Improve templating

* Rename load_balancer block to reverse_proxy * Clarify that the redirect variable refers to a http to https redirect * Allow setting the listen port when using SSL * Improve SSL defaults * Allow setting http or https server locations in proxy_pass
2019-01-14 17:26:37 +01:00 · 2019-01-14 17:26:37 +01:00 · bcc3f1e166
commit bcc3f1e166
parent c1c3a372d7
3 changed files with 57 additions and 60 deletions
--- a/README.md
+++ b/README.md
@ -321,7 +321,7 @@ nginx_main_template:
 # Enable creating dynamic templated NGINX HTTP configuration files.
 # Defaults will not produce a valid configuration. Instead they are meant to showcase
 # the options available for templating. Each key represents a new configuration file.
-# Comment out load_balancer or web_server depending on whether you wish to create a web server
+# Comment out reverse_proxy or web_server depending on whether you wish to create a web server
 # or load balancer configuration file.
 nginx_http_template_enable: false
 nginx_http_template:
@ -332,7 +332,7 @@ nginx_http_template:
    port: 8081
    server_name: localhost
    error_page: /usr/share/nginx/html
-    redirect: false
+    https_redirect: false
    autoindex: false
    ssl:
      cert: ssl/default.crt
@ -345,11 +345,11 @@ nginx_http_template:
          html_file_name: index.html
          autoindex: false
      http_demo_conf: false
-    load_balancer:
+    reverse_proxy:
      locations:
        backend:
          location: /
-          proxy_pass: backend
+          proxy_pass: http://backend
      health_check_plus: false
    upstreams:
      upstream1:
@ -410,9 +410,6 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
    nginx_http_template_enable: true
    nginx_http_template:
      default:
-        template_file: http/default.conf.j2
-        conf_file_name: default.conf
-        conf_file_location: /etc/nginx/conf.d/
        port: 80
        server_name: localhost
        error_page: /usr/share/nginx/html
@ -423,7 +420,6 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
              location: /
              html_file_location: /usr/share/nginx/html
              html_file_name: index.html
-              autoindex: false
 ```

 This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX as a reverse proxy.
@ -437,14 +433,15 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
  vars:
    nginx_http_template_enable: true
    nginx_http_template:
-    load_balancer:
+      default:
+        reverse_proxy:
          locations:
            frontend:
              location: /
-          proxy_pass: frontend_servers
+              proxy_pass: http://frontend_servers
            backend:
              location: /backend
-          proxy_pass: backend_servers
+              proxy_pass: http://backend_servers
        upstreams:
          upstream_1:
            name: frontend_servers
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -102,15 +102,15 @@ nginx_rest_api_dashboard: false
 # Upload the main NGINX configuration file.
 nginx_main_upload_enable: false
 nginx_main_upload_src: conf/nginx.conf
-nginx_main_upload_dest: /etc/nginx
+nginx_main_upload_dest: /etc/nginx/nginx.conf
 # Upload HTTP NGINX configuration files.
 nginx_http_upload_enable: false
 nginx_http_upload_src: conf/http/*.conf
-nginx_http_upload_dest: /etc/nginx/conf.d
+nginx_http_upload_dest: /etc/nginx/conf.d/*.conf
 # Upload Stream NGINX configuration files.
 nginx_stream_upload_enable: false
 nginx_stream_upload_src: conf/stream/*.conf
-nginx_stream_upload_dest: /etc/nginx/conf.d
+nginx_stream_upload_dest: /etc/nginx/conf.d/*.conf
 # Upload HTML files.
 nginx_html_upload_enable: false
 nginx_html_upload_src: www/*
@ -118,9 +118,9 @@ nginx_html_upload_dest: /usr/share/nginx/html
 # Upload SSL certificates and keys.
 nginx_ssl_upload_enable: false
 nginx_ssl_crt_upload_src: ssl/*.crt
-nginx_ssl_crt_upload_dest: /etc/ssl/certs/
+nginx_ssl_crt_upload_dest: /etc/ssl/certs/*.crt
 nginx_ssl_key_upload_src: ssl/*.key
-nginx_ssl_key_upload_dest: /etc/ssl/private/
+nginx_ssl_key_upload_dest: /etc/ssl/private/*.key

 # Enable creating dynamic templated NGINX HTML demo websites.
 nginx_html_demo_template_enable: false
@ -165,11 +165,11 @@ nginx_http_template:
    port: 8081
    server_name: localhost
    error_page: /usr/share/nginx/html
-    redirect: false
+    https_redirect: false
    autoindex: false
    ssl:
-      cert: ssl/default.crt
-      key: ssl/default.key
+      cert: /etc/ssl/certs/default.crt
+      key: /etc/ssl/private/default.key
    web_server:
      locations:
        default:
@ -178,11 +178,11 @@ nginx_http_template:
          html_file_name: index.html
          autoindex: false
      http_demo_conf: false
-    load_balancer:
+    reverse_proxy:
      locations:
        backend:
          location: /
-          proxy_pass: backend
+          proxy_pass: http://backend
      health_check_plus: false
    upstreams:
      upstream1:
--- a/templates/http/default.conf.j2
+++ b/templates/http/default.conf.j2
@ -18,9 +18,9 @@ upstream {{ item.value.upstreams[upstream].name }} {

 server {
 {% if item.value.ssl is defined %}
-    listen 443 ssl;
-    ssl_certificate {{ nginx_ssl_crt_upload_dest }}/{{ item.value.ssl.cert }};
-    ssl_certificate_key {{ nginx_ssl_key_upload_dest }}/{{ item.value.ssl.key }};
+    listen {{ item.value.port }} ssl;
+    ssl_certificate {{ item.value.ssl.cert }};
+    ssl_certificate_key {{ item.value.ssl.key }};
 {% else %}
    listen {{ item.value.port }};
 {% endif %}
@ -28,14 +28,14 @@ server {
 {% if item.value.autoindex is defined and item.value.autoindex %}
    autoindex on;
 {% endif %}
-{% if item.value.redirect is defined and item.value.redirect %}
+{% if item.value.https_redirect is defined and item.value.https_redirect %}
    return 301 https://{{ item.value.server_name }}$request_uri;
 {% endif%}
-{% if item.value.load_balancer is defined %}
-{% for location in item.value.load_balancer.locations %}
-    location {{ item.value.load_balancer.locations[location].location }} {
-        proxy_pass http://{{ item.value.load_balancer.locations[location].proxy_pass }};
-{% if item.value.load_balancer.health_check_plus is defined and item.value.load_balancer.health_check_plus %}
+{% if item.value.reverse_proxy is defined %}
+{% for location in item.value.reverse_proxy.locations %}
+    location {{ item.value.reverse_proxy.locations[location].location }} {
+        proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
+{% if item.value.reverse_proxy.health_check_plus is defined and item.value.reverse_proxy.health_check_plus %}
        health_check;
 {% endif %}
        proxy_set_header Host $host;