sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Improve role handling (#128)

Browse Source 
* Improve role handling

* Add defaults to some tasks

* Improve template conditionals
This commit is contained in:
Alessandro Fael Garcia 2019-05-21 17:23:06 +02:00 committed by Grzegorz Dzien
parent f3ec78e7ae
commit feda384b94
13 changed files with 113 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
README.md
View File

@ -86,10 +86,10 @@ RedHat:
- 6.5+ - 6.5+
- 7.4+ - 7.4+
- 8 - 8
SUSE/SLES: SUSE/SLES:
versions: versions:
- 12 - 12
- 15 - 15
Ubuntu: Ubuntu:
versions: versions:
- trusty - trusty
@ -115,7 +115,7 @@ Ubuntu:
versions: versions:
- trusty - trusty
- xenial - xenial
- bionic - bionic
RedHat: RedHat:
versions: versions:
- 6 - 6
@ -211,23 +211,33 @@ nginx_install_from: nginx_repository
# Choose where to fetch the NGINX signing key from. # Choose where to fetch the NGINX signing key from.
# Default is the official NGINX signing key host. # Default is the official NGINX signing key host.
nginx_signing_key: http://nginx.org/keys/nginx_signing.key # nginx_signing_key: http://nginx.org/keys/nginx_signing.key
# Specify source repository for NGINX Open Source. # Specify source repository for NGINX Open Source.
# Only works if 'nginx_install_from' is set to 'nginx_repository'. # Only works if 'install_from' is set to 'nginx_repository'.
# Defaults are the official NGINX repositories. # Defaults are the official NGINX repositories.
nginx_repository: nginx_repository:
alpine: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main
debian: debian:
- deb https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx - >-
- deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx deb https://nginx.org/packages/{{ (nginx_branch == 'mainline')
redhat: | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
- https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat") | ternary('rhel/', 'centos/') }}{{ ansible_distribution_major_version|int }}/$basearch/ - >-
suse: deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
- https://nginx.org/packages/{{ (nginx_branch == 'mainline') | ternary('mainline/', '') }}sles/12 | ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
redhat: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
| ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
suse: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
# Specify which branch of NGINX Open Source you want to install. # Specify which branch of NGINX Open Source you want to install.
# Options are 'mainline' or 'stable'. # Options are 'mainline' or 'stable'.
# Only works if 'nginx_install_from' is set to 'nginx_repository'. # Only works if 'install_from' is set to 'nginx_repository'.
# Default is mainline. # Default is mainline.
nginx_branch: mainline nginx_branch: mainline
@ -353,10 +363,12 @@ nginx_http_template:
autoindex: false autoindex: false
auth_basic: null auth_basic: null
auth_basic_user_file: null auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth #auth_request: /auth
ssl: ssl:
cert: /etc/ssl/certs/default.crt cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2 protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5 ciphers: HIGH:!aNULL:!MD5
session_cache: none session_cache: none
@ -370,7 +382,8 @@ nginx_http_template:
autoindex: false autoindex: false
auth_basic: null auth_basic: null
auth_basic_user_file: null auth_basic_user_file: null
#auth_req: /auth try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#returns: #returns:
#return302: #return302:
#code: 302 #code: 302
@ -432,9 +445,6 @@ nginx_http_template:
cert: /etc/ssl/certs/proxy_default.crt cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt trusted_cert: /etc/ssl/certs/proxy_ca.crt
dhparam: /etc/ssl/private/dh_param.pem
server_name: false
name: server_name
protocols: TLSv1 TLSv1.1 TLSv1.2 protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5 ciphers: HIGH:!aNULL:!MD5
verify: false verify: false
@ -452,10 +462,10 @@ nginx_http_template:
proxy_ignore_headers: proxy_ignore_headers:
- Vary - Vary
- Cache-Control - Cache-Control
proxy_redirect: false
websocket: false websocket: false
auth_basic: null auth_basic: null
auth_basic_user_file: null auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_req: /auth #auth_req: /auth
#returns: #returns:
#return302: #return302:
@ -494,7 +504,7 @@ nginx_status_port: 8080
# Requires NGINX Plus. # Requires NGINX Plus.
# Default is false. # Default is false.
nginx_rest_api_enable: false nginx_rest_api_enable: false
nginx_rest_api_src: api.conf.j2 nginx_rest_api_src: http/api.conf.j2
nginx_rest_api_location: /etc/nginx/conf.d/api.conf nginx_rest_api_location: /etc/nginx/conf.d/api.conf
nginx_rest_api_port: 8080 nginx_rest_api_port: 8080
nginx_rest_api_write: false nginx_rest_api_write: false
@ -522,8 +532,6 @@ nginx_stream_template:
cert: /etc/ssl/certs/proxy_default.crt cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt trusted_cert: /etc/ssl/certs/proxy_ca.crt
server_name: false
name: server_name
protocols: TLSv1 TLSv1.1 TLSv1.2 protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5 ciphers: HIGH:!aNULL:!MD5
verify: false verify: false
@ -713,6 +721,8 @@ License
Author Information Author Information
------------------ ------------------
Alessandro Fael Garcia [Alessandro Fael Garcia](https://github.com/alessfg)
[NGINX Inc](https://www.nginx.com/) [Grzegorz Dzien](https://github.com/gdzien)
© [NGINX, Inc.](https://www.nginx.com/) 2018 - 2019

4
defaults/main.yml
View File

@ -4,7 +4,7 @@
nginx_enable: true nginx_enable: true
# Start NGINX service. # Start NGINX service.
# Default is true # Default is true.
nginx_start: true nginx_start: true
# Print NGINX configuration file to terminal after executing playbook. # Print NGINX configuration file to terminal after executing playbook.
@ -316,7 +316,7 @@ nginx_status_port: 8080
# Requires NGINX Plus. # Requires NGINX Plus.
# Default is false. # Default is false.
nginx_rest_api_enable: false nginx_rest_api_enable: false
nginx_rest_api_src: api.conf.j2 nginx_rest_api_src: http/api.conf.j2
nginx_rest_api_location: /etc/nginx/conf.d/api.conf nginx_rest_api_location: /etc/nginx/conf.d/api.conf
nginx_rest_api_port: 8080 nginx_rest_api_port: 8080
nginx_rest_api_write: false nginx_rest_api_write: false

2
tasks/conf/debug-output.yml
View File

@ -6,4 +6,4 @@
- name: "(Setup: All OSs) Print NGINX configuration" - name: "(Setup: All OSs) Print NGINX configuration"
debug: debug:
var: nginx_configuration.stdout_lines var: nginx_configuration.stdout_lines

4
tasks/conf/setup-status.yml
View File

@ -5,7 +5,7 @@
create: yes create: yes
block: | block: |
server { server {
listen 127.0.0.1:{{ nginx_status_port }}; listen 127.0.0.1:{{ nginx_status_port | default('8080') }};
location /nginx_status { location /nginx_status {
stub_status on; stub_status on;
allow 127.0.0.1; allow 127.0.0.1;
@ -21,7 +21,7 @@
create: yes create: yes
block: | block: |
server { server {
listen 127.0.0.1:{{ nginx_status_port }}; listen 127.0.0.1:{{ nginx_status_port | default('8080') }};
location /status { location /status {
status; status;
allow 127.0.0.1; allow 127.0.0.1;

48
tasks/conf/template-config.yml
View File

@ -1,39 +1,45 @@
--- ---
- name: "(Setup: All NGINX) Ensure HTML Directory Exists" - name: "(Setup: All NGINX) Ensure HTML Directory Exists"
file: file:
path: "{{ item.value.html_file_location }}" path: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}"
state: directory state: directory
with_dict: "{{ nginx_html_demo_template }}" with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable when: nginx_html_demo_template_enable
- name: "(Setup: All NGINX) Dynamically Generate HTML Files" - name: "(Setup: All NGINX) Dynamically Generate HTML Files"
template: template:
src: "{{ item.value.template_file }}" src: "{{ item.value.template_file | default('www/index.html.j2') }}"
dest: "{{ item.value.html_file_location }}/{{ item.value.html_file_name }}" dest: "{{ item.value.html_file_location | default('/usr/share/nginx/html') }}/{{ item.value.html_file_name | default('index.html') }}"
backup: yes backup: yes
with_dict: "{{ nginx_html_demo_template }}" with_dict: "{{ nginx_html_demo_template }}"
when: nginx_html_demo_template_enable when: nginx_html_demo_template_enable
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
file:
path: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}"
state: directory
when: nginx_main_template_enable
- name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File" - name: "(Setup: All NGINX) Dynamically Generate NGINX Main Configuration File"
template: template:
src: "{{ nginx_main_template.template_file }}" src: "{{ nginx_main_template.template_file | default('nginx.conf.j2') }}"
dest: "{{ nginx_main_template.conf_file_location }}/{{ nginx_main_template.conf_file_name }}" dest: "{{ nginx_main_template.conf_file_location | default('/etc/nginx') }}/{{ nginx_main_template.conf_file_name | default('nginx.conf') }}"
backup: yes backup: yes
when: nginx_main_template_enable when: nginx_main_template_enable
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
file: file:
path: "{{ item.value.conf_file_location }}" path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}"
state: directory state: directory
with_dict: "{{ nginx_http_template }}" with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable when: nginx_http_template_enable
- name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exists" - name: "(Setup: All NGINX) Ensure NGINX Proxy Cache Directories Exist"
file: file:
path: "{{ item.1.path }}" path: "{{ item.1.path }}"
state: directory state: directory
owner: "{{ nginx_main_template.user }}" owner: "{{ nginx_main_template.user | default('nginx') }}"
with_subelements: with_subelements:
- "{{ nginx_http_template }}" - "{{ nginx_http_template }}"
- reverse_proxy.proxy_cache_path - reverse_proxy.proxy_cache_path
@ -42,33 +48,33 @@
- name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" - name: "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files"
template: template:
src: "{{ item.value.template_file }}" src: "{{ item.value.template_file | default('http/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location }}/{{ item.value.conf_file_name }}" dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
backup: yes backup: yes
with_dict: "{{ nginx_http_template }}" with_dict: "{{ nginx_http_template }}"
when: nginx_http_template_enable when: nginx_http_template_enable
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
template:
src: "{{ nginx_rest_api_src | default('http/api.conf.j2') }}"
dest: "{{ nginx_rest_api_location | default('/etc/nginx/conf.d/api.conf') }}"
backup: yes
notify: "(Handler: All OSs) Reload NGINX"
when: nginx_rest_api_enable
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" - name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
file: file:
path: "{{ item.value.conf_file_location }}" path: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}"
state: directory state: directory
with_dict: "{{ nginx_stream_template }}" with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable when: nginx_stream_template_enable
- name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files" - name: "(Setup: All NGINX) Dynamically Generate NGINX Stream Configuration Files"
template: template:
src: "{{ item.value.template_file }}" src: "{{ item.value.template_file | default('stream/default.conf.j2') }}"
dest: "{{ item.value.conf_file_location }}/{{ item.value.conf_file_name }}" dest: "{{ item.value.conf_file_location | default('/etc/nginx/conf.d/stream/') }}/{{ item.value.conf_file_name | default('default.conf') }}"
backup: yes backup: yes
with_dict: "{{ nginx_stream_template }}" with_dict: "{{ nginx_stream_template }}"
when: nginx_stream_template_enable when: nginx_stream_template_enable
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"
- name: "(Setup: All NGINX) Dynamically Generate NGINX API Configuration File"
template:
src: "{{ nginx_rest_api_src }}"
dest: "{{ nginx_rest_api_location }}"
backup: yes
notify: "(Handler: All OSs) Reload NGINX"
when: nginx_rest_api_enable

30
tasks/conf/upload-config.yml
View File

@ -1,22 +1,28 @@
--- ---
- name: "(Setup: All NGINX) Ensure NGINX Main Directory Exists"
file:
path: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
state: directory
when: nginx_main_upload_enable
- name: "(Setup: All NGINX) Upload NGINX Main Configuration File" - name: "(Setup: All NGINX) Upload NGINX Main Configuration File"
copy: copy:
src: "{{ nginx_main_upload_src }}" src: "{{ nginx_main_upload_src | default('conf/nginx.conf') }}"
dest: "{{ nginx_main_upload_dest }}" dest: "{{ nginx_main_upload_dest | default('/etc/nginx/') }}"
backup: yes backup: yes
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"
when: nginx_main_upload_enable when: nginx_main_upload_enable
- name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists" - name: "(Setup: All NGINX) Ensure NGINX HTTP Directory Exists"
file: file:
path: "{{ nginx_http_upload_dest }}" path: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory state: directory
when: nginx_http_upload_enable when: nginx_http_upload_enable
- name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files" - name: "(Setup: All NGINX) Upload NGINX HTTP Configuration Files"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_http_upload_dest }}" dest: "{{ nginx_http_upload_dest | default('/etc/nginx/conf.d/') }}"
backup: yes backup: yes
with_fileglob: "{{ nginx_http_upload_src }}" with_fileglob: "{{ nginx_http_upload_src }}"
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"
@ -24,14 +30,14 @@
- name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists" - name: "(Setup: All NGINX) Ensure NGINX Stream Directory Exists"
file: file:
path: "{{ nginx_stream_upload_dest }}" path: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
state: directory state: directory
when: nginx_stream_upload_enable when: nginx_stream_upload_enable
- name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files" - name: "(Setup: All NGINX) Upload NGINX Stream Configuration Files"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_stream_upload_dest }}" dest: "{{ nginx_stream_upload_dest | default('/etc/nginx/conf.d/') }}"
backup: yes backup: yes
with_fileglob: "{{ nginx_stream_upload_src }}" with_fileglob: "{{ nginx_stream_upload_src }}"
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"
@ -39,14 +45,14 @@
- name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists" - name: "(Setup: All NGINX) Ensure NGINX HTML Directory Exists"
file: file:
path: "{{ nginx_html_upload_dest }}" path: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
state: directory state: directory
when: nginx_html_upload_enable when: nginx_html_upload_enable
- name: "(Setup: All NGINX) Upload NGINX HTML Files" - name: "(Setup: All NGINX) Upload NGINX HTML Files"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_html_upload_dest }}" dest: "{{ nginx_html_upload_dest | default('/usr/share/nginx/html') }}"
backup: yes backup: yes
with_fileglob: "{{ nginx_html_upload_src }}" with_fileglob: "{{ nginx_html_upload_src }}"
notify: "(Handler: All OSs) Reload NGINX" notify: "(Handler: All OSs) Reload NGINX"
@ -54,20 +60,20 @@
- name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists" - name: "(Setup: All NGINX) Ensure SSL Certificate Directory Exists"
file: file:
path: "{{ nginx_ssl_crt_upload_dest }}" path: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
state: directory state: directory
when: nginx_ssl_upload_enable when: nginx_ssl_upload_enable
- name: "(Setup: All NGINX) Ensure SSL Key Directory Exists" - name: "(Setup: All NGINX) Ensure SSL Key Directory Exists"
file: file:
path: "{{ nginx_ssl_key_upload_dest }}" path: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
state: directory state: directory
when: nginx_ssl_upload_enable when: nginx_ssl_upload_enable
- name: "(Setup: All NGINX) Upload NGINX SSL Certificates" - name: "(Setup: All NGINX) Upload NGINX SSL Certificates"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_ssl_crt_upload_dest }}" dest: "{{ nginx_ssl_crt_upload_dest | default('/etc/ssl/certs/') }}"
mode: 0640 mode: 0640
decrypt: yes decrypt: yes
backup: yes backup: yes
@ -77,7 +83,7 @@
- name: "(Setup: All NGINX) Upload NGINX SSL Keys" - name: "(Setup: All NGINX) Upload NGINX SSL Keys"
copy: copy:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ nginx_ssl_key_upload_dest }}" dest: "{{ nginx_ssl_key_upload_dest | default('/etc/ssl/private/') }}"
mode: 0640 mode: 0640
decrypt: yes decrypt: yes
backup: yes backup: yes

2
tasks/controller/setup-debian.yml
View File

@ -2,4 +2,4 @@
- name: "(Install: Debian/Ubuntu) Add NGINX Controller Agent Repository" - name: "(Install: Debian/Ubuntu) Add NGINX Controller Agent Repository"
apt_repository: apt_repository:
filename: nginx-controller filename: nginx-controller
repo: deb http://packages.nginx.org/controller/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release|lower }} controller repo: deb http://packages.nginx.org/controller/{{ ansible_distribution | lower }}/ {{ ansible_distribution_release | lower }} controller

2
tasks/plus/setup-debian.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository" - name: "(Install: Debian/Ubuntu) Add NGINX Plus Repository"
apt_repository: apt_repository:
repo: deb https://plus-pkgs.nginx.com/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} nginx-plus repo: deb https://plus-pkgs.nginx.com/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} nginx-plus
filename: nginx-plus filename: nginx-plus
update_cache: no update_cache: no

8
tasks/plus/setup-redhat.yml
View File

@ -2,7 +2,9 @@
- name: "(Install: CentOS/RedHat/Oracle Linux) Add NGINX Plus Repository" - name: "(Install: CentOS/RedHat/Oracle Linux) Add NGINX Plus Repository"
yum_repository: yum_repository:
name: nginx-plus name: nginx-plus
baseurl: https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0) | ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/ baseurl: >-
https://plus-pkgs.nginx.com/centos/{{ (ansible_distribution_version | float >= 7.4 and ansible_distribution_version | float < 8.0)
| ternary(ansible_distribution_major_version | int, 7.4) }}/$basearch/
description: NGINX Plus Repository description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key sslclientkey: /etc/ssl/nginx/nginx-repo.key
@ -13,7 +15,9 @@
- name: "(Install: Amazon Linux) Add NGINX Plus Repository" - name: "(Install: Amazon Linux) Add NGINX Plus Repository"
yum_repository: yum_repository:
name: nginx-plus name: nginx-plus
baseurl: https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_major_version == "2") | ternary('2', '') }}/$releasever/$basearch baseurl: >-
https://plus-pkgs.nginx.com/amzn{{ (ansible_distribution_version == "2")
| ternary('2', '') }}/$releasever/$basearch
description: NGINX Plus Repository description: NGINX Plus Repository
sslclientcert: /etc/ssl/nginx/nginx-repo.crt sslclientcert: /etc/ssl/nginx/nginx-repo.crt
sslclientkey: /etc/ssl/nginx/nginx-repo.key sslclientkey: /etc/ssl/nginx/nginx-repo.key

17
templates/api.conf.j2
View File

@ -1,17 +0,0 @@
{{ ansible_managed | comment }}
server {
listen {{ nginx_rest_api_port }};
location /api {
{% if nginx_rest_api_write %}
api write=on;
{% else %}
api;
{% endif %}
}
{% if nginx_rest_api_dashboard %}
location = /dashboard.html {
root /usr/share/nginx/html;
}
{% endif %}
}

