sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Multiple changes

Browse Source 
* Add option to enable REST API
* Add option to enable live dashboard
* Add option to install WAF module
* Load modules in nginx.conf
* Improve version check for RedHat distros
This commit is contained in:
Alessandro Fael Garcia 2018-01-19 10:27:47 -08:00
parent 0e40a9e00f
commit 78a7e3efeb
13 changed files with 113 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
defaults/main.yml
View File

@ -7,12 +7,12 @@ type: opensource
# Options are 'mainline' or 'stable'.
# Default is stable.
branch: mainline
# Install nginscript module.
# Install nginscript, perl and/or waf modules.
# Default is false.
njs: false
# Install Perl module.
# Default is false.
perl: false
modules:
njs: false
perl: false
waf: false
# Install NGINX Amplify.
# Use your NGINX Amplify API key.
# Default is null.
@ -21,6 +21,12 @@ amplify: null
# Will enable 'stub_status' in open source NGINX and 'status' in NGINX Plus.
# Default is false.
status: false
# Enable NGINX Plus REST API and dashboard.
# Default is false.
api:
enable: false
write: false
dashboard: false
# Location of your NGINX Plus license in your local machine.
# Default is the files folder within the NGINX Ansible role.
license:

2
tasks/amplify/install-amplify.yml
View File

@ -1,5 +1,5 @@
---
- import_tasks: ../conf/nginx-status.yml
- import_tasks: ../conf/setup-status.yml
- name: "(All OSs) Download NGINX Amplify Script"
get_url:

6
tasks/conf/setup-api.yml Normal file
View File

@ -0,0 +1,6 @@
---
- name: "(All OSs) Setup NGINX Plus API"
template:
src: api.j2
dest: /etc/nginx/conf.d/api.conf
notify: "(All OSs) Reload NGINX"

26
tasks/conf/nginx-status.yml → tasks/conf/setup-status.yml
View File

@ -5,13 +5,12 @@
create: yes
block: |
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
location /nginx_status {
stub_status on;
allow 127.0.0.1;
deny all;
}
listen 127.0.0.1:80;
location /nginx_status {
stub_status on;
allow 127.0.0.1;
deny all;
}
}
when: type == "opensource"
notify: "(All OSs) Reload NGINX"
@ -22,13 +21,12 @@
create: yes
block: |
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
location /status {
status;
allow 127.0.0.1;
deny all;
}
listen 127.0.0.1:80;
location /status {
status;
allow 127.0.0.1;
deny all;
}
}
when: type == "plus"
notify: "(All OSs) Reload NGINX"

14
tasks/main.yml
View File

@ -11,8 +11,20 @@
- import_tasks: plus/install-plus.yml
when: type == "plus"
- import_tasks: conf/nginx-status.yml
- import_tasks: modules/install-njs.yml
when: modules.njs
- import_tasks: modules/install-perl.yml
when: modules.perl
- import_tasks: modules/install-waf.yml
when: modules.waf and type == "plus"
- import_tasks: conf/setup-status.yml
when: status
- import_tasks: conf/setup-api.yml
when: api.enable and type == "plus"
- import_tasks: amplify/install-amplify.yml
when: amplify is defined and amplify

21
tasks/modules/install-njs.yml Normal file
View File

@ -0,0 +1,21 @@
---
- name: "(All OSs) Install NGINX NJS Module"
package:
name: nginx-module-njs
state: present
when: type == "opensource"
- name: "(All OSs) Install NGINX NJS Module"
package:
name: nginx-plus-module-njs
state: present
when: type == "plus"
- name: "(All OSs) Load NGINX NJS Module"
blockinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
block: |
load_module modules/ngx_http_js_module.so;
load_module modules/ngx_stream_js_module.so;
notify: "(All OSs) Reload NGINX"

19
tasks/modules/install-perl.yml Normal file
View File

@ -0,0 +1,19 @@
---
- name: "(All OSs) Install NGINX Perl Module"
package:
name: nginx-module-perl
state: present
when: type == "opensource"
- name: "(All OSs) Install NGINX Perl Module"
package:
name: nginx-plus-module-perl
state: present
when: type == "plus"
- name: "(All OSs) Load NGINX Perl Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_perl.so;
notify: "(All OSs) Reload NGINX"

13
tasks/modules/install-waf.yml Normal file
View File

@ -0,0 +1,13 @@
---
- name: "(All OSs) Install NGINX Plus WAF Module"
package:
name: nginx-plus-module-modsecurity
state: present
when: waf
- name: "(All OSs) Load NGINX Plus WAF Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_modsecurity_module.so;
notify: "(All OSs) Reload NGINX"

12
tasks/opensource/install-oss.yml
View File

@ -13,15 +13,3 @@
name: nginx
state: present
notify: "(All OSs) Start NGINX"
- name: "(All OSs) Install NGINX NJS Module"
package:
name: nginx-module-njs
state: present
when: njs
- name: "(All OSs) Install NGINX Perl Module"
package:
name: nginx-module-perl
state: present
when: perl

12
tasks/plus/install-plus.yml
View File

@ -18,15 +18,3 @@
name: nginx-plus
state: present
notify: "(All OSs) Start NGINX"
- name: "(All OSs) Install NGINX NJS Module"
package:
name: nginx-plus-module-njs
state: present
when: njs
- name: "(All OSs) Install NGINX Perl Module"
package:
name: nginx-plus-module-perl
state: present
when: perl

4
tasks/plus/setup-redhat.yml
View File

@ -7,12 +7,12 @@
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "7"
when: ansible_distribution_major_version|int >= 7 and ansible_distribution_major_version|int <= 7.3
when: ansible_distribution_major_version|float >= 7.0 and ansible_distribution_major_version|float <= 7.3
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "7.4"
when: ansible_distribution_major_version|int == 7.4
when: ansible_distribution_major_version|float == 7.4
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:

0
templates/.gitkeep
View File

15
templates/api.j2 Normal file
View File

@ -0,0 +1,15 @@
server {
listen 8080;
location /api {
{% if api.write %}
api write=on;
{% else %}
api;
{% endif %}
}
{% if api.dashboard %}
location = /dashboard.html {
root /usr/share/nginx/html;
}
{% endif %}
}