diff --git a/README.md b/README.md index 33619b7..0296ac1 100644 --- a/README.md +++ b/README.md @@ -78,6 +78,7 @@ Role Variables This role has multiple variables. The defaults for all these variables are the following: + --- # Specify which version of NGINX you want to install. # Options are 'opensource' or 'plus'. # Default is 'opensource'. @@ -101,7 +102,7 @@ This role has multiple variables. The defaults for all these variables are the f # Default is false. status: false # Enable NGINX Plus REST API and dashboard. - # Default is false. + # Default is false for all three variables. api: enable: false write: false @@ -109,8 +110,34 @@ This role has multiple variables. The defaults for all these variables are the f # Location of your NGINX Plus license in your local machine. # Default is the files folder within the NGINX Ansible role. license: - certificate: nginx-repo.crt - key: nginx-repo.key + certificate: license/nginx-repo.crt + key: license/nginx-repo.key + # Location of the configuration files you wish to upload to NGINX. + # Default is the files folder within the NGINX Ansible role. + configuration_files: + enable: false + main: conf/nginx.conf + http: conf/http/*.conf + # Configuration variables to create a templated NGINX configuration. + # Defaults are the values found in a fresh NGINX installation. + configuration_templates: + enable: false + opensource: + user: nginx + worker_processes: 1 + error_level: warn + worker_connections: 1024 + keepalive_timeout: 65 + listen: 80 + server_name: localhost + plus: + user: nginx + worker_processes: auto + error_level: notice + worker_connections: 1024 + keepalive_timeout: 65 + listen: 80 + server_name: localhost Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index 51b448d..7ed09ac 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -22,7 +22,7 @@ amplify: null # Default is false. status: false # Enable NGINX Plus REST API and dashboard. -# Default is false. +# Default is false for all three variables. api: enable: false write: false @@ -30,5 +30,31 @@ api: # Location of your NGINX Plus license in your local machine. # Default is the files folder within the NGINX Ansible role. license: - certificate: nginx-repo.crt - key: nginx-repo.key + certificate: license/nginx-repo.crt + key: license/nginx-repo.key +# Location of the configuration files you wish to upload to NGINX. +# Default is the files folder within the NGINX Ansible role. +configuration_files: + enable: false + main: conf/nginx.conf + http: conf/http/*.conf +# Configuration variables to create a templated NGINX configuration. +# Defaults are the values found in a fresh NGINX installation. +configuration_templates: + enable: false + opensource: + user: nginx + worker_processes: 1 + error_level: warn + worker_connections: 1024 + keepalive_timeout: 65 + listen: 80 + server_name: localhost + plus: + user: nginx + worker_processes: auto + error_level: notice + worker_connections: 1024 + keepalive_timeout: 65 + listen: 80 + server_name: localhost diff --git a/files/conf/http/default.conf b/files/conf/http/default.conf new file mode 100644 index 0000000..5c6967d --- /dev/null +++ b/files/conf/http/default.conf @@ -0,0 +1,45 @@ +#test +server { + listen 80; + server_name localhost; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} diff --git a/files/conf/nginx.conf b/files/conf/nginx.conf new file mode 100644 index 0000000..71559e0 --- /dev/null +++ b/files/conf/nginx.conf @@ -0,0 +1,31 @@ +#test +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/files/.gitkeep b/files/license/.gitkeep similarity index 100% rename from files/.gitkeep rename to files/license/.gitkeep diff --git a/handlers/main.yml b/handlers/main.yml index 67ab275..1404c0c 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -1,12 +1,12 @@ --- # Start NGINX -- name: "(All OSs) Start NGINX" +- name: "(Handler: All OSs) Start NGINX" service: name: nginx state: started # Reload NGINX -- name: "(All OSs) Reload NGINX" +- name: "(Handler: All OSs) Reload NGINX" service: name: nginx state: reloaded diff --git a/tasks/amplify/install-amplify.yml b/tasks/amplify/install-amplify.yml