From 767b26c3b1bf16ba011552f947ce4fc51b1e0a00 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Sun, 12 Aug 2018 21:42:13 +0200
Subject: [PATCH] fix typo; implement vhost deployment

---
 defaults/main.yml                             |  2 +-
 tasks/install.yml                             |  4 +--
 tasks/vhost.yml                               | 24 +++++++++++++
 .../etc/nginx/sites-available/default.j2      |  1 +
 templates/etc/nginx/sites-available/vhost.j2  | 35 +++++++++++++++++++
 5 files changed, 63 insertions(+), 3 deletions(-)
 create mode 100644 tasks/vhost.yml
 create mode 100644 templates/etc/nginx/sites-available/vhost.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index 4ae7f40..a76f93b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -50,7 +50,7 @@ nginx_tls_enabled: False
 nginx_tls_certs_dir: /etc/pki/tls/certs
 nginx_tls_key_dir: /etc/pki/tls/private
 nginx_tls_cert_file: "{{ nginx_tls_certs_dir }}/mycert.pem"
-nginx_tls_private_key_file: "{{ nginx_tls_key_dir }}/mykey.pem"
+nginx_tls_key_file: "{{ nginx_tls_key_dir }}/mykey.pem"
 nginx_tls_source_use_content: False
 nginx_tls_source_use_files: True
 nginx_tls_cert_source: mycert.pem
diff --git a/tasks/install.yml b/tasks/install.yml
index 6f45c0f..6edf22e 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -99,8 +99,8 @@
 - block:
   - name: Add default page configuration file
     template:
-      src: 'etc/nginx/sites-available/default.j2'
-      dest: '/etc/nginx/sites-available/default'
+      src: etc/nginx/sites-available/default.j2
+      dest: /etc/nginx/sites-available/default
       owner: root
       group: root
       mode: 0640
diff --git a/tasks/vhost.yml b/tasks/vhost.yml
new file mode 100644
index 0000000..fd8d88a
--- /dev/null
+++ b/tasks/vhost.yml
@@ -0,0 +1,24 @@
+---
+- block:
+  - name: Add default page configuration file
+    template:
+      src: etc/nginx/sites-available/vhost.j2
+      dest: "/etc/nginx/sites-available/{{ item.key }}"
+      owner: root
+      group: root
+      mode: 0640
+    with_dict: nginx_vhosts
+    notify: __nginx_reload
+
+  - name: Enable default page
+    file:
+      src: "/etc/nginx/sites-available/{{ item.key }}"
+      dest: "/etc/nginx/sites-enabled/{{ item.key }}"
+      owner: root
+      group: root
+      state: link
+    with_dict: nginx_vhosts
+    notify: __nginx_reload
+  when: nginx_vhosts is defined
+  become: True
+  become_user: root
diff --git a/templates/etc/nginx/sites-available/default.j2 b/templates/etc/nginx/sites-available/default.j2
index 03d2416..dc63f13 100644
--- a/templates/etc/nginx/sites-available/default.j2
+++ b/templates/etc/nginx/sites-available/default.j2
@@ -1,3 +1,4 @@
+#jinja2: lstrip_blocks: True
 # {{ ansible_managed }}
 server {
     listen       80;
diff --git a/templates/etc/nginx/sites-available/vhost.j2 b/templates/etc/nginx/sites-available/vhost.j2
new file mode 100644
index 0000000..d9e61b1
--- /dev/null
+++ b/templates/etc/nginx/sites-available/vhost.j2
@@ -0,0 +1,35 @@
+#jinja2: lstrip_blocks: True
+# {{ ansible_managed }}
+{% if item.value.proxy_server is defined %}
+upstream backends {
+    {% for server in item.value.proxy_server %}
+    server {{ server }};
+    {% endfor %}
+}
+{% endif %}
+
+server {
+    listen 80;
+    server_name {{ item.value.server_name }};
+
+    return 301 https://$server_name$request_uri;
+}
+
+server {
+    listen              443 ssl;
+    server_name         {{ item.value.server_name }};
+
+    location / {
+        proxy_pass https://backends;
+
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    ssl_certificate /etc/pki/tls/certs/le-rknet.pem;
+    ssl_certificate_key /etc/pki/tls/private/le-rknet.pem;
+}