sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Upload simple/templated configuration files

Browse Source
This commit is contained in:
Alessandro Fael Garcia 2018-01-26 11:00:26 -08:00
parent c06b7320ad
commit f6f1e0907c
31 changed files with 418 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
README.md
View File

@ -78,6 +78,7 @@ Role Variables
This role has multiple variables. The defaults for all these variables are the following:
---
# Specify which version of NGINX you want to install.
# Options are 'opensource' or 'plus'.
# Default is 'opensource'.
@ -101,7 +102,7 @@ This role has multiple variables. The defaults for all these variables are the f
# Default is false.
status: false
# Enable NGINX Plus REST API and dashboard.
# Default is false.
# Default is false for all three variables.
api:
enable: false
write: false
@ -109,8 +110,34 @@ This role has multiple variables. The defaults for all these variables are the f
# Location of your NGINX Plus license in your local machine.
# Default is the files folder within the NGINX Ansible role.
license:
certificate: nginx-repo.crt
key: nginx-repo.key
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
# Location of the configuration files you wish to upload to NGINX.
# Default is the files folder within the NGINX Ansible role.
configuration_files:
enable: false
main: conf/nginx.conf
http: conf/http/*.conf
# Configuration variables to create a templated NGINX configuration.
# Defaults are the values found in a fresh NGINX installation.
configuration_templates:
enable: false
opensource:
user: nginx
worker_processes: 1
error_level: warn
worker_connections: 1024
keepalive_timeout: 65
listen: 80
server_name: localhost
plus:
user: nginx
worker_processes: auto
error_level: notice
worker_connections: 1024
keepalive_timeout: 65
listen: 80
server_name: localhost
Dependencies

32
defaults/main.yml
View File

@ -22,7 +22,7 @@ amplify: null
# Default is false.
status: false
# Enable NGINX Plus REST API and dashboard.
# Default is false.
# Default is false for all three variables.
api:
enable: false
write: false
@ -30,5 +30,31 @@ api:
# Location of your NGINX Plus license in your local machine.
# Default is the files folder within the NGINX Ansible role.
license:
certificate: nginx-repo.crt
key: nginx-repo.key
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
# Location of the configuration files you wish to upload to NGINX.
# Default is the files folder within the NGINX Ansible role.
configuration_files:
enable: false
main: conf/nginx.conf
http: conf/http/*.conf
# Configuration variables to create a templated NGINX configuration.
# Defaults are the values found in a fresh NGINX installation.
configuration_templates:
enable: false
opensource:
user: nginx
worker_processes: 1
error_level: warn
worker_connections: 1024
keepalive_timeout: 65
listen: 80
server_name: localhost
plus:
user: nginx
worker_processes: auto
error_level: notice
worker_connections: 1024
keepalive_timeout: 65
listen: 80
server_name: localhost

45
files/conf/http/default.conf Normal file
View File

@ -0,0 +1,45 @@
#test
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

31
files/conf/nginx.conf Normal file
View File

@ -0,0 +1,31 @@
#test
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

0
files/.gitkeep → files/license/.gitkeep
View File

4
handlers/main.yml
View File

@ -1,12 +1,12 @@
---
# Start NGINX
- name: "(All OSs) Start NGINX"
- name: "(Handler: All OSs) Start NGINX"
service:
name: nginx
state: started
# Reload NGINX
- name: "(All OSs) Reload NGINX"
- name: "(Handler: All OSs) Reload NGINX"
service:
name: nginx
state: reloaded

4
tasks/amplify/install-amplify.yml
View File

@ -1,10 +1,10 @@
---
- import_tasks: ../conf/setup-status.yml
- name: "(All OSs) Download NGINX Amplify Script"
- name: "(Install: All NGINX) Download NGINX Amplify Script"
get_url:
url: https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh
dest: /tmp/install.sh
- name: "(All OSs) Install NGINX Amplify"
- name: "(Install: All NGINX) Install NGINX Amplify"
shell: API_KEY='{{ amplify }}' sh /tmp/install.sh -y

4
tasks/conf/setup-api.yml
View File

@ -1,6 +1,6 @@
---
- name: "(All OSs) Setup NGINX Plus API"
- name: "(Setup: NGINX Plus) Setup NGINX Plus API"
template:
src: api.j2
dest: /etc/nginx/conf.d/api.conf
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