index 7a362d6..0e5a42c 100644 --- a/tasks/amplify/install-amplify.yml +++ b/tasks/amplify/install-amplify.yml @@ -1,10 +1,10 @@ --- - import_tasks: ../conf/setup-status.yml -- name: "(All OSs) Download NGINX Amplify Script" +- name: "(Install: All NGINX) Download NGINX Amplify Script" get_url: url: https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh dest: /tmp/install.sh -- name: "(All OSs) Install NGINX Amplify" +- name: "(Install: All NGINX) Install NGINX Amplify" shell: API_KEY='{{ amplify }}' sh /tmp/install.sh -y diff --git a/tasks/conf/setup-api.yml b/tasks/conf/setup-api.yml index 87b9663..f865903 100644 --- a/tasks/conf/setup-api.yml +++ b/tasks/conf/setup-api.yml @@ -1,6 +1,6 @@ --- -- name: "(All OSs) Setup NGINX Plus API" +- name: "(Setup: NGINX Plus) Setup NGINX Plus API" template: src: api.j2 dest: /etc/nginx/conf.d/api.conf - notify: "(All OSs) Reload NGINX" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/setup-status.yml b/tasks/conf/setup-status.yml index c22c60a..c8258e9 100644 --- a/tasks/conf/setup-status.yml +++ b/tasks/conf/setup-status.yml @@ -1,5 +1,5 @@ --- -- name: "(All OSs) Enable Open Source NGINX Status" +- name: "(Setup: Open Source NGINX) Enable Open Source NGINX Status" blockinfile: path: /etc/nginx/conf.d/stub_status.conf create: yes @@ -13,9 +13,9 @@ } } when: type == "opensource" - notify: "(All OSs) Reload NGINX" + notify: "(Handler: All OSs) Reload NGINX" -- name: "(All OSs) Enable NGINX Plus Status" +- name: "(Setup: NGINX Plus) Enable NGINX Plus Status" blockinfile: path: /etc/nginx/conf.d/status.conf create: yes @@ -29,4 +29,4 @@ } } when: type == "plus" - notify: "(All OSs) Reload NGINX" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/upload-files.yml b/tasks/conf/upload-files.yml new file mode 100644 index 0000000..7cc215b --- /dev/null +++ b/tasks/conf/upload-files.yml @@ -0,0 +1,14 @@ +--- +- name: "(Setup: All NGINX) Upload NGINX Main Configuration File" + copy: + src: conf/nginx.conf + dest: /etc/nginx/nginx.conf + notify: "(Handler: All OSs) Reload NGINX" + +- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" + copy: + src: "{{ item }}" + dest: /etc/nginx/conf.d/ + with_fileglob: + - "conf/http/*.conf" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/conf/upload-templates.yml b/tasks/conf/upload-templates.yml new file mode 100644 index 0000000..eb046d5 --- /dev/null +++ b/tasks/conf/upload-templates.yml @@ -0,0 +1,32 @@ +--- +- name: "(Setup: Open Source NGINX) Upload Open Source NGINX Main Configuration File" + template: + src: opensource/nginx.conf.j2 + dest: /etc/nginx/nginx.conf + when: type == "opensource" + notify: "(Handler: All OSs) Reload NGINX" + +- name: "(Setup: Open Source NGINX) Upload Open Source NGINX HTTP Configuration Files" + template: + src: "{{ item }}" + dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }} + with_fileglob: + - "../templates/opensource/http/*.j2" + when: type == "opensource" + notify: "(Handler: All OSs) Reload NGINX" + +- name: "(Setup: NGINX Plus) Upload NGINX Plus Main Configuration File" + template: + src: plus/nginx.conf.j2 + dest: /etc/nginx/nginx.conf + when: type == "plus" + notify: "(Handler: All OSs) Reload NGINX" + +- name: "(Setup: NGINX Plus) Upload NGINX Plus HTTP Configuration Files" + template: + src: "{{ item }}" + dest: /etc/nginx/conf.d/{{ item | basename | regex_replace('\.j2','') }} + with_fileglob: + - "../templates/plus/http/*.j2" + when: type == "plus" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/keys/apt-key.yml b/tasks/keys/apt-key.yml index 9127a8f..5a0bd88 100644 --- a/tasks/keys/apt-key.yml +++ b/tasks/keys/apt-key.yml @@ -1,5 +1,5 @@ --- -- name: "(APT OSs) Add APT NGINX Signing Key" +- name: "(Install: APT OSs) Add APT NGINX Signing Key" apt_key: id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 keyserver: ha.pool.sks-keyservers.net diff --git a/tasks/keys/rpm-key.yml b/tasks/keys/rpm-key.yml index 2ea8ee8..0556c5b 100644 --- a/tasks/keys/rpm-key.yml +++ b/tasks/keys/rpm-key.yml @@ -1,4 +1,4 @@ --- -- name: "(RPM OSs) Add RPM NGINX Signing Key" +- name: "(Install: RPM OSs) Add RPM NGINX Signing