %} -{% if item.value.proxy_cache.proxy_cache_valid is defined %} -{% for proxy_cache_valid in item.value.proxy_cache.proxy_cache_valid %} -{% if proxy_cache_valid.code is defined %} -proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }}; -{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %} -proxy_cache_valid {{ proxy_cache_valid.time }}; -{% endif %} -{% endfor %} -{% endif %} -{% endif %} -{% endif %} -{% if item.value.auth_request_http is defined %} -auth_request {{ item.value.auth_request_http }}; -{% endif %} -{% if item.value.auth_request_set_http is defined %} -auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }}; -{% endif %} - -{% if item.value.custom_options is defined and item.value.custom_options | length %} -{% for inline_option in item.value.custom_options %} -{{ inline_option }} -{% endfor %} -{% endif %} - -{% if item.value.servers is defined %} -{% for server in item.value.servers %} -server { -{% for listen in item.value.servers[server].listen %} - listen {% if item.value.servers[server].listen[listen].ip is defined and item.value.servers[server].listen[listen].ip | length %}{{ item.value.servers[server].listen[listen].ip }}:{% endif %}{{ item.value.servers[server].listen[listen].port }}{% if item.value.servers[server].listen[listen].ssl is defined and item.value.servers[server].listen[listen].ssl %} ssl{% endif %}{% if item.value.servers[server].listen[listen].opts is defined and item.value.servers[server].listen[listen].opts | length %} {{ item.value.servers[server].listen[listen].opts | join(" ") }}{% endif %}; -{% endfor %} - server_name {{ item.value.servers[server].server_name | default('localhost') }}; -{% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %} - ssl_certificate {{ item.value.servers[server].ssl.cert }}; - ssl_certificate_key {{ item.value.servers[server].ssl.key }}; -{% if item.value.servers[server].ssl.trusted_cert is defined %} - ssl_trusted_certificate {{ item.value.servers[server].ssl.trusted_cert }}; -{% endif %} -{% if item.value.servers[server].ssl.dhparam is defined %} - ssl_dhparam {{ item.value.servers[server].ssl.dhparam }}; -{% endif %} -{% if item.value.servers[server].ssl.protocols is defined and item.value.servers[server].ssl.protocols %} - ssl_protocols {{ item.value.servers[server].ssl.protocols }}; -{% endif %} -{% if item.value.servers[server].ssl.ciphers is defined and item.value.servers[server].ssl.ciphers %} - ssl_ciphers {{ item.value.servers[server].ssl.ciphers }}; -{% endif %} -{% if item.value.servers[server].ssl.prefer_server_ciphers is defined and item.value.servers[server].ssl.prefer_server_ciphers %} - ssl_prefer_server_ciphers on; -{% endif %} -{% if item.value.servers[server].ssl.session_cache is defined and item.value.servers[server].ssl.session_cache %} - ssl_session_cache {{ item.value.servers[server].ssl.session_cache }}; -{% endif %} -{% if item.value.servers[server].ssl.session_timeout is defined and item.value.servers[server].ssl.session_timeout %} - ssl_session_timeout {{ item.value.servers[server].ssl.session_timeout }}; -{% endif %} -{% if item.value.servers[server].ssl.disable_session_tickets is defined and item.value.servers[server].ssl.disable_session_tickets %} - ssl_session_tickets off; -{% endif %} -{% if item.value.servers[server].ssl.stapling is defined and item.value.servers[server].ssl.stapling %} - ssl_stapling on; -{% endif %} -{% if item.value.servers[server].ssl.stapling_verify is defined and item.value.servers[server].ssl.stapling_verify %} - ssl_stapling_verify on; -{% endif %} -{% if item.value.servers[server].ssl.ecdh_curve is defined and item.value.servers[server].ssl.ecdh_curve %} - ssl_ecdh_curve {{ item.value.servers[server].ssl.ecdh_curve }}; -{% endif %} -{% if item.value.servers[server].ssl.buffer_size is defined and item.value.servers[server].ssl.buffer_size %} - ssl_buffer_size {{ item.value.servers[server].ssl.buffer_size }}; -{% endif %} -{% endif %} -{% if item.value.servers[server].include_files is defined and item.value.servers[server].include_files | length %} -{% for file in item.value.servers[server].include_files %} - include "{{ file }}"; -{% endfor %} -{% endif %} -{% if item.value.servers[server].proxy_hide_headers is defined %} -{% for header in item.value.servers[server].proxy_hide_headers %} - proxy_hide_header {{ header }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].add_headers is defined %} -{% for header in item.value.servers[server].add_headers %} - add_header {{ item.value.servers[server].add_headers[header].name }} "{{ item.value.servers[server].add_headers[header].value }}"{% if item.value.servers[server].add_headers[header].always is defined and item.value.servers[server].add_headers[header].always %} always{% endif %}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].auth_basic is defined and item.value.servers[server].auth_basic %} - auth_basic "{{ item.value.servers[server].auth_basic }}"; -{% endif %} -{% if item.value.servers[server].auth_basic_user_file is defined and item.value.servers[server].auth_basic_user_file %} - auth_basic_user_file {{ item.value.servers[server].auth_basic_user_file }}; -{% endif %} -{% if item.value.servers[server].root is defined and item.value.servers[server].root %} - root {{ item.value.servers[server].root }}; -{% endif %} -{% if item.value.servers[server].https_redirect is defined and item.value.servers[server].https_redirect %} - return 301 https://{{ item.value.servers[server].https_redirect }}$request_uri; -{% endif %} -{% if item.value.servers[server].autoindex is defined and item.value.servers[server].autoindex %} - autoindex on; -{% endif %} -{% if item.value.servers[server].try_files is defined %} - try_files {{ item.value.servers[server].try_files }}; -{% endif %} -{% if item.value.servers[server].auth_request is defined %} - auth_request {{ item.value.servers[server].auth_request }}; -{% endif %} -{% if item.value.servers[server].auth_request_set is defined %} - auth_request_set {{ item.value.servers[server].auth_request_set.name }} {{ item.value.servers[server].auth_request_set.value }}; -{% endif %} -{% if item.value.servers[server].client_max_body_size is defined and item.value.servers[server].client_max_body_size %} - client_max_body_size {{ item.value.servers[server].client_max_body_size }}; -{% endif %} -{% if item.value.servers[server].sub_filter.sub_filters is defined and item.value.servers[server].sub_filter.sub_filters | length %} -{% for sub_filter in item.value.servers[server].sub_filter.sub_filters %} - sub_filter {{ sub_filter }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].sub_filter.last_modified is defined %} - sub_filter_last_modified {{ item.value.servers[server].sub_filter.last_modified | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].sub_filter.once is defined %} - sub_filter_once {{ item.value.servers[server].sub_filter.once | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].sub_filter.types is defined and item.value.servers[server].sub_filter.types %} - sub_filter_types {{ item.value.servers[server].sub_filter.types }}; -{% endif %} -{% if item.value.servers[server].custom_options is defined and item.value.servers[server].custom_options | length %} -{% for inline_option in item.value.servers[server].custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} - -{% if item.value.servers[server].reverse_proxy is defined and item.value.servers[server].reverse_proxy %} -{% for location in item.value.servers[server].reverse_proxy.locations %} - location {{ item.value.servers[server].reverse_proxy.locations[location].location }} { -{% if item.value.servers[server].reverse_proxy.locations[location].internal is sameas true %} - internal; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].include_files is defined and item.value.servers[server].reverse_proxy.locations[location].include_files | length %} -{% for file in item.value.servers[server].reverse_proxy.locations[location].include_files %} - include "{{ file }}"; -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers is defined %} -{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers %} - proxy_hide_header {{ header }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].add_headers is defined %} -{% for header in item.value.servers[server].reverse_proxy.locations[location].add_headers %} - add_header {{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always is defined and item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always %} always{% endif %}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].auth_request is defined %} - auth_request {{ item.value.servers[server].reverse_proxy.locations[location].auth_request }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].auth_request_set is defined %} - auth_request_set {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.value }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic %} - auth_basic "{{ item.value.servers[server].reverse_proxy.locations[location].auth_basic }}"; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file %} - auth_basic_user_file {{ item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].returns is defined %} -{% for code in item.value.servers[server].reverse_proxy.locations[location].returns %} -{% if item.value.servers[server].reverse_proxy.locations[location].returns[code] is defined %} - return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].code }} {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }}; -{% else %} - return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }}; -{% endif %} -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout %} - proxy_connect_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout }}; -{% endif %} - proxy_pass {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass }}; -{% if item.value.servers[server].reverse_proxy.locations[location].rewrites is defined %} -{% for rewrite in item.value.servers[server].reverse_proxy.locations[location].rewrites %} - rewrite {{ rewrite }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout %} - proxy_read_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout %} - proxy_send_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body is defined %} - proxy_pass_request_body {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store is defined %} - proxy_store {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store_access is defined %} - proxy_store_access {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store_access }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].allows is defined %} -{% for allow in item.value.servers[server].reverse_proxy.locations[location].allows %} - allow {{ allow }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].denies is defined %} -{% for deny in item.value.servers[server].reverse_proxy.locations[location].denies %} - deny {{ deny }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_set_header is defined %} -{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_set_header %} - proxy_set_header {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].value }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_http_version is defined %} - proxy_http_version {{ item.value.servers[server].reverse_proxy.locations[location].proxy_http_version }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].websocket is defined and item.value.servers[server].reverse_proxy.locations[location].websocket %} - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].try_files is defined %} - try_files {{ item.value.servers[server].reverse_proxy.locations[location].try_files }}; -{% endif %} - -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_ssl %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert is defined %} - proxy_ssl_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key is defined %} - proxy_ssl_certificate_key {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %} - proxy_ssl_trusted_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name is defined %} - proxy_ssl_server_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name is defined %} - proxy_ssl_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols is defined %} - proxy_ssl_protocols {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers is defined %} - proxy_ssl_ciphers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify is defined %} - proxy_ssl_verify {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %} - proxy_ssl_verify_depth {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %} - proxy_ssl_session_reuse {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }}; -{% endif %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_redirect is defined %} - proxy_redirect {{ item.value.servers[server].reverse_proxy.locations[location].proxy_redirect | ternary(item.value.servers[server].reverse_proxy.locations[location].proxy_redirect, "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache is defined %} - proxy_cache {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid is defined %} -{% for proxy_cache_valid in item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid %} -{% if proxy_cache_valid.code is defined %} - proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }}; -{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %} - proxy_cache_valid {{ proxy_cache_valid.time }}; -{% endif %} -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update is defined %} - proxy_cache_background_update {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock is defined %} - proxy_cache_lock {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses is defined %} - proxy_cache_min_uses {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate is defined %} - proxy_cache_revalidate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale is defined %} - proxy_cache_use_stale {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path is defined %} - proxy_temp_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers is defined %} - proxy_ignore_headers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].client_max_body_size is defined and item.value.servers[server].reverse_proxy.locations[location].client_max_body_size %} - client_max_body_size {{ item.value.servers[server].reverse_proxy.locations[location].client_max_body_size }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path is defined %} - proxy_cookie_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.replacement }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].proxy_buffering is defined %} - proxy_buffering {{ item.value.servers[server].reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters is defined and item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters | length %} -{% for sub_filter in item.value.servers[server].reverse_proxy.locations[location].sub_filter.sub_filters %} - sub_filter {{ sub_filter }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.last_modified is defined %} - sub_filter_last_modified {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.last_modified | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.once is defined %} - sub_filter_once {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.once | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].sub_filter.types is defined and item.value.servers[server].reverse_proxy.locations[location].sub_filter.types %} - sub_filter_types {{ item.value.servers[server].reverse_proxy.locations[location].sub_filter.types }}; -{% endif %} -{% if item.value.servers[server].reverse_proxy.locations[location].custom_options is defined and item.value.servers[server].reverse_proxy.locations[location].custom_options | length %} -{% for inline_option in item.value.servers[server].reverse_proxy.locations[location].custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} -{% if (item.value.servers[server].reverse_proxy.health_check_plus is defined) and item.value.servers[server].reverse_proxy.health_check_plus %} - health_check; -{% endif %} - - } -{% endfor %} -{% endif %} - -{% if item.value.servers[server].web_server is defined %} -{% for location in item.value.servers[server].web_server.locations %} - location {{ item.value.servers[server].web_server.locations[location].location }} { -{% if item.value.servers[server].web_server.locations[location].html_file_location is defined %} - root {{ item.value.servers[server].web_server.locations[location].html_file_location }}; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].html_file_name is defined %} - index {{ item.value.servers[server].web_server.locations[location].html_file_name }}; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].autoindex | default(false) %} - autoindex on; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].try_files is defined %} - try_files {{ item.value.servers[server].web_server.locations[location].try_files }}; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].include_files is defined and item.value.servers[server].web_server.locations[location].include_files | length %} -{% for file in item.value.servers[server].web_server.locations[location].include_files %} - include "{{ file }}"; -{% endfor %} -{% endif %} -{% if item.value.servers[server].web_server.locations[location].custom_options is defined and item.value.servers[server].web_server.locations[location].custom_options | length %} -{% for inline_option in item.value.servers[server].web_server.locations[location].custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} -{% if item.value.servers[server].web_server.locations[location].proxy_hide_headers is defined %} -{% for header in item.value.servers[server].web_server.locations[location].proxy_hide_headers %} - proxy_hide_header {{ header }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].web_server.locations[location].add_headers is defined %} -{% for header in item.value.servers[server].web_server.locations[location].add_headers %} - add_header {{ item.value.servers[server].web_server.locations[location].add_headers[header].name }} "{{ item.value.servers[server].web_server.locations[location].add_headers[header].value }}"{% if item.value.servers[server].web_server.locations[location].add_headers[header].always is defined and item.value.servers[server].web_server.locations[location].add_headers[header].always %} always{% endif %}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].web_server.locations[location].returns is defined %} -{% for code in item.value.servers[server].web_server.locations[location].returns %} -{% if item.value.servers[server].web_server.locations[location].returns[code] is defined %} - return {{ item.value.servers[server].web_server.locations[location].returns[code].code }} {{ item.value.servers[server].web_server.locations[location].returns[code].url }}; -{% else %} - return {{ item.value.servers[server].web_server.locations[location].returns[code].url }}; -{% endif %} -{% endfor %} -{% endif %} -{% if item.value.servers[server].web_server.locations[location].auth_basic is defined and item.value.servers[server].web_server.locations[location].auth_basic %} - auth_basic "{{ item.value.servers[server].web_server.locations[location].auth_basic }}"; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].auth_basic_user_file is defined and item.value.servers[server].web_server.locations[location].auth_basic_user_file %} - auth_basic_user_file {{ item.value.servers[server].web_server.locations[location].auth_basic_user_file }}; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].auth_request is defined %} - auth_request {{ item.value.servers[server].web_server.locations[location].auth_request }}; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].auth_request_set is defined %} - auth_request_set {{ item.value.servers[server].web_server.locations[location].auth_request_set.name }} {{ item.value.servers[server].web_server.locations[location].auth_request_set.value }}; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].sub_filter.sub_filters is defined and item.value.servers[server].web_server.locations[location].sub_filter.sub_filters | length %} -{% for sub_filter in item.value.servers[server].web_server.locations[location].sub_filter.sub_filters %} - sub_filter {{ sub_filter }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].web_server.locations[location].sub_filter.last_modified is defined %} - sub_filter_last_modified {{ item.value.servers[server].web_server.locations[location].sub_filter.last_modified | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].sub_filter.once is defined %} - sub_filter_once {{ item.value.servers[server].web_server.locations[location].sub_filter.once | ternary("on", "off") }}; -{% endif %} -{% if item.value.servers[server].web_server.locations[location].sub_filter.types is defined and item.value.servers[server].web_server.locations[location].sub_filter.types %} - sub_filter_types {{ item.value.servers[server].web_server.locations[location].sub_filter.types }}; -{% endif %} - - } -{% endfor %} -{% if item.value.servers[server].web_server.http_demo_conf is defined and item.value.servers[server].web_server.http_demo_conf %} - sub_filter_once off; - sub_filter 'server_hostname' '$hostname'; - sub_filter 'server_address' '$server_addr:$server_port'; - sub_filter 'server_url' '$request_uri'; - sub_filter 'remote_addr' '$remote_addr:$remote_port'; - sub_filter 'server_date' '$time_local'; - sub_filter 'client_browser' '$http_user_agent'; - sub_filter 'request_id' '$request_id'; - sub_filter 'nginx_version' '$nginx_version'; - sub_filter 'document_root' '$document_root'; - sub_filter 'proxied_for_ip' '$http_x_forwarded_for'; -{% endif %} -{% endif %} -{% if item.value.servers[server].returns is defined %} -{% for return in item.value.servers[server].returns %} - location {{ item.value.servers[server].returns[return].location }} { - return {{ item.value.servers[server].returns[return].code }}{% if item.value.servers[server].returns[return].value is defined %} {{ item.value.servers[server].returns[return].value }}{% endif %}; - } -{% endfor %} -{% endif %} -{% if item.value.servers[server].http_error_pages is defined %} - # redirect server error pages -{% for error_code in item.value.servers[server].http_error_pages %} - error_page {{ error_code }} {{ item.value.servers[server].http_error_pages[error_code] }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].error_page is defined %} - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root {{ item.value.servers[server].error_page }}; - } -{% endif %} - -{% if item.value.servers[server].access_log is defined %} -{% for access_log in item.value.servers[server].access_log %} - access_log {{ access_log.location }} {{ access_log.name }}; -{% endfor %} -{% endif %} -{% if item.value.servers[server].error_log is defined %} - error_log {{ item.value.servers[server].error_log.location }} {{ item.value.servers[server].error_log.level }}; -{% endif %} - -} -{% endfor %} -{% endif %} diff --git a/templates/http/status.conf.j2 b/templates/http/status.conf.j2 deleted file mode 100644 index 6b14458..0000000 --- a/templates/http/status.conf.j2 +++ /dev/null @@ -1,16 +0,0 @@ -{# DEPRECATED #} -{{ ansible_managed | comment }} - -server { - listen {{ nginx_status_port | default('80') }}; - access_log {{ nginx_status_log | ternary('on', 'off') }}; - location /nginx_status { - stub_status on; -{% if nginx_status_allow is defined %} - allow {{ nginx_status_allow }}; -{% endif %} -{% if nginx_status_deny is defined %} - deny {{ nginx_status_deny }}; -{% endif %} - } -} diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 deleted file mode 100644 index 6b0922f..0000000 --- a/templates/nginx.conf.j2 +++ /dev/null @@ -1,111 +0,0 @@ -{# DEPRECATED #} -{{ ansible_managed | comment }} - -user {{ nginx_main_template.user }}; -worker_processes {{ nginx_main_template.worker_processes }}; - -{% if nginx_main_template.worker_rlimit_nofile is defined %} -worker_rlimit_nofile {{ nginx_main_template.worker_rlimit_nofile }}; -{% endif %} - -{% if nginx_main_template.custom_options is defined and nginx_main_template.custom_options | length %} -{% for inline_option in nginx_main_template.custom_options %} -{{ inline_option }} -{% endfor %} -{% endif %} - -error_log {{ nginx_main_template.error_log.location | default("/var/log/nginx/error.log") }} {{ nginx_main_template.error_log.level | default("warn") }}; -pid {{ nginx_main_template.pid | default("/var/run/nginx.pid") }}; - - -events { - worker_connections {{ nginx_main_template.worker_connections }}; -{% if nginx_main_template.events_custom_options is defined and nginx_main_template.events_custom_options | length %} -{% for inline_option in nginx_main_template.events_custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} -} - -{% if nginx_main_template.http_enable %} -http { - include /etc/nginx/mime.types; -{% if nginx_main_template.http_settings.default_type is defined and nginx_main_template.http_settings.default_type %} - default_type {{ nginx_main_template.http_settings.default_type }}; -{% endif %} - -{% for access_log in nginx_main_template.http_settings.access_log_format %} - log_format {{ access_log.name }} {{ access_log.format }}; -{% endfor %} - -{% for access_log in nginx_main_template.http_settings.access_log_location %} - access_log {{ access_log.location }} {{ access_log.name }}; -{% endfor %} - - sendfile on; - -{% if nginx_main_template.http_settings.tcp_nopush is defined and nginx_main_template.http_settings.tcp_nopush %} - tcp_nopush on; -{% endif %} -{% if nginx_main_template.http_settings.tcp_nodelay is defined and nginx_main_template.http_settings.tcp_nodelay %} - tcp_nodelay on; -{% endif %} - -{% if nginx_main_template.http_settings.server_tokens is defined and nginx_main_template.http_settings.server_tokens | length %} - server_tokens {{ nginx_main_template.http_settings.server_tokens }}; -{% endif %} - - keepalive_timeout {{ nginx_main_template.http_settings.keepalive_timeout }}; - - #gzip on; -{% if nginx_main_template.http_settings.cache %} - proxy_cache_path /tmp/cache keys_zone=one:10m; -{% endif %} -{% if nginx_main_template.http_settings.rate_limit %} - limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s; -{% endif %} -{% if nginx_main_template.http_settings.keyval %} - keyval_zone zone={{nginx_main_template.http_settings.keyval.zone}}:32k state=one.keyval; - keyval $arg_text $text zone=one; -{% endif %} -{% if nginx_main_template.http_global_autoindex | default(false) %} - autoindex on; -{% endif %} -{% if nginx_main_template.sub_filter.sub_filters is defined and nginx_main_template.sub_filter.sub_filters | length %} -{% for sub_filter in nginx_main_template.sub_filter.sub_filters %} - sub_filter {{ sub_filter }}; -{% endfor %} -{% endif %} -{% if nginx_main_template.sub_filter.last_modified is defined %} - sub_filter_last_modified {{ nginx_main_template.sub_filter.last_modified | ternary("on", "off") }}; -{% endif %} -{% if nginx_main_template.sub_filter.once is defined %} - sub_filter_once {{ nginx_main_template.sub_filter.once | ternary("on", "off") }}; -{% endif %} -{% if nginx_main_template.sub_filter.types is defined and nginx_main_template.sub_filter.types %} - sub_filter_types {{ nginx_main_template.sub_filter.types }}; -{% endif %} -{% if nginx_main_template.http_custom_options is defined and nginx_main_template.http_custom_options | length %} -{% for inline_option in nginx_main_template.http_custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} - include /etc/nginx/conf.d/*.conf; -{% if nginx_main_template.http_custom_includes is defined and nginx_main_template.http_custom_includes | length %} -{% for inline_include in nginx_main_template.http_custom_includes %} - include {{ inline_include }}; -{% endfor %} -{% endif %} -} -{% endif %} - -{% if nginx_main_template.stream_enable %} -stream { -{% if nginx_main_template.stream_custom_options is defined and nginx_main_template.stream_custom_options | length %} -{% for inline_option in nginx_main_template.stream_custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} - include /etc/nginx/conf.d/stream/*.conf; -} -{% endif %} diff --git a/templates/stream/default.conf.j2 b/templates/stream/default.conf.j2 deleted file mode 100644 index b1b59c5..0000000 --- a/templates/stream/default.conf.j2 +++ /dev/null @@ -1,127 +0,0 @@ -{# DEPRECATED #} -{{ ansible_managed | comment }} - -{% if item.value.upstreams is defined %} -{% for upstream in item.value.upstreams %} -upstream {{ item.value.upstreams[upstream].name }} { -{% if item.value.upstreams[upstream].lb_method is defined %} - {{ item.value.upstreams[upstream].lb_method }}; -{% endif %} - zone {{ item.value.upstreams[upstream].zone_name }} {{ item.value.upstreams[upstream].zone_size }}; -{% for server in item.value.upstreams[upstream].servers %} - server {{ item.value.upstreams[upstream].servers[server].address }}{{(":" + item.value.upstreams[upstream].servers[server].port | string) if item.value.upstreams[upstream].servers[server].port is defined}} {% if item.value.upstreams[upstream].servers[server].down is defined and item.value.upstreams[upstream].servers[server].down %}down{% else %}weight={{ item.value.upstreams[upstream].servers[server].weight | default("1") }} {{ item.value.upstreams[upstream].servers[server].health_check | default("") }}{% endif %}; -{% endfor %} -{% if item.value.upstreams[upstream].sticky_cookie is defined %} -{% if item.value.upstreams[upstream].sticky_cookie %} - sticky cookie srv_id expires=1h path=/; -{% endif %} -{% endif %} -{% if item.value.upstreams[upstream].custom_options is defined and item.value.upstreams[upstream].custom_options | length %} -{% for inline_option in item.value.upstreams[upstream].custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} -} -{% endfor %} -{% endif %} - -{% if item.value.custom_options is defined and item.value.custom_options | length %} -{% for inline_option in item.value.custom_options %} -{{ inline_option }} -{% endfor %} -{% endif %} - -{% if item.value.network_streams is defined %} -{% for stream in item.value.network_streams %} -server { -{% for listen in item.value.network_streams[stream].listen %} - listen {% if item.value.network_streams[stream].listen[listen].ip is defined and item.value.network_streams[stream].listen[listen].ip | length %}{{ item.value.network_streams[stream].listen[listen].ip }}:{% endif %}{{ item.value.network_streams[stream].listen[listen].port }}{% if item.value.network_streams[stream].listen[listen].ssl is defined and item.value.network_streams[stream].listen[listen].ssl %} ssl{% endif %}{% if item.value.network_streams[stream].listen[listen].opts is defined and item.value.network_streams[stream].listen[listen].opts | length %} {{ item.value.network_streams[stream].listen[listen].opts | join(" ") }}{% endif %}; -{% endfor %} -{% if item.value.network_streams[stream].ssl is defined and item.value.network_streams[stream].ssl %} - ssl_certificate {{ item.value.network_streams[stream].ssl.cert }}; - ssl_certificate_key {{ item.value.network_streams[stream].ssl.key }}; -{% if item.value.network_streams[stream].ssl.trusted_cert is defined %} - ssl_trusted_certificate {{ item.value.network_streams[stream].ssl.trusted_cert }}; -{% endif %} -{% if item.value.network_streams[stream].ssl.dhparam is defined %} - ssl_dhparam {{ item.value.network_streams[stream].ssl.dhparam }}; -{% endif %} -{% if item.value.network_streams[stream].ssl.protocols is defined and item.value.network_streams[stream].ssl.protocols %} - ssl_protocols {{ item.value.network_streams[stream].ssl.protocols }}; -{% endif %} -{% if item.value.network_streams[stream].ssl.ciphers is defined and item.value.network_streams[stream].ssl.ciphers %} - ssl_ciphers {{ item.value.network_streams[stream].ssl.ciphers }}; -{% endif %} -{% if item.value.network_streams[stream].ssl.prefer_server_ciphers is defined and item.value.network_streams[stream].ssl.prefer_server_ciphers %} - ssl_prefer_server_ciphers on; -{% endif %} -{% if item.value.network_streams[stream].ssl.session_cache is defined and item.value.network_streams[stream].ssl.session_cache %} - ssl_session_cache {{ item.value.network_streams[stream].ssl.session_cache }}; -{% endif %} -{% if item.value.network_streams[stream].ssl.session_timeout is defined and item.value.network_streams[stream].ssl.session_timeout %} - ssl_session_timeout {{ item.value.network_streams[stream].ssl.session_timeout }}; -{% endif %} -{% if item.value.network_streams[stream].ssl.disable_session_tickets is defined and item.value.network_streams[stream].ssl.disable_session_tickets %} - ssl_session_tickets off; -{% endif %} -{% if item.value.network_streams[stream].ssl.ecdh_curve is defined and item.value.network_streams[stream].ssl.ecdh_curve %} - ssl_ecdh_curve {{ item.value.network_streams[stream].ssl.ecdh_curve }}; -{% endif %} -{% endif %} -{% if item.value.network_streams[stream].include_files is defined and item.value.network_streams[stream].include_files | length %} -{% for file in item.value.network_streams[stream].include_files %} - include "{{ file }}"; -{% endfor %} -{% endif %} - proxy_pass {{ item.value.network_streams[stream].proxy_pass }}; - proxy_timeout {{ item.value.network_streams[stream].proxy_timeout }}; - proxy_connect_timeout {{ item.value.network_streams[stream].proxy_connect_timeout }}; -{% if item.value.network_streams[stream].proxy_protocol %} - proxy_protocol on; -{% else %} - proxy_protocol off; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl is defined %} - proxy_ssl on; -{% if item.value.network_streams[stream].proxy_ssl.cert is defined %} - proxy_ssl_certificate {{ item.value.network_streams[stream].proxy_ssl.cert }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.key is defined %} - proxy_ssl_certificate_key {{ item.value.network_streams[stream].proxy_ssl.key }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.server_name is defined %} - proxy_ssl_server_name {{ item.value.network_streams[stream].proxy_ssl.server_name | ternary("on", "off") }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.name is defined %} - proxy_ssl_name {{ item.value.network_streams[stream].proxy_ssl.name }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.protocols is defined %} - proxy_ssl_protocols {{ item.value.network_streams[stream].proxy_ssl.protocols }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.ciphers is defined %} - proxy_ssl_ciphers {{ item.value.network_streams[stream].proxy_ssl.ciphers }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.trusted_cert is defined %} - proxy_ssl_trusted_certificate {{ item.value.network_streams[stream].proxy_ssl.trusted_cert }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.verify is defined %} - proxy_ssl_verify {{ item.value.network_streams[stream].proxy_ssl.verify | ternary("on", "off") }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.verify_depth is defined %} - proxy_ssl_verify_depth {{ item.value.network_streams[stream].proxy_ssl.verify_depth }}; -{% endif %} -{% if item.value.network_streams[stream].proxy_ssl.session_reuse is defined %} - proxy_ssl_session_reuse {{ item.value.network_streams[stream].proxy_ssl.session_reuse | ternary("on", "off") }}; -{% endif %} -{% endif %} -{% if item.value.network_streams[stream].health_check_plus %} - health_check; -{% endif %} -{% if item.value.network_streams[stream].custom_options is defined and item.value.network_streams[stream].custom_options | length %} -{% for inline_option in item.value.network_streams[stream].custom_options %} - {{ inline_option }} -{% endfor %} -{% endif %} -} -{% endfor %} -{% endif %} diff --git a/templates/www/index.html.j2 b/templates/www/index.html.j2 deleted file mode 100644 index 3ed06bd..0000000 --- a/templates/www/index.html.j2 +++ /dev/null @@ -1,103 +0,0 @@ - - - - - - -Hello World - {{ item.value.web_server_name }} - - - - - -NGINX Logo -
-

Web Server name: {{ item.value.web_server_name }}

-

Server name: server_hostname

-

Server address: server_address

-

User Agent: client_browser

-

URI: server_url

-

Doc Root: document_root

-

Date: server_date

-

NGINX Front-End Load Balancer IP:remote_addr

-

Client IP: proxied_for_ip

-

NGINX Version: nginx_version

-
-
Auto Refresh
- - -