8
tasks/conf/setup-status.yml
View File

@ -1,5 +1,5 @@
---
- name: "(All OSs) Enable Open Source NGINX Status"
- name: "(Setup: Open Source NGINX) Enable Open Source NGINX Status"
blockinfile:
path: /etc/nginx/conf.d/stub_status.conf
create: yes
@ -13,9 +13,9 @@
}
}
when: type == "opensource"
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(All OSs) Enable NGINX Plus Status"
- name: "(Setup: NGINX Plus) Enable NGINX Plus Status"
blockinfile:
path: /etc/nginx/conf.d/status.conf
create: yes
@ -29,4 +29,4 @@
}
}
when: type == "plus"
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

14
tasks/conf/upload-files.yml Normal file
View File

@ -0,0 +1,14 @@
---
- name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
copy:
src: conf/nginx.conf
dest: /etc/nginx/nginx.conf
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
copy:
src: "{{ item }}"
dest: /etc/nginx/conf.d/
with_fileglob:
- "conf/http/*.conf"
notify: "(Handler: All OSs) Reload NGINX"

32
tasks/conf/upload-templates.yml Normal file
View File

@ -0,0 +1,32 @@
---
- name: "(Setup: Open Source NGINX) Upload Open Source NGINX Main Configuration File"
template:
src: opensource/nginx.conf.j2
dest: /etc/nginx/nginx.conf
when: type == "opensource"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: Open Source NGINX) Upload Open Source NGINX HTTP Configuration Files"
template:
src: "{{ item }}"
dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }}
with_fileglob:
- "../templates/opensource/http/*.j2"
when: type == "opensource"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: NGINX Plus) Upload NGINX Plus Main Configuration File"
template:
src: plus/nginx.conf.j2
dest: /etc/nginx/nginx.conf
when: type == "plus"
notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: NGINX Plus) Upload NGINX Plus HTTP Configuration Files"
template:
src: "{{ item }}"
dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }}
with_fileglob:
- "../templates/plus/http/*.j2"
when: type == "plus"
notify: "(Handler: All OSs) Reload NGINX"

2
tasks/keys/apt-key.yml
View File

@ -1,5 +1,5 @@
---
- name: "(APT OSs) Add APT NGINX Signing Key"
- name: "(Install: APT OSs) Add APT NGINX Signing Key"
apt_key:
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
keyserver: ha.pool.sks-keyservers.net

2
tasks/keys/rpm-key.yml
View File

@ -1,4 +1,4 @@
---
- name: "(RPM OSs) Add RPM NGINX Signing Key"
- name: "(Install: RPM OSs) Add RPM NGINX Signing Key"
rpm_key:
key: http://nginx.org/keys/nginx_signing.key

6
tasks/main.yml
View File

@ -20,6 +20,12 @@
- import_tasks: modules/install-waf.yml
when: modules.waf and type == "plus"
- import_tasks: conf/upload-files.yml
when: configuration_files.enable
- import_tasks: conf/upload-templates.yml
when: configuration_templates.enable
- import_tasks: conf/setup-status.yml
when: status

8
tasks/modules/install-njs.yml
View File

@ -1,21 +1,21 @@
---
- name: "(All OSs) Install NGINX NJS Module"
- name: "(Install: All OSs) Install NGINX NJS Module"
package:
name: nginx-module-njs
state: present
when: type == "opensource"
- name: "(All OSs) Install NGINX NJS Module"
- name: "(Install: All OSs) Install NGINX NJS Module"
package:
name: nginx-plus-module-njs
state: present
when: type == "plus"
- name: "(All OSs) Load NGINX NJS Module"
- name: "(Setup: All NGINX) Load NGINX NJS Module"
blockinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
block: |
load_module modules/ngx_http_js_module.so;
load_module modules/ngx_stream_js_module.so;
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

8
tasks/modules/install-perl.yml
View File

@ -1,19 +1,19 @@
---
- name: "(All OSs) Install NGINX Perl Module"
- name: "(Install: All OSs) Install NGINX Perl Module"
package:
name: nginx-module-perl
state: present
when: type == "opensource"
- name: "(All OSs) Install NGINX Perl Module"
- name: "(Install: All OSs) Install NGINX Perl Module"
package:
name: nginx-plus-module-perl
state: present
when: type == "plus"
- name: "(All OSs) Load NGINX Perl Module"
- name: "(Setup: All NGINX) Load NGINX Perl Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_perl.so;
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

