sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow setting basic parameters for proxy cache (#94)

Browse Source 
* Add parameters for proxy cache
This commit is contained in:
Alexander Rublev 2019-02-12 22:12:40 +07:00 committed by Grzegorz Dzien
parent 80f6157692
commit f29d9c33f0
5 changed files with 204 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
README.md
View File

@ -348,14 +348,54 @@ nginx_http_template:
auth_basic_file: null auth_basic_file: null
http_demo_conf: false http_demo_conf: false
reverse_proxy: reverse_proxy:
proxy_cache_path:
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
locations: locations:
backend: backend:
location: / location: /
proxy_pass: http://backend proxy_pass: http://backend
proxy_cache: frontend_proxy_cache
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
websocket: false websocket: false
auth_basic: null auth_basic: null
auth_basic_file: null auth_basic_file: null
health_check_plus: false health_check_plus: false
proxy_cache_enable: false
proxy_cache:
proxy_cache_path:
path: /var/cache/nginx
keys_zone:
name: one
size: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy
upstreams: upstreams:
upstream1: upstream1:
name: backend name: backend

41
defaults/main.yml
View File

@ -179,19 +179,58 @@ nginx_http_template:
auth_basic_file: null auth_basic_file: null
http_demo_conf: false http_demo_conf: false
reverse_proxy: reverse_proxy:
proxy_cache_path:
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
locations: locations:
backend: backend:
location: / location: /
proxy_pass: http://backend proxy_pass: http://backend
proxy_cache: frontend_proxy_cache
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
websocket: false websocket: false
auth_basic: null auth_basic: null
auth_basic_file: null auth_basic_file: null
health_check_plus: false health_check_plus: false
proxy_cache:
proxy_cache_path:
path: /var/cache/nginx
keys_zone:
name: one
size: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy
upstreams: upstreams:
upstream1: upstream1:
name: backend name: backend
lb_method: least_conn lb_method: least_conn
zone_name: backend zone_name: backend_mem_zone
zone_size: 64k zone_size: 64k
sticky_cookie: false sticky_cookie: false
servers: servers:

11
tasks/conf/template-config.yml
View File

@ -28,6 +28,17 @@
with_dict: "{{ nginx_http_template }}" with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable when: nginx_http_template_enable
- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exists"
file:
path: "{{ item.1.path }}"
state: directory
owner: "{{ nginx_main_template.user }}"
with_subelements:
- "{{ nginx_http_template }}"
- reverse_proxy.proxy_cache_path
- skip_missing: true
when: nginx_http_template_enable
- name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" - name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files"
template: template:
src: "{{ item.value.template_file }}" src: "{{ item.value.template_file }}"

63
templates/http/default.conf.j2
View File

@ -15,6 +15,38 @@ upstream {{ item.value.upstreams[upstream].name }} {
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if item.value.reverse_proxy is defined %}
{% if item.value.reverse_proxy.proxy_cache_path is defined %}
{% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %}
proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
{% endfor %}
{% if item.value.reverse_proxy.proxy_cache_background_update is defined %}
proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_lock is defined %}
proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_min_uses is defined %}
proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_revalidate is defined %}
proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_use_stale is defined %}
proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_ignore_headers is defined %}
proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_temp_path is defined %}
proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }};
{% endif %}
{% endif %}
{% endif %}
server { server {
{% if item.value.ssl is defined %} {% if item.value.ssl is defined %}
listen {{ item.value.port }} ssl; listen {{ item.value.port }} ssl;
@ -30,6 +62,7 @@ server {
{% if item.value.https_redirect is defined and item.value.https_redirect %} {% if item.value.https_redirect is defined and item.value.https_redirect %}
return 301 https://{{ item.value.server_name }}$request_uri; return 301 https://{{ item.value.server_name }}$request_uri;
{% endif%} {% endif%}
{% if item.value.reverse_proxy is defined %} {% if item.value.reverse_proxy is defined %}
{% for location in item.value.reverse_proxy.locations %} {% for location in item.value.reverse_proxy.locations %}
location {{ item.value.reverse_proxy.locations[location].location }} { location {{ item.value.reverse_proxy.locations[location].location }} {
@ -40,9 +73,35 @@ server {
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }}; auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }};
{% endif %} {% endif %}
proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }}; proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
{% if item.value.reverse_proxy.health_check_plus is defined and item.value.reverse_proxy.health_check_plus %}
{% if item.value.reverse_proxy.locations[location].proxy_cache is defined %}
proxy_cache {{ item.value.reverse_proxy.locations[location].proxy_cache }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_background_update is defined %}
proxy_cache_background_update {{ item.value.reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_lock is defined %}
proxy_cache_lock {{ item.value.reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
proxy_cache_min_uses {{ item.value.reverse_proxy.locations[location].proxy_cache_min_uses }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
proxy_cache_revalidate {{ item.value.reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
proxy_cache_use_stale {{ item.value.reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_temp_path is defined %}
proxy_temp_path {{ item.value.reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ignore_headers is defined %}
proxy_ignore_headers {{ item.value.reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
{% endif %}
{% if (item.value.reverse_proxy.health_check_plus is defined) and item.value.reverse_proxy.health_check_plus %}
health_check; health_check;
{% endif %} {% endif %}
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -52,9 +111,9 @@ server {
proxy_set_header Connection "Upgrade"; proxy_set_header Connection "Upgrade";
{% endif %} {% endif %}
} }
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if item.value.web_server is defined %} {% if item.value.web_server is defined %}
{% for location in item.value.web_server.locations %} {% for location in item.value.web_server.locations %}
location {{ item.value.web_server.locations[location].location }} { location {{ item.value.web_server.locations[location].location }} {

54
tests/playbooks/nginx-http-template.yml
View File

@ -5,6 +5,7 @@
roles: roles:
- ansible-role-nginx - ansible-role-nginx
vars: vars:
nginx_debug_output: true
nginx_http_template_enable: true nginx_http_template_enable: true
nginx_http_template: nginx_http_template:
app: app:
@ -15,18 +16,67 @@
server_name: localhost server_name: localhost
error_page: /usr/share/nginx/html error_page: /usr/share/nginx/html
reverse_proxy: reverse_proxy:
proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend
keys_zone:
name: frontend_proxy_cache
size: 5m
levels: "1:2"
max_size: 5g
inactive: 30m
use_temp_path: true
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
locations: locations:
frontend: frontend:
location: / location: /
proxy_pass: http://frontend_servers/ proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache
proxy_temp_path:
path: /var/cache/nginx/proxy/frontend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
backend: backend:
location: /backend location: /backend
proxy_pass: http://backend_servers/ proxy_pass: http://backend_servers/
proxy_cache: backend_proxy_cache
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
upstreams: upstreams:
frontend_upstream: frontend_upstream:
name: frontend_servers name: frontend_servers
lb_method: least_conn lb_method: least_conn
zone_name: frontend zone_name: frontend_mem_zone
zone_size: 64k zone_size: 64k
sticky_cookie: false sticky_cookie: false
servers: servers:
@ -38,7 +88,7 @@
backend_upstream: backend_upstream:
name: backend_servers name: backend_servers
lb_method: least_conn lb_method: least_conn
zone_name: backend zone_name: backend_mem_zone
zone_size: 64k zone_size: 64k
sticky_cookie: false sticky_cookie: false
servers: servers: