From feda384b943a15bb6027653f2627bb869d865df0 Mon Sep 17 00:00:00 2001 From: Alessandro Fael Garcia Date: Tue, 21 May 2019 17:23:06 +0200 Subject: [PATCH] Improve role handling (#128) * Improve role handling * Add defaults to some tasks * Improve template conditionals --- README.md | 58 ++++++++++++++++++------------- defaults/main.yml | 4 +-- tasks/conf/debug-output.yml | 2 +- tasks/conf/setup-status.yml | 4 +-- tasks/conf/template-config.yml | 48 ++++++++++++++----------- tasks/conf/upload-config.yml | 30 +++++++++------- tasks/controller/setup-debian.yml | 2 +- tasks/plus/setup-debian.yml | 2 +- tasks/plus/setup-redhat.yml | 8 +++-- templates/api.conf.j2 | 17 --------- templates/http/default.conf.j2 | 39 ++++++++++----------- templates/stream/default.conf.j2 | 1 + templates/www/index.html.j2 | 2 +- 13 files changed, 113 insertions(+), 104 deletions(-) delete mode 100644 templates/api.conf.j2 diff --git a/README.md b/README.md index 36f8bba..35fcba0 100644 --- a/README.md +++ b/README.md @@ -86,10 +86,10 @@ RedHat: - 6.5+ - 7.4+ - 8 - SUSE/SLES: - versions: - - 12 - - 15 +SUSE/SLES: + versions: + - 12 + - 15 Ubuntu: versions: - trusty @@ -115,7 +115,7 @@ Ubuntu: versions: - trusty - xenial - - bionic + - bionic RedHat: versions: - 6 @@ -211,23 +211,33 @@ nginx_install_from: nginx_repository # Choose where to fetch the NGINX signing key from. # Default is the official NGINX signing key host. -nginx_signing_key: http://nginx.org/keys/nginx_signing.key +# nginx_signing_key: http://nginx.org/keys/nginx_signing.key # Specify source repository for NGINX Open Source. -# Only works if 'nginx_install_from' is set to 'nginx_repository'. +# Only works if 'install_from' is set to 'nginx_repository'. # Defaults are the official NGINX repositories. nginx_repository: + alpine: >- + https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main debian: - - deb https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx - - deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx - redhat: - - https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}{{ ansible_distribution_major_version|int }}/$basearch/ - suse: - - https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}sles/12 + - >- + deb https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx + - >- + deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx + redhat: >- + https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat") + | ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/ + suse: >- + https://nginx.org/packages/{{ (nginx_branch == 'mainline') + | ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }} # Specify which branch of NGINX Open Source you want to install. # Options are 'mainline' or 'stable'. -# Only works if 'nginx_install_from' is set to 'nginx_repository'. +# Only works if 'install_from' is set to 'nginx_repository'. # Default is mainline. nginx_branch: mainline @@ -353,10 +363,12 @@ nginx_http_template: autoindex: false auth_basic: null auth_basic_user_file: null + try_files: $uri $uri/index.html $uri.html =404 #auth_request: /auth ssl: cert: /etc/ssl/certs/default.crt key: /etc/ssl/private/default.key + dhparam: /etc/ssl/private/dh_param.pem protocols: TLSv1 TLSv1.1 TLSv1.2 ciphers: HIGH:!aNULL:!MD5 session_cache: none @@ -370,7 +382,8 @@ nginx_http_template: autoindex: false auth_basic: null auth_basic_user_file: null - #auth_req: /auth + try_files: $uri $uri/index.html $uri.html =404 + #auth_request: /auth #returns: #return302: #code: 302 @@ -432,9 +445,6 @@ nginx_http_template: cert: /etc/ssl/certs/proxy_default.crt key: /etc/ssl/private/proxy_default.key trusted_cert: /etc/ssl/certs/proxy_ca.crt - dhparam: /etc/ssl/private/dh_param.pem - server_name: false - name: server_name protocols: TLSv1 TLSv1.1 TLSv1.2 ciphers: HIGH:!aNULL:!MD5 verify: false @@ -452,10 +462,10 @@ nginx_http_template: proxy_ignore_headers: - Vary - Cache-Control - proxy_redirect: false websocket: false auth_basic: null auth_basic_user_file: null + try_files: $uri $uri/index.html $uri.html =404 #auth_req: /auth #returns: #return302: @@ -494,7 +504,7 @@ nginx_status_port: 8080 # Requires NGINX Plus. # Default is false. nginx_rest_api_enable: false -nginx_rest_api_src: api.conf.j2 +nginx_rest_api_src: http/api.conf.j2 nginx_rest_api_location: /etc/nginx/conf.d/api.conf nginx_rest_api_port: 8080 nginx_rest_api_write: false @@ -522,8 +532,6 @@ nginx_stream_template: cert: /etc/ssl/certs/proxy_default.crt key: /etc/ssl/private/proxy_default.key trusted_cert: /etc/ssl/certs/proxy_ca.crt - server_name: false - name: server_name protocols: TLSv1 TLSv1.1 TLSv1.2 ciphers: HIGH:!aNULL:!MD5 verify: false @@ -713,6 +721,8 @@ License Author Information ------------------ -Alessandro Fael Garcia +[Alessandro Fael Garcia](https://github.com/alessfg) -[NGINX Inc](https://www.nginx.com/) +[Grzegorz Dzien](https://github.com/gdzien) + +© [NGINX, Inc.](https://www.nginx.com/) 2018 - 2019 diff --git a/defaults/main.yml b/defaults/main.yml index da578f1..11e2c56 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,7 +4,7 @@ nginx_enable: true # Start NGINX service. -# Default is true +# Default is true. nginx_start: true # Print NGINX configuration file to terminal after executing playbook. @@ -316,7 +316,7 @@ nginx_status_port: 8080 # Requires NGINX Plus. # Default is false. nginx_rest_api_enable: false -nginx_rest_api_src: api.conf.j2 +nginx_rest_api_src: http/api.conf.j2 nginx_rest_api_location: /etc/nginx/conf.d/api.conf nginx_rest_api_port: 8080 nginx_rest_api_write: false diff --git a/tasks/conf/debug-output.yml b/tasks/conf/debug-output.yml index ec6576b..6ad7ba1 100644 --- a/tasks/conf/debug-output.yml +++ b/tasks/conf/debug-output.yml @@ -6,4 +6,4 @@ - name: "(Setup: All OSs) Print NGINX configuration" debug: - var: nginx_configuration.stdout_lines + var: nginx_configuration.stdout_lines diff --git a/tasks/conf/setup-status.yml b/tasks/conf/setup-status.yml index 5a275d4..92053eb 100644 --- a/tasks/conf/setup-status.yml +++ b/tasks/conf/setup-status.yml @@ -5,7 +5,7 @@ create: yes block: | server { - listen 127.0.0.1:{{ nginx_status_port }}; + listen 127.0.0.1:{{ nginx_status_port | default('8080') }}; location /nginx_status { stub_status on; allow 127.0.0.1; @@ -21,7 +21,7 @@ create: yes block: | server { - listen 127.0.0.1:{{ nginx_status_port }}; + listen 127.0.0.1:{{ nginx_status_port | default('8080') }}; location /status { status; allow 127.0.0.1; diff --git a/tasks/conf/template-config.yml b/tasks/conf/template-config.yml index 5e97eef..75112b9 100644 --- a/tasks/conf/template-config.yml +++ b/tasks/conf/template-config.yml @@ -1,39 +1,45 @@ --- - name: "(Setup: All NGINX) Ensure HTML Directory Exists" file: - path: "{{ item.value.html_file_location }}" + path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}" state: directory with_dict: "{{ nginx_html_demo_template }}" when: nginx_html_demo_template_enable - name: "(Setup: All NGINX) Dynamically Generate HTML Files" template: - src: "{{ item.value.template_file }}" - dest: "{{ item.value.html_file_location }}/{{ item.value.html_file_name }}" + src: "{{ item.value.template_file | default('www/index.html.j2') }}" + dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}" backup: yes with_dict: "{{ nginx_html_demo_template }}" when: nginx_html_demo_template_enable +- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists" + file: + path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}" + state: directory + when: nginx_main_template_enable + - name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File" template: - src: "{{ nginx_main_template.template_file }}" - dest: "{{ nginx_main_template.conf_file_location }}/{{ nginx_main_template.conf_file_name }}" + src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}" + dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}" backup: yes when: nginx_main_template_enable notify: "(Handler: All OSs) Reload NGINX" - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" file: - path: "{{ item.value.conf_file_location }}" + path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}" state: directory with_dict: "{{ nginx_http_template }}" when: nginx_http_template_enable -- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exists" +- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exist" file: path: "{{ item.1.path }}" state: directory - owner: "{{ nginx_main_template.user }}" + owner: "{{ nginx_main_template.user | default('nginx') }}" with_subelements: - "{{ nginx_http_template }}" - reverse_proxy.proxy_cache_path @@ -42,33 +48,33 @@ - name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" template: - src: "{{ item.value.template_file }}" - dest: "{{ item.value.conf_file_location }}/{{ item.value.conf_file_name }}" + src: "{{ item.value.template_file | default('http/default.conf.j2') }}" + dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}" backup: yes with_dict: "{{ nginx_http_template }}" when: nginx_http_template_enable notify: "(Handler: All OSs) Reload NGINX" +- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File" + template: + src: "{{ nginx_rest_api_src | default('http/api.conf.j2') }}" + dest: "{{ nginx_rest_api_location | default('/etc/nginx/conf.d/api.conf') }}" + backup: yes + notify: "(Handler: All OSs) Reload NGINX" + when: nginx_rest_api_enable + - name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" file: - path: "{{ item.value.conf_file_location }}" + path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}" state: directory with_dict: "{{ nginx_stream_template }}" when: nginx_stream_template_enable - name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files" template: - src: "{{ item.value.template_file }}" - dest: "{{ item.value.conf_file_location }}/{{ item.value.conf_file_name }}" + src: "{{ item.value.template_file | default('stream/default.conf.j2') }}" + dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}" backup: yes with_dict: "{{ nginx_stream_template }}" when: nginx_stream_template_enable notify: "(Handler: All OSs) Reload NGINX" - -- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File" - template: - src: "{{ nginx_rest_api_src }}" - dest: "{{ nginx_rest_api_location }}" - backup: yes - notify: "(Handler: All OSs) Reload NGINX" - when: nginx_rest_api_enable diff --git a/tasks/conf/upload-config.yml b/tasks/conf/upload-config.yml index 4caa079..9add6a9 100644 --- a/tasks/conf/upload-config.yml +++ b/tasks/conf/upload-config.yml @@ -1,22 +1,28 @@ --- +- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists" + file: + path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}" + state: directory + when: nginx_main_upload_enable + - name: "(Setup: All NGINX) Upload NGINX Main Configuration File" copy: - src: "{{ nginx_main_upload_src }}" - dest: "{{ nginx_main_upload_dest }}" + src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}" + dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}" backup: yes notify: "(Handler: All OSs) Reload NGINX" when: nginx_main_upload_enable - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" file: - path: "{{ nginx_http_upload_dest }}" + path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}" state: directory when: nginx_http_upload_enable - name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" copy: src: "{{ item }}" - dest: "{{ nginx_http_upload_dest }}" + dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}" backup: yes with_fileglob: "{{ nginx_http_upload_src }}" notify: "(Handler: All OSs) Reload NGINX" @@ -24,14 +30,14 @@ - name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" file: - path: "{{ nginx_stream_upload_dest }}" + path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}" state: directory when: nginx_stream_upload_enable - name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files" copy: src: "{{ item }}" - dest: "{{ nginx_stream_upload_dest }}" + dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}" backup: yes with_fileglob: "{{ nginx_stream_upload_src }}" notify: "(Handler: All OSs) Reload NGINX" @@ -39,14 +45,14 @@ - name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists" file: - path: "{{ nginx_html_upload_dest }}" + path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}" state: directory when: nginx_html_upload_enable - name: "(Setup: All NGINX) Upload NGINX HTML Files" copy: src: "{{ item }}" - dest: "{{ nginx_html_upload_dest }}" + dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}" backup: yes with_fileglob: "{{ nginx_html_upload_src }}" notify: "(Handler: All OSs) Reload NGINX" @@ -54,20 +60,20 @@ - name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists" file: - path: "{{ nginx_ssl_crt_upload_dest }}" + path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}" state: directory when: nginx_ssl_upload_enable - name: "(Setup: All NGINX) Ensure SSL Key Directory Exists" file: - path: "{{ nginx_ssl_key_upload_dest }}" + path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}" state: directory when: nginx_ssl_upload_enable - name: "(Setup: All NGINX) Upload NGINX SSL Certificates" copy: src: "{{ item }}" - dest: "{{ nginx_ssl_crt_upload_dest }}" + dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}" mode: 0640 decrypt: yes backup: yes @@ -77,7 +83,7 @@ - name: "(Setup: All NGINX) Upload NGINX SSL Keys" copy: src: "{{ item }}" - dest: "{{ nginx_ssl_key_upload_dest }}" + dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}" mode: 0640 decrypt: yes backup: yes diff --git a/tasks/controller/setup-debian.yml b/tasks/controller/setup-debian.yml index 59f5a54..c22bd72 100644 --- a/tasks/controller/setup-debian.yml +++ b/tasks/controller/setup-debian.yml @@ -2,4 +2,4 @@ - name: "(Install: Debian/Ubuntu) Add NGINX Controller Agent Repository" apt_repository: filename: nginx-controller - repo: deb http://packages.nginx.org/controller/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} controller + repo: deb http://packages.nginx.org/controller/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release | lower }} controller diff --git a/tasks/plus/setup-debian.yml b/tasks/plus/setup-debian.yml index 5f03a90..3c57ec6 100644 --- a/tasks/plus/setup-debian.yml +++ b/tasks/plus/setup-debian.yml @@ -1,7 +1,7 @@ --- - name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository" apt_repository: - repo: deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} nginx-plus + repo: deb https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus filename: nginx-plus update_cache: no diff --git a/tasks/plus/setup-redhat.yml b/tasks/plus/setup-redhat.yml index 9f4d15d..a37032b 100644 --- a/tasks/plus/setup-redhat.yml +++ b/tasks/plus/setup-redhat.yml @@ -2,7 +2,9 @@ - name: "(Install: CentOS/RedHat/Oracle Linux) Add NGINX Plus Repository" yum_repository: name: nginx-plus - baseurl: https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0) | ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/ + baseurl: >- + https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0) + | ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/ description: NGINX Plus Repository sslclientcert: /etc/ssl/nginx/nginx-repo.crt sslclientkey: /etc/ssl/nginx/nginx-repo.key @@ -13,7 +15,9 @@ - name: "(Install: Amazon Linux) Add NGINX Plus Repository" yum_repository: name: nginx-plus - baseurl: https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_major_version == "2") | ternary('2', '') }}/$releasever/$basearch + baseurl: >- + https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == "2") + | ternary('2', '') }}/$releasever/$basearch description: NGINX Plus Repository sslclientcert: /etc/ssl/nginx/nginx-repo.crt sslclientkey: /etc/ssl/nginx/nginx-repo.key diff --git a/templates/api.conf.j2 b/templates/api.conf.j2 deleted file mode 100644 index 5fc4ffa..0000000 --- a/templates/api.conf.j2 +++ /dev/null @@ -1,17 +0,0 @@ -{{ ansible_managed | comment }} - -server { - listen {{ nginx_rest_api_port }}; - location /api { -{% if nginx_rest_api_write %} - api write=on; -{% else %} - api; -{% endif %} - } -{% if nginx_rest_api_dashboard %} - location = /dashboard.html { - root /usr/share/nginx/html; - } -{% endif %} -} \ No newline at end of file diff --git a/templates/http/default.conf.j2 b/templates/http/default.conf.j2 index 0781501..834fb73 100644 --- a/templates/http/default.conf.j2 +++ b/templates/http/default.conf.j2 @@ -1,6 +1,6 @@ {{ ansible_managed | comment }} -{% if item.value.upstreams is defined %} +{% if item.value.upstreams is defined and item.value.upstreams %} {% for upstream in item.value.upstreams %} upstream {{ item.value.upstreams[upstream].name }} { {{ item.value.upstreams[upstream].lb_method }}; @@ -15,33 +15,32 @@ upstream {{ item.value.upstreams[upstream].name }} { {% endfor %} {% endif %} -{% if item.value.reverse_proxy is defined %} -{% if item.value.reverse_proxy.proxy_cache_path is defined %} +{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %} +{% if item.value.reverse_proxy.proxy_cache_path is defined and item.value.reverse_proxy.proxy_cache_path %} {% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %} proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }} levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }} inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }}; {% endfor %} - -{% if item.value.reverse_proxy.proxy_cache_background_update is defined %} +{% if item.value.reverse_proxy.proxy_cache_background_update is defined and item.value.reverse_proxy.proxy_cache_background_update%} proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }}; {% endif %} -{% if item.value.reverse_proxy.proxy_cache_lock is defined %} +{% if item.value.reverse_proxy.proxy_cache_lock is defined and