sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add IPv6 listener support; Make listen options configurable (#147)

Browse Source 
* Add IPv6 listener support; Make options (besides 'ssl' and 'ipv6only=on' for IPv6 listeners) configurable.

* Combine listen directives for ssl and non ssl listeners and add the ssl option automatically when it is needed.

* Add comment from README also to defaults/main.yml

* Add support for multiple listen directives
This commit is contained in:
Philip Henning 2019-07-29 19:39:58 +02:00 committed by Alessandro Fael Garcia
parent 5416fb28e0
commit ea1a3626db
4 changed files with 30 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -358,7 +358,11 @@ nginx_http_template:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
port: 8081
listen:
listen_localhost:
ip: localhost # Wrap in square brackets for IPv6 addresses
port: 8081
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
server_name: localhost
include_files: []
error_page: /usr/share/nginx/html

6
defaults/main.yml
View File

@ -170,7 +170,11 @@ nginx_http_template:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
port: 8081
listen:
listen_localhost:
ip: localhost # Wrap in square brackets for IPv6 addresses
port: 8081
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
server_name: localhost
include_files: []
error_page: /usr/share/nginx/html

8
templates/http/default.conf.j2
View File

@ -53,8 +53,11 @@ auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_
{% endif %}
server {
{% for listen in item.value.listen %}
listen {% if item.value.listen[listen].ip is defined and item.value.listen[listen].ip | length %}{{ item.value.listen[listen].ip }}:{% endif %}{{ item.value.listen[listen].port }}{% if item.value.ssl is defined and item.value.ssl %} ssl{% endif %}{% if item.value.listen[listen].opts is defined and item.value.listen[listen].opts | length %} {{ item.value.listen[listen].opts | join(" ") }}{% endif %};
{% endfor %}
server_name {{ item.value.server_name | default('localhost') }};
{% if item.value.ssl is defined and item.value.ssl %}
listen {{ item.value.port }} ssl;
ssl_certificate {{ item.value.ssl.cert }};
ssl_certificate_key {{ item.value.ssl.key }};
{% if item.value.ssl.trusted_cert is defined %}
@ -87,10 +90,7 @@ server {
{% if item.value.ssl.stapling_verify is defined and item.value.ssl.stapling_verify %}
ssl_stapling_verify on;
{% endif %}
{% else %}
listen {{ item.value.port }};
{% endif %}
server_name {{ item.value.server_name | default('localhost') }};
{% if item.value.include_files is defined and item.value.include_files | length %}
{% for file in item.value.include_files %}
include "{{ file }}";

21
tests/playbooks/nginx-http-template.yml
View File

@ -12,7 +12,12 @@
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
port: 80
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
error_page: /usr/share/nginx/html
proxy_hide_headers:
@ -131,7 +136,7 @@
sticky_cookie: false
servers:
frontend_server_1:
address: localhost
address: 0.0.0.0
port: 8081
weight: 1
health_check: max_fails=3 fail_timeout=5s
@ -143,7 +148,7 @@
sticky_cookie: false
servers:
backend_server_1:
address: localhost
address: 0.0.0.0
port: 8082
weight: 1
health_check: max_fails=3 fail_timeout=5s
@ -156,7 +161,10 @@
template_file: http/default.conf.j2
conf_file_name: frontend_default.conf
conf_file_location: /etc/nginx/conf.d/
port: 8081
listen:
listen_localhost:
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
@ -174,7 +182,10 @@
template_file: http/default.conf.j2
conf_file_name: backend_default.conf
conf_file_location: /etc/nginx/conf.d/
port: 8082
listen:
listen_localhost:
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false