Key" rpm_key: key: http://nginx.org/keys/nginx_signing.key diff --git a/tasks/main.yml b/tasks/main.yml index 5e30fec..d53aafc 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -20,6 +20,12 @@ - import_tasks: modules/install-waf.yml when: modules.waf and type == "plus" +- import_tasks: conf/upload-files.yml + when: configuration_files.enable + +- import_tasks: conf/upload-templates.yml + when: configuration_templates.enable + - import_tasks: conf/setup-status.yml when: status diff --git a/tasks/modules/install-njs.yml b/tasks/modules/install-njs.yml index 626ab0e..e64231b 100644 --- a/tasks/modules/install-njs.yml +++ b/tasks/modules/install-njs.yml @@ -1,21 +1,21 @@ --- -- name: "(All OSs) Install NGINX NJS Module" +- name: "(Install: All OSs) Install NGINX NJS Module" package: name: nginx-module-njs state: present when: type == "opensource" -- name: "(All OSs) Install NGINX NJS Module" +- name: "(Install: All OSs) Install NGINX NJS Module" package: name: nginx-plus-module-njs state: present when: type == "plus" -- name: "(All OSs) Load NGINX NJS Module" +- name: "(Setup: All NGINX) Load NGINX NJS Module" blockinfile: path: /etc/nginx/nginx.conf insertbefore: BOF block: | load_module modules/ngx_http_js_module.so; load_module modules/ngx_stream_js_module.so; - notify: "(All OSs) Reload NGINX" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-perl.yml b/tasks/modules/install-perl.yml index fe95185..575f492 100644 --- a/tasks/modules/install-perl.yml +++ b/tasks/modules/install-perl.yml @@ -1,19 +1,19 @@ --- -- name: "(All OSs) Install NGINX Perl Module" +- name: "(Install: All OSs) Install NGINX Perl Module" package: name: nginx-module-perl state: present when: type == "opensource" -- name: "(All OSs) Install NGINX Perl Module" +- name: "(Install: All OSs) Install NGINX Perl Module" package: name: nginx-plus-module-perl state: present when: type == "plus" -- name: "(All OSs) Load NGINX Perl Module" +- name: "(Setup: All NGINX) Load NGINX Perl Module" lineinfile: path: /etc/nginx/nginx.conf insertbefore: BOF line: load_module modules/ngx_http_perl.so; - notify: "(All OSs) Reload NGINX" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/modules/install-waf.yml b/tasks/modules/install-waf.yml index 2a5bdc8..d75a1d8 100644 --- a/tasks/modules/install-waf.yml +++ b/tasks/modules/install-waf.yml @@ -1,13 +1,13 @@ --- -- name: "(All OSs) Install NGINX Plus WAF Module" +- name: "(Install: All OSs) Install NGINX Plus WAF Module" package: name: nginx-plus-module-modsecurity state: present when: waf -- name: "(All OSs) Load NGINX Plus WAF Module" +- name: "(Setup: NGINX Plus) Load NGINX Plus WAF Module" lineinfile: path: /etc/nginx/nginx.conf insertbefore: BOF line: load_module modules/ngx_http_modsecurity_module.so; - notify: "(All OSs) Reload NGINX" + notify: "(Handler: All OSs) Reload NGINX" diff --git a/tasks/opensource/install-oss.yml b/tasks/opensource/install-oss.yml index 32aa35a..e93dbcb 100644 --- a/tasks/opensource/install-oss.yml +++ b/tasks/opensource/install-oss.yml @@ -8,8 +8,8 @@ - import_tasks: setup-suse.yml when: ansible_os_family == "Suse" -- name: "(All OSs) Install NGINX" +- name: "(Install: All OSs) Install NGINX" package: name: nginx state: present - notify: "(All OSs) Start NGINX" + notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/opensource/setup-debian.yml b/tasks/opensource/setup-debian.yml index 5f70ad2..8feb1d4 100644 --- a/tasks/opensource/setup-debian.yml +++ b/tasks/opensource/setup-debian.yml @@ -1,5 +1,5 @@ --- -- name: "(Debian/Ubuntu) Add Mainline NGINX Repository" +- name: "(Install: Debian/Ubuntu) Add Mainline NGINX Repository" apt_repository: repo: "{{ item }}" with_items: @@ -7,7 +7,7 @@ - deb-src https://nginx.org/packages/mainline/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx when: branch == "mainline" -- name: "(Debian/Ubuntu) Add Stable NGINX Repository" +- name: "(Install: Debian/Ubuntu) Add Stable NGINX Repository" apt_repository: repo: "{{ item }}" with_items: diff --git a/tasks/opensource/setup-redhat.yml b/tasks/opensource/setup-redhat.yml index 3c95c1d..4694063 100644 --- a/tasks/opensource/setup-redhat.yml +++ b/tasks/opensource/setup-redhat.yml @@ -1,5 +1,5 @@ --- -- name: "(CentOS/RedHat) Add Mainline NGINX Repository" +- name: "(Install: CentOS/RedHat) Add Mainline NGINX Repository" yum_repository: name: nginx baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/ @@ -11,7 +11,7 @@ - rhel when: branch == "mainline" -- name: "(CentOS/RedHat) Add Stable NGINX Repository" +- name: "(Install: CentOS/RedHat) Add Stable NGINX Repository" yum_repository: name: nginx baseurl: https://nginx.org/packages/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/ diff --git a/tasks/opensource/setup-suse.yml b/tasks/opensource/setup-suse.yml index be74b1b..2a1c61c 100644 --- a/tasks/opensource/setup-suse.yml +++ b/tasks/opensource/setup-suse.yml @@ -1,11 +1,11 @@ --- -- name: "(SUSE) Add Mainline NGINX Repository" +- name: "(Install: SUSE) Add Mainline NGINX Repository" zypper_repository: name: nginx repo: https://nginx.org/packages/mainline/sles/12 when: branch == "mainline" -- name: "(SUSE) Add Stable NGINX Repository" +- name: "(Install: SUSE) Add Stable NGINX Repository" zypper_repository: name: nginx repo: https://nginx.org/packages/sles/12 diff --git a/tasks/plus/install-plus.yml b/tasks/plus/install-plus.yml index 1f964e6..116d3bb 100644 --- a/tasks/plus/install-plus.yml +++ b/tasks/plus/install-plus.yml @@ -13,8 +13,8 @@ - import_tasks: setup-freebsd.yml when: ansible_os_family == "FreeBSD" -- name: "(All OSs) Install NGINX Plus" +- name: "(Install: All OSs) Install NGINX Plus" package: name: nginx-plus state: present - notify: "(All OSs) Start NGINX" + notify: "(Handler: All OSs) Start NGINX" diff --git a/tasks/plus/setup-debian.yml b/tasks/plus/setup-debian.yml index ffa5158..ab9995f 100644 --- a/tasks/plus/setup-debian.yml +++ b/tasks/plus/setup-debian.yml @@ -1,12 +1,12 @@ --- -- name: "(Debian/Ubuntu) Add NGINX Plus Repository" +- name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository" shell: printf "deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} `lsb_release -cs` nginx-plus\n" | sudo tee /etc/apt/sources.list.d/nginx-plus.list -- name: "(Debian/Ubuntu) Verify NGINX Plus License" +- name: "(Install: Debian/Ubuntu) Verify NGINX Plus License" get_url: url: https://cs.nginx.com/static/files/90nginx dest: /etc/apt/apt.conf.d/90nginx -- name: "(Debian/Ubuntu) Update APT Cache" +- name: "(Install: Debian/Ubuntu) Update APT Cache" apt: update_cache: yes diff --git a/tasks/plus/setup-freebsd.yml b/tasks/plus/setup-freebsd.yml index bb9cc9f..7ce15c9 100644 --- a/tasks/plus/setup-freebsd.yml +++ b/tasks/plus/setup-freebsd.yml @@ -1,10 +1,10 @@ --- -- name: "(FreeBSD) Add NGINX Plus Repository" +- name: "(Install: FreeBSD) Add NGINX Plus Repository" get_url: url: https://cs.nginx.com/static/files/nginx-plus.conf dest: /etc/pkg/nginx-plus.conf -- name: "(FreeBSD) Verify NGINX Plus License" +- name: "(Install: FreeBSD) Verify NGINX Plus License" blockinfile: path: /usr/local/etc/pkg.conf block: | diff --git a/tasks/plus/setup-license.yml b/tasks/plus/setup-license.yml index 0dbbbad..ac39556 100644 --- a/tasks/plus/setup-license.yml +++ b/tasks/plus/setup-license.yml @@ -1,5 +1,5 @@ --- -- name: "(All OSs) Create SSL directory" +- name: "(All OSs) Create SSL Directory" file: path: /etc/ssl/nginx state: directory diff --git a/tasks/plus/setup-redhat.yml b/tasks/plus/setup-redhat.yml index d1d18e2..46780b4 100644 --- a/tasks/plus/setup-redhat.yml +++ b/tasks/plus/setup-redhat.yml @@ -1,25 +1,25 @@ --- -- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" +- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" set_fact: version: "6" when: ansible_distribution_major_version|int == 6 -- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" +- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" set_fact: version: "7" when: ansible_distribution_major_version|float >= 7.0 and ansible_distribution_major_version|float <= 7.3 -- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" +- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" set_fact: version: "7.4" when: ansible_distribution_major_version|float == 7.4 -- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" +- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Gather Distribution Version" set_fact: version: "amazon" when: ansible_distribution == "Amazon" -- name: "(CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository" +- name: "(Install: CentOS/RedHat/Amazon Linux/Oracle Linux) Add NGINX Plus Repository" get_url: url: https://cs.nginx.com/static/files/nginx-plus-{{ version }}.repo dest: /etc/yum.repos.d/nginx-plus-{{ version }}.repo diff --git a/tasks/plus/setup-suse.yml b/tasks/plus/setup-suse.yml index d492f80..3684f1a 100644 --- a/tasks/plus/setup-suse.yml +++ b/tasks/plus/setup-suse.yml @@ -1,8 +1,8 @@ --- -- name: "(SUSE) Combine NGINX Plus Certificate and License Keys" +- name: "(Install: SUSE) Combine NGINX Plus Certificate and License Keys" shell: cat /etc/ssl/nginx/nginx-repo.crt /etc/ssl/nginx/nginx-repo.key > /etc/ssl/nginx/nginx-repo-bundle.crt -- name: "(SUSE) Add NGINX Plus Repository" +- name: "(Install: SUSE) Add NGINX Plus Repository" zypper_repository: name: nginx-plus repo: https://plus-pkgs.nginx.com/sles/12?ssl_clientcert=/etc/ssl/nginx/nginx-repo-bundle.crt&ssl_verify=host diff --git a/templates/opensource/http/default.conf.j2 b/templates/opensource/http/default.conf.j2 new file mode 100644 index 0000000..bcc6606 --- /dev/null +++ b/templates/opensource/http/default.conf.j2 @@ -0,0 +1,44 @@ +server { + listen {{ configuration_templates.opensource.listen }}; + server_name {{ configuration_templates.opensource.server_name }}; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} diff --git a/templates/opensource/nginx.conf.j2 b/templates/opensource/nginx.conf.j2 new file mode 100644 index 0000000..0219ca9 --- /dev/null +++ b/templates/opensource/nginx.conf.j2 @@ -0,0 +1,31 @@ +user {{ configuration_templates.opensource.user }}; +worker_processes {{ configuration_templates.opensource.worker_processes }}; + +error_log /var/log/nginx/error.log {{ configuration_templates.opensource.error_level }}; +pid /var/run/nginx.pid; + + +events { + worker_connections {{ configuration_templates.opensource.worker_connections }}; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout {{ configuration_templates.opensource.keepalive_timeout }}; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/templates/plus/http/default.conf.j2 b/templates/plus/http/default.conf.j2 new file mode 100644 index 0000000..1c77e4f --- /dev/null +++ b/templates/plus/http/default.conf.j2 @@ -0,0 +1,60 @@ +server { + listen {{ configuration_templates.plus.listen }} default_server; + server_name {{ configuration_templates.plus.server_name }}; + + #charset koi8-r; + #access_log /var/log/nginx/host.access.log main; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + + # enable /api/ location with appropriate access control in order + # to make use of NGINX Plus API + # + #location /api/ { + # api write=on; + # allow 127.0.0.1; + # deny all; + #} + + # enable NGINX Plus Dashboard; requires /api/ location to be + # enabled and appropriate access control for remote access + # + #location = /dashboard.html { + # root /usr/share/nginx/html; + #} +} diff --git a/templates/plus/nginx.conf.j2 b/templates/plus/nginx.conf.j2 new file mode 100644 index 0000000..810c0b4 --- /dev/null +++ b/templates/plus/nginx.conf.j2 @@ -0,0 +1,50 @@ +user {{ configuration_templates.plus.user }}; +worker_processes {{ configuration_templates.plus.worker_processes }}; + +error_log /var/log/nginx/error.log {{ configuration_templates.plus.error_level }}; +pid /var/run/nginx.pid; + + +events { + worker_connections {{ configuration_templates.plus.worker_connections }}; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout {{ configuration_templates.plus.keepalive_timeout }}; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} + + +# TCP/UDP proxy and load balancing block +# +#stream { + # Example configuration for TCP load balancing + + #upstream stream_backend { + # zone tcp_servers 64k; + # server backend1.example.com:12345; + # server backend2.example.com:12345; + #} + + #server { + # listen 12345; + # status_zone tcp_server; + # proxy_pass stream_backend; + #} +#}