{{ ansible_managed | comment }} {% if item.value.upstreams is defined and item.value.upstreams %} {% for upstream in item.value.upstreams %} upstream {{ item.value.upstreams[upstream].name }} { {{ item.value.upstreams[upstream].lb_method }}; zone {{ item.value.upstreams[upstream].zone_name }} {{ item.value.upstreams[upstream].zone_size }}; {% for server in item.value.upstreams[upstream].servers %} server {{ item.value.upstreams[upstream].servers[server].address }}:{{ item.value.upstreams[upstream].servers[server].port }} weight={{ item.value.upstreams[upstream].servers[server].weight|default("1") }} {{ item.value.upstreams[upstream].servers[server].health_check|default("") }}; {% endfor %} {% if item.value.upstreams[upstream].sticky_cookie %} sticky cookie srv_id expires=1h path=/; {% endif %} } {% endfor %} {% endif %} {% if item.value.reverse_proxy is defined and item.value.reverse_proxy %} {% if item.value.reverse_proxy.proxy_cache_path is defined and item.value.reverse_proxy.proxy_cache_path %} {% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %} proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }} levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }} inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }}; {% endfor %} {% if item.value.reverse_proxy.proxy_cache_background_update is defined and item.value.reverse_proxy.proxy_cache_background_update%} proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.proxy_cache_lock is defined and item.value.reverse_proxy.proxy_cache_lock %} proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.proxy_cache_min_uses is defined and item.value.reverse_proxy.proxy_cache_min_uses %} proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }}; {% endif %} {% if item.value.reverse_proxy.proxy_cache_revalidate is defined and item.value.reverse_proxy.proxy_cache_revalidate %} proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.proxy_cache_use_stale is defined and item.value.reverse_proxy.proxy_cache_use_stale %} proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }}; {% endif %} {% if item.value.reverse_proxy.proxy_ignore_headers is defined and item.value.reverse_proxy.proxy_ignore_headers %} proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }}; {% endif %} {% if item.value.reverse_proxy.proxy_temp_path is defined and item.value.reverse_proxy.proxy_temp_path.path %} proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }}; {% endif %} {% endif %} {% endif %} {% if item.value.auth_request_http is defined %} auth_request {{ item.value.auth_request_http }}; {% endif %} {% if item.value.auth_request_set_http is defined %} auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }}; {% endif %} server { {% if item.value.ssl is defined and item.value.ssl %} listen {{ item.value.port }} ssl; ssl_certificate {{ item.value.ssl.cert }}; ssl_certificate_key {{ item.value.ssl.key }}; {% if item.value.ssl.trusted_cert is defined %} ssl_trusted_certificate {{ item.value.ssl.trusted_cert }}; {% endif %} {% if item.value.ssl.dhparam is defined %} ssl_dhparam {{ item.value.ssl.dhparam }}; {% endif %} {% if item.value.ssl.protocols is defined and item.value.ssl.protocols %} ssl_protocols {{ item.value.ssl.protocols }}; {% endif %} {% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %} ssl_ciphers {{ item.value.ssl.ciphers }}; {% endif %} {% if item.value.ssl.prefer_server_ciphers is defined and item.value.ssl.prefer_server_ciphers %} ssl_prefer_server_ciphers on; {% endif %} {% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %} ssl_session_cache {{ item.value.ssl.session_cache }}; {% endif %} {% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %} ssl_session_timeout {{ item.value.ssl.session_timeout }}; {% endif %} {% if item.value.ssl.stapling is defined and item.value.ssl.stapling %} ssl_stapling on; {% endif %} {% if item.value.ssl.stapling_verify is defined and item.value.ssl.stapling_verify %} ssl_stapling_verify on; {% endif %} {% else %} listen {{ item.value.port }}; {% endif %} server_name {{ item.value.server_name | default('localhost') }}; {% if item.value.add_headers is defined %} {% for header in item.value.add_headers %} add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %}; {% endfor %} {% endif %} {% if item.value.auth_basic is defined and item.value.auth_basic %} auth_basic "{{ item.value.auth_basic }}"; {% endif %} {% if item.value.auth_basic_user_file is defined and item.value.auth_basic_user_file %} auth_basic_user_file {{ item.value.auth_basic_user_file }}; {% endif %} {% if item.value.root is defined and item.value.root %} root {{ item.value.root }}; {% endif %} {% if item.value.https_redirect is defined and item.value.https_redirect %} return 301 https://{% if