6
tasks/modules/install-waf.yml
View File

@ -1,13 +1,13 @@
---
- name: "(All OSs) Install NGINX Plus WAF Module"
- name: "(Install: All OSs) Install NGINX Plus WAF Module"
package:
name: nginx-plus-module-modsecurity
state: present
when: waf
- name: "(All OSs) Load NGINX Plus WAF Module"
- name: "(Setup: NGINX Plus) Load NGINX Plus WAF Module"
lineinfile:
path: /etc/nginx/nginx.conf
insertbefore: BOF
line: load_module modules/ngx_http_modsecurity_module.so;
notify: "(All OSs) Reload NGINX"
notify: "(Handler: All OSs) Reload NGINX"

4
tasks/opensource/install-oss.yml
View File

@ -8,8 +8,8 @@
- import_tasks: setup-suse.yml
when: ansible_os_family == "Suse"
- name: "(All OSs) Install NGINX"
- name: "(Install: All OSs) Install NGINX"
package:
name: nginx
state: present
notify: "(All OSs) Start NGINX"
notify: "(Handler: All OSs) Start NGINX"

4
tasks/opensource/setup-debian.yml
View File

@ -1,5 +1,5 @@
---
- name: "(Debian/Ubuntu) Add Mainline NGINX Repository"
- name: "(Install: Debian/Ubuntu) Add Mainline NGINX Repository"
apt_repository:
repo: "{{ item }}"
with_items:
@ -7,7 +7,7 @@
- deb-src https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
when: branch == "mainline"
- name: "(Debian/Ubuntu) Add Stable NGINX Repository"
- name: "(Install: Debian/Ubuntu) Add Stable NGINX Repository"
apt_repository:
repo: "{{ item }}"
with_items:

4
tasks/opensource/setup-redhat.yml
View File

@ -1,5 +1,5 @@
---
- name: "(CentOS/RedHat) Add Mainline NGINX Repository"
- name: "(Install: CentOS/RedHat) Add Mainline NGINX Repository"
yum_repository:
name: nginx
baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/
@ -11,7 +11,7 @@
- rhel
when: branch == "mainline"
- name: "(CentOS/RedHat) Add Stable NGINX Repository"
- name: "(Install: CentOS/RedHat) Add Stable NGINX Repository"
yum_repository:
name: nginx
baseurl: https://nginx.org/packages/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/

4
tasks/opensource/setup-suse.yml
View File

@ -1,11 +1,11 @@
---
- name: "(SUSE) Add Mainline NGINX Repository"
- name: "(Install: SUSE) Add Mainline NGINX Repository"
zypper_repository:
name: nginx
repo: https://nginx.org/packages/mainline/sles/12
when: branch == "mainline"
- name: "(SUSE) Add Stable NGINX Repository"
- name: "(Install: SUSE) Add Stable NGINX Repository"
zypper_repository:
name: nginx
repo: https://nginx.org/packages/sles/12

4
tasks/plus/install-plus.yml
View File

@ -13,8 +13,8 @@
- import_tasks: setup-freebsd.yml
when: ansible_os_family == "FreeBSD"
- name: "(All OSs) Install NGINX Plus"
- name: "(Install: All OSs) Install NGINX Plus"
package:
name: nginx-plus
state: present
notify: "(All OSs) Start NGINX"
notify: "(Handler: All OSs) Start NGINX"

6
tasks/plus/setup-debian.yml
View File

@ -1,12 +1,12 @@
---
- name: "(Debian/Ubuntu) Add NGINX Plus Repository"
- name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository"
shell: printf "deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list
- name: "(Debian/Ubuntu) Verify NGINX Plus License"
- name: "(Install: Debian/Ubuntu) Verify NGINX Plus License"
get_url:
url: https://cs.nginx.com/static/files/90nginx
dest: /etc/apt/apt.conf.d/90nginx
- name: "(Debian/Ubuntu) Update APT Cache"
- name: "(Install: Debian/Ubuntu) Update APT Cache"
apt:
update_cache: yes

