sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improve templating

Browse Source 
* Rename load_balancer block to reverse_proxy
* Clarify that the redirect variable refers to a http to https redirect
* Allow setting the listen port when using SSL
* Improve SSL defaults
* Allow setting http or https server locations in proxy_pass
This commit is contained in:
Alessandro Fael Garcia 2019-01-14 17:26:37 +01:00
parent c1c3a372d7
commit bcc3f1e166
3 changed files with 57 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
README.md
View File

@ -321,7 +321,7 @@ nginx_main_template:
# Enable creating dynamic templated NGINX HTTP configuration files. # Enable creating dynamic templated NGINX HTTP configuration files.
# Defaults will not produce a valid configuration. Instead they are meant to showcase # Defaults will not produce a valid configuration. Instead they are meant to showcase
# the options available for templating. Each key represents a new configuration file. # the options available for templating. Each key represents a new configuration file.
# Comment out load_balancer or web_server depending on whether you wish to create a web server # Comment out reverse_proxy or web_server depending on whether you wish to create a web server
# or load balancer configuration file. # or load balancer configuration file.
nginx_http_template_enable: false nginx_http_template_enable: false
nginx_http_template: nginx_http_template:
@ -332,7 +332,7 @@ nginx_http_template:
port: 8081 port: 8081
server_name: localhost server_name: localhost
error_page: /usr/share/nginx/html error_page: /usr/share/nginx/html
redirect: false https_redirect: false
autoindex: false autoindex: false
ssl: ssl:
cert: ssl/default.crt cert: ssl/default.crt
@ -345,11 +345,11 @@ nginx_http_template:
html_file_name: index.html html_file_name: index.html
autoindex: false autoindex: false
http_demo_conf: false http_demo_conf: false
load_balancer: reverse_proxy:
locations: locations:
backend: backend:
location: / location: /
proxy_pass: backend proxy_pass: http://backend
health_check_plus: false health_check_plus: false
upstreams: upstreams:
upstream1: upstream1:
@ -410,9 +410,6 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
nginx_http_template_enable: true nginx_http_template_enable: true
nginx_http_template: nginx_http_template:
default: default:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
port: 80 port: 80
server_name: localhost server_name: localhost
error_page: /usr/share/nginx/html error_page: /usr/share/nginx/html
@ -423,7 +420,6 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
location: / location: /
html_file_location: /usr/share/nginx/html html_file_location: /usr/share/nginx/html
html_file_name: index.html html_file_name: index.html
autoindex: false
``` ```
This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX as a reverse proxy. This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX as a reverse proxy.
@ -437,39 +433,40 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
vars: vars:
nginx_http_template_enable: true nginx_http_template_enable: true
nginx_http_template: nginx_http_template:
load_balancer: default:
locations: reverse_proxy:
frontend: locations:
location: / frontend:
proxy_pass: frontend_servers location: /
backend: proxy_pass: http://frontend_servers
location: /backend backend:
proxy_pass: backend_servers location: /backend
upstreams: proxy_pass: http://backend_servers
upstream_1: upstreams:
name: frontend_servers upstream_1:
lb_method: least_conn name: frontend_servers
zone_name: frontend lb_method: least_conn
zone_size: 64k zone_name: frontend
sticky_cookie: false zone_size: 64k
servers: sticky_cookie: false
frontend_server_1: servers:
address: localhost frontend_server_1:
port: 80 address: localhost
weight: 1 port: 80
health_check: max_fails=3 fail_timeout=5s weight: 1
upstream_2: health_check: max_fails=3 fail_timeout=5s
name: backend_servers upstream_2:
lb_method: least_conn name: backend_servers
zone_name: backend lb_method: least_conn
zone_size: 64k zone_name: backend
sticky_cookie: false zone_size: 64k
servers: sticky_cookie: false
backend_server_1: servers:
address: localhost backend_server_1:
port: 8080 address: localhost
weight: 1 port: 8080
health_check: max_fails=3 fail_timeout=5s weight: 1
health_check: max_fails=3 fail_timeout=5s
``` ```