item.value.server_name == "_" %}$host{% else %}{{ item.value.server_name }}{% endif %}$request_uri; {% endif %} {% if item.value.autoindex is defined and item.value.autoindex %} autoindex on; {% endif %} {% if item.value.try_files is defined %} try_files {{ item.value.try_files }}; {% endif %} {% if item.value.auth_request is defined %} auth_request {{ item.value.auth_request }}; {% endif %} {% if item.value.auth_request_set is defined %} auth_request_set {{ item.value.auth_request_set.name }} {{ item.value.auth_request_set.value }}; {% endif %} {% if item.value.reverse_proxy is defined and item.value.reverse_proxy %} {% for location in item.value.reverse_proxy.locations %} location {{ item.value.reverse_proxy.locations[location].location }} { {% if item.value.reverse_proxy.locations[location].internal is sameas true %} internal; {% endif %} {% if item.value.reverse_proxy.locations[location].add_headers is defined %} {% for header in item.value.reverse_proxy.locations[location].add_headers %} add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %}; {% endfor %} {% endif %} {% if item.value.reverse_proxy.locations[location].auth_request is defined %} auth_request {{ item.value.reverse_proxy.locations[location].auth_request }}; {% endif %} {% if item.value.reverse_proxy.locations[location].auth_request_set is defined %} auth_request_set {{ item.value.reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.reverse_proxy.locations[location].auth_request_set.value }}; {% endif %} {% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %} auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}"; {% endif %} {% if item.value.reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.reverse_proxy.locations[location].auth_basic_user_file %} auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_user_file }}; {% endif %} {% if item.value.reverse_proxy.locations[location].returns is defined %} {% for code in item.value.reverse_proxy.locations[location].returns %} {% if item.value.reverse_proxy.locations[location].returns[code] is defined %} return {{ item.value.reverse_proxy.locations[location].returns[code].code }} {{ item.value.reverse_proxy.locations[location].returns[code].url }}; {% else %} return {{ item.value.reverse_proxy.locations[location].returns[code].url }}; {% endif %} {% endfor %} {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %} proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }}; {% endif %} proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }}; {% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %} proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_pass_request_body is defined %} proxy_pass_request_body {{ item.value.reverse_proxy.locations[location].proxy_pass_request_body }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_store is defined %} proxy_store {{ item.value.reverse_proxy.locations[location].proxy_store | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %} proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %} {% for header in item.value.reverse_proxy.locations[location].proxy_set_header %} proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }}; {% endfor %} {% if item.value.reverse_proxy.locations[location].proxy_http_version is defined %} proxy_http_version {{ item.value.reverse_proxy.locations[location].proxy_http_version }}; {% endif %} {% if item.value.reverse_proxy.locations[location].websocket is defined and item.value.reverse_proxy.locations[location].websocket %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; {% endif %} {% endif %} {% if item.value.reverse_proxy.locations[location].try_files is defined %} try_files {{ item.value.reverse_proxy.locations[location].try_files }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl is defined and item.value.reverse_proxy.locations[location].proxy_ssl %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.cert is defined %} proxy_ssl_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.cert }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.key is defined %} proxy_ssl_certificate_key {{ item.value.reverse_proxy.locations[location].proxy_ssl.key }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %} proxy_ssl_trusted_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.server_name is defined %} proxy_ssl_server_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.name is defined %} proxy_ssl_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.name }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.protocols is defined %} proxy_ssl_protocols {{ item.value.reverse_proxy.locations[location].proxy_ssl.protocols }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.ciphers is defined %} proxy_ssl_ciphers {{ item.value.reverse_proxy.locations[location].proxy_ssl.ciphers }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.verify is defined %} proxy_ssl_verify {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %} proxy_ssl_verify_depth {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %} proxy_ssl_session_reuse {{ item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }}; {% endif %} {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_redirect is defined %} proxy_redirect {{ item.value.reverse_proxy.locations[location].proxy_redirect | ternary(item.value.reverse_proxy.locations[location].proxy_redirect, "off") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_cache is defined %} proxy_cache {{ item.value.reverse_proxy.locations[location].proxy_cache }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_cache_background_update is defined %} proxy_cache_background_update {{ item.value.reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_cache_lock is defined %} proxy_cache_lock {{ item.value.reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_cache_min_uses is defined %} proxy_cache_min_uses {{ item.value.reverse_proxy.locations[location].proxy_cache_min_uses }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_cache_revalidate is defined %} proxy_cache_revalidate {{ item.value.reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_cache_use_stale is defined %} proxy_cache_use_stale {{ item.value.reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_temp_path is defined %} proxy_temp_path {{ item.value.reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }}; {% endif %} {% if item.value.reverse_proxy.locations[location].proxy_ignore_headers is defined %} proxy_ignore_headers {{ item.value.reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }}; {% endif %} {% if (item.value.reverse_proxy.health_check_plus is defined) and item.value.reverse_proxy.health_check_plus %} health_check; {% endif %} } {% endfor %} {% endif %} {% if item.value.web_server is defined %} {% for location in item.value.web_server.locations %} location {{ item.value.web_server.locations[location].location }} { root {{ item.value.web_server.locations[location].html_file_location }}; index {{ item.value.web_server.locations[location].html_file_name }}; {% if item.value.web_server.locations[location].autoindex %} autoindex on; {% endif %} {% if item.value.web_server.locations[location].try_files is defined %} try_files {{ item.value.web_server.locations[location].try_files }}; {% endif %} {% if item.value.web_server.locations[location].add_headers is defined %} {% for header in item.value.web_server.locations[location].add_headers %} add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %}; {% endfor %} {% endif %} {% if item.value.web_server.locations[location].returns is defined %} {% for code in item.value.web_server.locations[location].returns %} {% if item.value.web_server.locations[location].returns[code] is defined %} return {{ item.value.web_server.locations[location].returns[code].code }} {{ item.value.web_server.locations[location].returns[code].url }}; {% else %} return {{ item.value.web_server.locations[location].returns[code].url }}; {% endif %} {% endfor %} {% endif %} {% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %} auth_basic "{{ item.value.web_server.locations[location].auth_basic }}"; {% endif %} {% if item.value.web_server.locations[location].auth_basic_user_file is defined and item.value.web_server.locations[location].auth_basic_user_file %} auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_user_file }}; {% endif %} {% if item.value.web_server.locations[location].auth_request is defined %} auth_request {{ item.value.web_server.locations[location].auth_request }}; {% endif %} {% if item.value.web_server.locations[location].auth_request_set is defined %} auth_request_set {{ item.value.web_server.locations[location].auth_request_set.name }} {{ item.value.web_server.locations[location].auth_request_set.value }}; {% endif %} } {% endfor %} {% if item.value.web_server.http_demo_conf %} sub_filter_once off; sub_filter 'server_hostname' '$hostname'; sub_filter 'server_address' '$server_addr:$server_port'; sub_filter 'server_url' '$request_uri'; sub_filter 'remote_addr' '$remote_addr:$remote_port'; sub_filter 'server_date' '$time_local'; sub_filter 'client_browser' '$http_user_agent'; sub_filter 'request_id' '$request_id'; sub_filter 'nginx_version' '$nginx_version'; sub_filter 'document_root' '$document_root'; sub_filter 'proxied_for_ip' '$http_x_forwarded_for'; {% endif %} {% endif %} {% if item.value.error_page is defined %} # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root {{ item.value.error_page }}; } {% endif %} }