39
templates/http/default.conf.j2
View File

@ -1,6 +1,6 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
{% if item.value.upstreams is defined %} {% if item.value.upstreams is defined and item.value.upstreams %}
{% for upstream in item.value.upstreams %} {% for upstream in item.value.upstreams %}
upstream {{ item.value.upstreams[upstream].name }} { upstream {{ item.value.upstreams[upstream].name }} {
{{ item.value.upstreams[upstream].lb_method }}; {{ item.value.upstreams[upstream].lb_method }};
@ -15,33 +15,32 @@ upstream {{ item.value.upstreams[upstream].name }} {
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if item.value.reverse_proxy is defined %} {% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
{% if item.value.reverse_proxy.proxy_cache_path is defined %} {% if item.value.reverse_proxy.proxy_cache_path is defined and item.value.reverse_proxy.proxy_cache_path %}
{% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %} {% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %}
proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }} proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }} levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }}; inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
{% endfor %} {% endfor %}
{% if item.value.reverse_proxy.proxy_cache_background_update is defined and item.value.reverse_proxy.proxy_cache_background_update%}
{% if item.value.reverse_proxy.proxy_cache_background_update is defined %}
proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }}; proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }};
{% endif %} {% endif %}
{% if item.value.reverse_proxy.proxy_cache_lock is defined %} {% if item.value.reverse_proxy.proxy_cache_lock is defined and item.value.reverse_proxy.proxy_cache_lock %}
proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }}; proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }};
{% endif %} {% endif %}
{% if item.value.reverse_proxy.proxy_cache_min_uses is defined %} {% if item.value.reverse_proxy.proxy_cache_min_uses is defined and item.value.reverse_proxy.proxy_cache_min_uses %}
proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }}; proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }};
{% endif %} {% endif %}
{% if item.value.reverse_proxy.proxy_cache_revalidate is defined %} {% if item.value.reverse_proxy.proxy_cache_revalidate is defined and item.value.reverse_proxy.proxy_cache_revalidate %}
proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }}; proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }};
{% endif %} {% endif %}
{% if item.value.reverse_proxy.proxy_cache_use_stale is defined %} {% if item.value.reverse_proxy.proxy_cache_use_stale is defined and item.value.reverse_proxy.proxy_cache_use_stale %}
proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }}; proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }};
{% endif %} {% endif %}
{% if item.value.reverse_proxy.proxy_ignore_headers is defined %} {% if item.value.reverse_proxy.proxy_ignore_headers is defined and item.value.reverse_proxy.proxy_ignore_headers %}
proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }}; proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }};
{% endif %} {% endif %}
{% if item.value.reverse_proxy.proxy_temp_path is defined %} {% if item.value.reverse_proxy.proxy_temp_path is defined and item.value.reverse_proxy.proxy_temp_path.path %}
proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }}; proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }};
{% endif %} {% endif %}
{% endif %} {% endif %}
@ -51,29 +50,29 @@ auth_request {{ item.value.auth_request_http }};
{% endif %} {% endif %}
server { server {
{% if item.value.ssl is defined %} {% if item.value.ssl is defined and item.value.ssl %}
listen {{ item.value.port }} ssl; listen {{ item.value.port }} ssl;
ssl_certificate {{ item.value.ssl.cert }}; ssl_certificate {{ item.value.ssl.cert }};
ssl_certificate_key {{ item.value.ssl.key }}; ssl_certificate_key {{ item.value.ssl.key }};
{% if item.value.ssl.dhparam is defined %} {% if item.value.ssl.dhparam is defined %}
ssl_dhparam {{ item.value.ssl.dhparam }}; ssl_dhparam {{ item.value.ssl.dhparam }};
{% endif %} {% endif %}
{% if item.value.ssl.protocols is defined %} {% if item.value.ssl.protocols is defined and item.value.ssl.protocols %}
ssl_protocols {{ item.value.ssl.protocols }}; ssl_protocols {{ item.value.ssl.protocols }};
{% endif %} {% endif %}
{% if item.value.ssl.ciphers is defined %} {% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
ssl_ciphers {{ item.value.ssl.ciphers }}; ssl_ciphers {{ item.value.ssl.ciphers }};
{% endif %} {% endif %}
{% if item.value.ssl.session_cache is defined %} {% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
ssl_session_cache {{ item.value.ssl.session_cache }}; ssl_session_cache {{ item.value.ssl.session_cache }};
{% endif %} {% endif %}
{% if item.value.ssl.session_timeout is defined %} {% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %}
ssl_session_timeout {{ item.value.ssl.session_timeout }}; ssl_session_timeout {{ item.value.ssl.session_timeout }};
{% endif %} {% endif %}
{% else %} {% else %}
listen {{ item.value.port }}; listen {{ item.value.port }};
{% endif %} {% endif %}
server_name {{ item.value.server_name }}; server_name {{ item.value.server_name | default('localhost') }};
{% if item.value.auth_basic is defined and item.value.auth_basic %} {% if item.value.auth_basic is defined and item.value.auth_basic %}
auth_basic "{{ item.value.auth_basic }}"; auth_basic "{{ item.value.auth_basic }}";
{% endif %} {% endif %}
@ -96,7 +95,7 @@ server {
auth_request {{ item.value.auth_request }}; auth_request {{ item.value.auth_request }};
{% endif %} {% endif %}
{% if item.value.reverse_proxy is defined %} {% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
{% for location in item.value.reverse_proxy.locations %} {% for location in item.value.reverse_proxy.locations %}
location {{ item.value.reverse_proxy.locations[location].location }} { location {{ item.value.reverse_proxy.locations[location].location }} {
{% if item.value.reverse_proxy.locations[location].internal is sameas true %} {% if item.value.reverse_proxy.locations[location].internal is sameas true %}
@ -144,8 +143,8 @@ server {
{% if item.value.reverse_proxy.locations[location].try_files is defined %} {% if item.value.reverse_proxy.locations[location].try_files is defined %}
try_files {{ item.value.reverse_proxy.locations[location].try_files }}; try_files {{ item.value.reverse_proxy.locations[location].try_files }};
{% endif %} {% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl is defined %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl is defined and item.value.reverse_proxy.locations[location].proxy_ssl %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.cert is defined %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.cert is defined %}
proxy_ssl_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.cert }}; proxy_ssl_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.cert }};
{% endif %} {% endif %}
@ -265,4 +264,4 @@ server {
root {{ item.value.error_page }}; root {{ item.value.error_page }};
} }
{% endif %} {% endif %}
} }

1
templates/stream/default.conf.j2
View File

@ -1,4 +1,5 @@
{{ ansible_managed | comment }} {{ ansible_managed | comment }}
{% if item.value.upstreams is defined %} {% if item.value.upstreams is defined %}
{% for upstream in item.value.upstreams %} {% for upstream in item.value.upstreams %}
upstream {{ item.value.upstreams[upstream].name }} { upstream {{ item.value.upstreams[upstream].name }} {

2
templates/www/index.html.j2
View File

@ -95,7 +95,7 @@ clearTimeout(ref);
<div id="footer"> <div id="footer">
<div id="center" align="center"> <div id="center" align="center">
Request ID: request_id<br/> Request ID: request_id<br/>
© NGINX, Inc. 2018 &copy; NGINX, Inc. 2018 - 2019
</div> </div>
</div> </div>
</body> </body>