Improve templating
* Rename load_balancer block to reverse_proxy * Clarify that the redirect variable refers to a http to https redirect * Allow setting the listen port when using SSL * Improve SSL defaults * Allow setting http or https server locations in proxy_pass
This commit is contained in:
parent
c1c3a372d7
commit
bcc3f1e166
19
README.md
19
README.md
@ -321,7 +321,7 @@ nginx_main_template:
|
|||||||
# Enable creating dynamic templated NGINX HTTP configuration files.
|
# Enable creating dynamic templated NGINX HTTP configuration files.
|
||||||
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
||||||
# the options available for templating. Each key represents a new configuration file.
|
# the options available for templating. Each key represents a new configuration file.
|
||||||
# Comment out load_balancer or web_server depending on whether you wish to create a web server
|
# Comment out reverse_proxy or web_server depending on whether you wish to create a web server
|
||||||
# or load balancer configuration file.
|
# or load balancer configuration file.
|
||||||
nginx_http_template_enable: false
|
nginx_http_template_enable: false
|
||||||
nginx_http_template:
|
nginx_http_template:
|
||||||
@ -332,7 +332,7 @@ nginx_http_template:
|
|||||||
port: 8081
|
port: 8081
|
||||||
server_name: localhost
|
server_name: localhost
|
||||||
error_page: /usr/share/nginx/html
|
error_page: /usr/share/nginx/html
|
||||||
redirect: false
|
https_redirect: false
|
||||||
autoindex: false
|
autoindex: false
|
||||||
ssl:
|
ssl:
|
||||||
cert: ssl/default.crt
|
cert: ssl/default.crt
|
||||||
@ -345,11 +345,11 @@ nginx_http_template:
|
|||||||
html_file_name: index.html
|
html_file_name: index.html
|
||||||
autoindex: false
|
autoindex: false
|
||||||
http_demo_conf: false
|
http_demo_conf: false
|
||||||
load_balancer:
|
reverse_proxy:
|
||||||
locations:
|
locations:
|
||||||
backend:
|
backend:
|
||||||
location: /
|
location: /
|
||||||
proxy_pass: backend
|
proxy_pass: http://backend
|
||||||
health_check_plus: false
|
health_check_plus: false
|
||||||
upstreams:
|
upstreams:
|
||||||
upstream1:
|
upstream1:
|
||||||
@ -410,9 +410,6 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
|
|||||||
nginx_http_template_enable: true
|
nginx_http_template_enable: true
|
||||||
nginx_http_template:
|
nginx_http_template:
|
||||||
default:
|
default:
|
||||||
template_file: http/default.conf.j2
|
|
||||||
conf_file_name: default.conf
|
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
|
||||||
port: 80
|
port: 80
|
||||||
server_name: localhost
|
server_name: localhost
|
||||||
error_page: /usr/share/nginx/html
|
error_page: /usr/share/nginx/html
|
||||||
@ -423,7 +420,6 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
|
|||||||
location: /
|
location: /
|
||||||
html_file_location: /usr/share/nginx/html
|
html_file_location: /usr/share/nginx/html
|
||||||
html_file_name: index.html
|
html_file_name: index.html
|
||||||
autoindex: false
|
|
||||||
```
|
```
|
||||||
|
|
||||||
This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX as a reverse proxy.
|
This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX as a reverse proxy.
|
||||||
@ -437,14 +433,15 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
|
|||||||
vars:
|
vars:
|
||||||
nginx_http_template_enable: true
|
nginx_http_template_enable: true
|
||||||
nginx_http_template:
|
nginx_http_template:
|
||||||
load_balancer:
|
default:
|
||||||
|
reverse_proxy:
|
||||||
locations:
|
locations:
|
||||||
frontend:
|
frontend:
|
||||||
location: /
|
location: /
|
||||||
proxy_pass: frontend_servers
|
proxy_pass: http://frontend_servers
|
||||||
backend:
|
backend:
|
||||||
location: /backend
|
location: /backend
|
||||||
proxy_pass: backend_servers
|
proxy_pass: http://backend_servers
|
||||||
upstreams:
|
upstreams:
|
||||||
upstream_1:
|
upstream_1:
|
||||||
name: frontend_servers
|
name: frontend_servers
|
||||||
|
@ -102,15 +102,15 @@ nginx_rest_api_dashboard: false
|
|||||||
# Upload the main NGINX configuration file.
|
# Upload the main NGINX configuration file.
|
||||||
nginx_main_upload_enable: false
|
nginx_main_upload_enable: false
|
||||||
nginx_main_upload_src: conf/nginx.conf
|
nginx_main_upload_src: conf/nginx.conf
|
||||||
nginx_main_upload_dest: /etc/nginx
|
nginx_main_upload_dest: /etc/nginx/nginx.conf
|
||||||
# Upload HTTP NGINX configuration files.
|
# Upload HTTP NGINX configuration files.
|
||||||
nginx_http_upload_enable: false
|
nginx_http_upload_enable: false
|
||||||
nginx_http_upload_src: conf/http/*.conf
|
nginx_http_upload_src: conf/http/*.conf
|
||||||
nginx_http_upload_dest: /etc/nginx/conf.d
|
nginx_http_upload_dest: /etc/nginx/conf.d/*.conf
|
||||||
# Upload Stream NGINX configuration files.
|
# Upload Stream NGINX configuration files.
|
||||||
nginx_stream_upload_enable: false
|
nginx_stream_upload_enable: false
|
||||||
nginx_stream_upload_src: conf/stream/*.conf
|
nginx_stream_upload_src: conf/stream/*.conf
|
||||||
nginx_stream_upload_dest: /etc/nginx/conf.d
|
nginx_stream_upload_dest: /etc/nginx/conf.d/*.conf
|
||||||
# Upload HTML files.
|
# Upload HTML files.
|
||||||
nginx_html_upload_enable: false
|
nginx_html_upload_enable: false
|
||||||
nginx_html_upload_src: www/*
|
nginx_html_upload_src: www/*
|
||||||
@ -118,9 +118,9 @@ nginx_html_upload_dest: /usr/share/nginx/html
|
|||||||
# Upload SSL certificates and keys.
|
# Upload SSL certificates and keys.
|
||||||
nginx_ssl_upload_enable: false
|
nginx_ssl_upload_enable: false
|
||||||
nginx_ssl_crt_upload_src: ssl/*.crt
|
nginx_ssl_crt_upload_src: ssl/*.crt
|
||||||
nginx_ssl_crt_upload_dest: /etc/ssl/certs/
|
nginx_ssl_crt_upload_dest: /etc/ssl/certs/*.crt
|
||||||
nginx_ssl_key_upload_src: ssl/*.key
|
nginx_ssl_key_upload_src: ssl/*.key
|
||||||
nginx_ssl_key_upload_dest: /etc/ssl/private/
|
nginx_ssl_key_upload_dest: /etc/ssl/private/*.key
|
||||||
|
|
||||||
# Enable creating dynamic templated NGINX HTML demo websites.
|
# Enable creating dynamic templated NGINX HTML demo websites.
|
||||||
nginx_html_demo_template_enable: false
|
nginx_html_demo_template_enable: false
|
||||||
@ -165,11 +165,11 @@ nginx_http_template:
|
|||||||
port: 8081
|
port: 8081
|
||||||
server_name: localhost
|
server_name: localhost
|
||||||
error_page: /usr/share/nginx/html
|
error_page: /usr/share/nginx/html
|
||||||
redirect: false
|
https_redirect: false
|
||||||
autoindex: false
|
autoindex: false
|
||||||
ssl:
|
ssl:
|
||||||
cert: ssl/default.crt
|
cert: /etc/ssl/certs/default.crt
|
||||||
key: ssl/default.key
|
key: /etc/ssl/private/default.key
|
||||||
web_server:
|
web_server:
|
||||||
locations:
|
locations:
|
||||||
default:
|
default:
|
||||||
@ -178,11 +178,11 @@ nginx_http_template:
|
|||||||
html_file_name: index.html
|
html_file_name: index.html
|
||||||
autoindex: false
|
autoindex: false
|
||||||
http_demo_conf: false
|
http_demo_conf: false
|
||||||
load_balancer:
|
reverse_proxy:
|
||||||
locations:
|
locations:
|
||||||
backend:
|
backend:
|
||||||
location: /
|
location: /
|
||||||
proxy_pass: backend
|
proxy_pass: http://backend
|
||||||
health_check_plus: false
|
health_check_plus: false
|
||||||
upstreams:
|
upstreams:
|
||||||
upstream1:
|
upstream1:
|
||||||
|
@ -18,9 +18,9 @@ upstream {{ item.value.upstreams[upstream].name }} {
|
|||||||
|
|
||||||
server {
|
server {
|
||||||
{% if item.value.ssl is defined %}
|
{% if item.value.ssl is defined %}
|
||||||
listen 443 ssl;
|
listen {{ item.value.port }} ssl;
|
||||||
ssl_certificate {{ nginx_ssl_crt_upload_dest }}/{{ item.value.ssl.cert }};
|
ssl_certificate {{ item.value.ssl.cert }};
|
||||||
ssl_certificate_key {{ nginx_ssl_key_upload_dest }}/{{ item.value.ssl.key }};
|
ssl_certificate_key {{ item.value.ssl.key }};
|
||||||
{% else %}
|
{% else %}
|
||||||
listen {{ item.value.port }};
|
listen {{ item.value.port }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
@ -28,14 +28,14 @@ server {
|
|||||||
{% if item.value.autoindex is defined and item.value.autoindex %}
|
{% if item.value.autoindex is defined and item.value.autoindex %}
|
||||||
autoindex on;
|
autoindex on;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.redirect is defined and item.value.redirect %}
|
{% if item.value.https_redirect is defined and item.value.https_redirect %}
|
||||||
return 301 https://{{ item.value.server_name }}$request_uri;
|
return 301 https://{{ item.value.server_name }}$request_uri;
|
||||||
{% endif%}
|
{% endif%}
|
||||||
{% if item.value.load_balancer is defined %}
|
{% if item.value.reverse_proxy is defined %}
|
||||||
{% for location in item.value.load_balancer.locations %}
|
{% for location in item.value.reverse_proxy.locations %}
|
||||||
location {{ item.value.load_balancer.locations[location].location }} {
|
location {{ item.value.reverse_proxy.locations[location].location }} {
|
||||||
proxy_pass http://{{ item.value.load_balancer.locations[location].proxy_pass }};
|
proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
|
||||||
{% if item.value.load_balancer.health_check_plus is defined and item.value.load_balancer.health_check_plus %}
|
{% if item.value.reverse_proxy.health_check_plus is defined and item.value.reverse_proxy.health_check_plus %}
|
||||||
health_check;
|
health_check;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
Loading…
Reference in New Issue
Block a user