4
tasks/plus/setup-freebsd.yml
View File

@ -1,10 +1,10 @@
---
- name: "(FreeBSD) Add NGINX Plus Repository"
- name: "(Install: FreeBSD) Add NGINX Plus Repository"
get_url:
url: https://cs.nginx.com/static/files/nginx-plus.conf
dest: /etc/pkg/nginx-plus.conf
- name: "(FreeBSD) Verify NGINX Plus License"
- name: "(Install: FreeBSD) Verify NGINX Plus License"
blockinfile:
path: /usr/local/etc/pkg.conf
block: |

2
tasks/plus/setup-license.yml
View File

@ -1,5 +1,5 @@
---
- name: "(All OSs) Create SSL directory"
- name: "(All OSs) Create SSL Directory"
file:
path: /etc/ssl/nginx
state: directory

10
tasks/plus/setup-redhat.yml
View File

@ -1,25 +1,25 @@
---
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "6"
when: ansible_distribution_major_version|int == 6
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "7"
when: ansible_distribution_major_version|float >= 7.0 and ansible_distribution_major_version|float <= 7.3
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "7.4"
when: ansible_distribution_major_version|float == 7.4
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version"
set_fact:
version: "amazon"
when: ansible_distribution == "Amazon"
- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository"
- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository"
get_url:
url: https://cs.nginx.com/static/files/nginx-plus-{{ version }}.repo
dest: /etc/yum.repos.d/nginx-plus-{{ version }}.repo

4
tasks/plus/setup-suse.yml
View File

@ -1,8 +1,8 @@
---
- name: "(SUSE) Combine NGINX Plus Certificate and License Keys"
- name: "(Install: SUSE) Combine NGINX Plus Certificate and License Keys"
shell: cat /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key > /etc/ssl/nginx/nginx-repo-bundle.crt
- name: "(SUSE) Add NGINX Plus Repository"
- name: "(Install: SUSE) Add NGINX Plus Repository"
zypper_repository:
name: nginx-plus
repo: https://plus-pkgs.nginx.com/sles/12?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host

44
templates/opensource/http/default.conf.j2 Normal file
View File

@ -0,0 +1,44 @@
server {
listen {{ configuration_templates.opensource.listen }};
server_name {{ configuration_templates.opensource.server_name }};
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}

31
templates/opensource/nginx.conf.j2 Normal file
View File

@ -0,0 +1,31 @@
user {{ configuration_templates.opensource.user }};
worker_processes {{ configuration_templates.opensource.worker_processes }};
error_log /var/log/nginx/error.log {{ configuration_templates.opensource.error_level }};
pid /var/run/nginx.pid;
events {
worker_connections {{ configuration_templates.opensource.worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout {{ configuration_templates.opensource.keepalive_timeout }};
#gzip on;
include /etc/nginx/conf.d/*.conf;
}

60
templates/plus/http/default.conf.j2 Normal file
View File

@ -0,0 +1,60 @@
server {
listen {{ configuration_templates.plus.listen }} default_server;
server_name {{ configuration_templates.plus.server_name }};
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
# enable /api/ location with appropriate access control in order
# to make use of NGINX Plus API
#
#location /api/ {
# api write=on;
# allow 127.0.0.1;
# deny all;
#}
# enable NGINX Plus Dashboard; requires /api/ location to be
# enabled and appropriate access control for remote access
#
#location = /dashboard.html {
# root /usr/share/nginx/html;
#}
}

50
templates/plus/nginx.conf.j2 Normal file
View File

@ -0,0 +1,50 @@
user {{ configuration_templates.plus.user }};
worker_processes {{ configuration_templates.plus.worker_processes }};
error_log /var/log/nginx/error.log {{ configuration_templates.plus.error_level }};
pid /var/run/nginx.pid;
events {
worker_connections {{ configuration_templates.plus.worker_connections }};
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout {{ configuration_templates.plus.keepalive_timeout }};
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
# TCP/UDP proxy and load balancing block
#
#stream {
# Example configuration for TCP load balancing
#upstream stream_backend {
# zone tcp_servers 64k;
# server backend1.example.com:12345;
# server backend2.example.com:12345;
#}
#server {
# listen 12345;
# status_zone tcp_server;
# proxy_pass stream_backend;
#}
#}