item.value.reverse_proxy.proxy_cache_lock %} proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }}; {% endif %} -{% if item.value.reverse_proxy.proxy_cache_min_uses is defined %} +{% if item.value.reverse_proxy.proxy_cache_min_uses is defined and item.value.reverse_proxy.proxy_cache_min_uses %} proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }}; {% endif %} -{% if item.value.reverse_proxy.proxy_cache_revalidate is defined %} +{% if item.value.reverse_proxy.proxy_cache_revalidate is defined and item.value.reverse_proxy.proxy_cache_revalidate %} proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }}; {% endif %} -{% if item.value.reverse_proxy.proxy_cache_use_stale is defined %} +{% if item.value.reverse_proxy.proxy_cache_use_stale is defined and item.value.reverse_proxy.proxy_cache_use_stale %} proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }}; {% endif %} -{% if item.value.reverse_proxy.proxy_ignore_headers is defined %} +{% if item.value.reverse_proxy.proxy_ignore_headers is defined and item.value.reverse_proxy.proxy_ignore_headers %} proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }}; {% endif %} -{% if item.value.reverse_proxy.proxy_temp_path is defined %} +{% if item.value.reverse_proxy.proxy_temp_path is defined and item.value.reverse_proxy.proxy_temp_path.path %} proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }}; {% endif %} {% endif %} @@ -51,29 +50,29 @@ auth_request {{ item.value.auth_request_http }}; {% endif %} server { -{% if item.value.ssl is defined %} +{% if item.value.ssl is defined and item.value.ssl %} listen {{ item.value.port }} ssl; ssl_certificate {{ item.value.ssl.cert }}; ssl_certificate_key {{ item.value.ssl.key }}; {% if item.value.ssl.dhparam is defined %} ssl_dhparam {{ item.value.ssl.dhparam }}; {% endif %} -{% if item.value.ssl.protocols is defined %} +{% if item.value.ssl.protocols is defined and item.value.ssl.protocols %} ssl_protocols {{ item.value.ssl.protocols }}; {% endif %} -{% if item.value.ssl.ciphers is defined %} +{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %} ssl_ciphers {{ item.value.ssl.ciphers }}; {% endif %} -{% if item.value.ssl.session_cache is defined %} +{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %} ssl_session_cache {{ item.value.ssl.session_cache }}; {% endif %} -{% if item.value.ssl.session_timeout is defined %} +{% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %} ssl_session_timeout {{ item.value.ssl.session_timeout }}; {% endif %} {% else %} listen {{ item.value.port }}; {% endif %} - server_name {{ item.value.server_name }}; + server_name {{ item.value.server_name | default('localhost') }}; {% if item.value.auth_basic is defined and item.value.auth_basic %} auth_basic "{{ item.value.auth_basic }}"; {% endif %} @@ -96,7 +95,7 @@ server { auth_request {{ item.value.auth_request }}; {% endif %} -{% if item.value.reverse_proxy is defined %} +{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %} {% for location in item.value.reverse_proxy.locations %} location {{ item.value.reverse_proxy.locations[location].location }} { {% if item.value.reverse_proxy.locations[location].internal is sameas true %} @@ -144,8 +143,8 @@ server { {% if item.value.reverse_proxy.locations[location].try_files is defined %} try_files {{ item.value.reverse_proxy.locations[location].try_files }}; {% endif %} -{% if item.value.reverse_proxy.locations[location].proxy_ssl is defined %} +{% if item.value.reverse_proxy.locations[location].proxy_ssl is defined and item.value.reverse_proxy.locations[location].proxy_ssl %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.cert is defined %} proxy_ssl_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.cert }}; {% endif %} @@ -265,4 +264,4 @@ server { root {{ item.value.error_page }}; } {% endif %} -} \ No newline at end of file +} diff --git a/templates/stream/default.conf.j2 b/templates/stream/default.conf.j2 index 38090b9..3f1fcb2 100644 --- a/templates/stream/default.conf.j2 +++ b/templates/stream/default.conf.j2 @@ -1,4 +1,5 @@ {{ ansible_managed | comment }} + {% if item.value.upstreams is defined %} {% for upstream in item.value.upstreams %} upstream {{ item.value.upstreams[upstream].name }} { diff --git a/templates/www/index.html.j2 b/templates/www/index.html.j2 index 87e7467..a1aa64b 100644 --- a/templates/www/index.html.j2 +++ b/templates/www/index.html.j2 @@ -95,7 +95,7 @@ clearTimeout(ref);