20
defaults/main.yml
View File

@ -102,15 +102,15 @@ nginx_rest_api_dashboard: false
# Upload the main NGINX configuration file. # Upload the main NGINX configuration file.
nginx_main_upload_enable: false nginx_main_upload_enable: false
nginx_main_upload_src: conf/nginx.conf nginx_main_upload_src: conf/nginx.conf
nginx_main_upload_dest: /etc/nginx nginx_main_upload_dest: /etc/nginx/nginx.conf
# Upload HTTP NGINX configuration files. # Upload HTTP NGINX configuration files.
nginx_http_upload_enable: false nginx_http_upload_enable: false
nginx_http_upload_src: conf/http/*.conf nginx_http_upload_src: conf/http/*.conf
nginx_http_upload_dest: /etc/nginx/conf.d nginx_http_upload_dest: /etc/nginx/conf.d/*.conf
# Upload Stream NGINX configuration files. # Upload Stream NGINX configuration files.
nginx_stream_upload_enable: false nginx_stream_upload_enable: false
nginx_stream_upload_src: conf/stream/*.conf nginx_stream_upload_src: conf/stream/*.conf
nginx_stream_upload_dest: /etc/nginx/conf.d nginx_stream_upload_dest: /etc/nginx/conf.d/*.conf
# Upload HTML files. # Upload HTML files.
nginx_html_upload_enable: false nginx_html_upload_enable: false
nginx_html_upload_src: www/* nginx_html_upload_src: www/*
@ -118,9 +118,9 @@ nginx_html_upload_dest: /usr/share/nginx/html
# Upload SSL certificates and keys. # Upload SSL certificates and keys.
nginx_ssl_upload_enable: false nginx_ssl_upload_enable: false
nginx_ssl_crt_upload_src: ssl/*.crt nginx_ssl_crt_upload_src: ssl/*.crt
nginx_ssl_crt_upload_dest: /etc/ssl/certs/ nginx_ssl_crt_upload_dest: /etc/ssl/certs/*.crt
nginx_ssl_key_upload_src: ssl/*.key nginx_ssl_key_upload_src: ssl/*.key
nginx_ssl_key_upload_dest: /etc/ssl/private/ nginx_ssl_key_upload_dest: /etc/ssl/private/*.key
# Enable creating dynamic templated NGINX HTML demo websites. # Enable creating dynamic templated NGINX HTML demo websites.
nginx_html_demo_template_enable: false nginx_html_demo_template_enable: false
@ -165,11 +165,11 @@ nginx_http_template:
port: 8081 port: 8081
server_name: localhost server_name: localhost
error_page: /usr/share/nginx/html error_page: /usr/share/nginx/html
redirect: false https_redirect: false
autoindex: false autoindex: false
ssl: ssl:
cert: ssl/default.crt cert: /etc/ssl/certs/default.crt
key: ssl/default.key key: /etc/ssl/private/default.key
web_server: web_server:
locations: locations:
default: default:
@ -178,11 +178,11 @@ nginx_http_template:
html_file_name: index.html html_file_name: index.html
autoindex: false autoindex: false
http_demo_conf: false http_demo_conf: false
load_balancer: reverse_proxy:
locations: locations:
backend: backend:
location: / location: /
proxy_pass: backend proxy_pass: http://backend
health_check_plus: false health_check_plus: false
upstreams: upstreams:
upstream1: upstream1:

18
templates/http/default.conf.j2
View File

@ -18,9 +18,9 @@ upstream {{ item.value.upstreams[upstream].name }} {
server { server {
{% if item.value.ssl is defined %} {% if item.value.ssl is defined %}
listen 443 ssl; listen {{ item.value.port }} ssl;
ssl_certificate {{ nginx_ssl_crt_upload_dest }}/{{ item.value.ssl.cert }}; ssl_certificate {{ item.value.ssl.cert }};
ssl_certificate_key {{ nginx_ssl_key_upload_dest }}/{{ item.value.ssl.key }}; ssl_certificate_key {{ item.value.ssl.key }};
{% else %} {% else %}
listen {{ item.value.port }}; listen {{ item.value.port }};
{% endif %} {% endif %}
@ -28,14 +28,14 @@ server {
{% if item.value.autoindex is defined and item.value.autoindex %} {% if item.value.autoindex is defined and item.value.autoindex %}
autoindex on; autoindex on;
{% endif %} {% endif %}
{% if item.value.redirect is defined and item.value.redirect %} {% if item.value.https_redirect is defined and item.value.https_redirect %}
return 301 https://{{ item.value.server_name }}$request_uri; return 301 https://{{ item.value.server_name }}$request_uri;
{% endif%} {% endif%}
{% if item.value.load_balancer is defined %} {% if item.value.reverse_proxy is defined %}
{% for location in item.value.load_balancer.locations %} {% for location in item.value.reverse_proxy.locations %}
location {{ item.value.load_balancer.locations[location].location }} { location {{ item.value.reverse_proxy.locations[location].location }} {
proxy_pass http://{{ item.value.load_balancer.locations[location].proxy_pass }}; proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
{% if item.value.load_balancer.health_check_plus is defined and item.value.load_balancer.health_check_plus %} {% if item.value.reverse_proxy.health_check_plus is defined and item.value.reverse_proxy.health_check_plus %}
health_check; health_check;
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;