diff --git a/defaults/main.yml b/defaults/main.yml index 5da16a6..fb505c6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -91,6 +91,39 @@ nginx_xxxsp_parameters: nginx_vhosts_dir: /var/www/vhosts -nginx_default_page_enabled: False +nginx_vhosts_default: + - file: default + server: + - port: 80 + server_name: "{{ ansible_hostname }}" + locations: + - match: / + root: /var/www/vhosts/default + index: index.html + +# nginx_vhosts_default: +# - file: default +# upstream: +# name: my_pool +# servers: [] +# servers: +# - port: 80 +# server_name: demo.example.com +# tls_redirect: False # skips locations if enabled +# tls_redirect_url: +# tls: +# cert: /etc/pki/tls/.. +# key: /etc/pki/tls/.. +# dhparam: +# client_max_body_size: +# locations: +# - match: / +# root: /var/www/vhosts/default +# index: index.html +# proxy_pass: +# proxy_headers: [] +# error_page: /usr/share/nginx/html + +nginx_vhosts_extra: [] nginx_server_names_hash_bucket_size: 32 diff --git a/tasks/install.yml b/tasks/install.yml index e958e23..fa3f97d 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -85,7 +85,7 @@ - name: Set selinux booleans seboolean: - name: "{{ item.name }}" + name: "{{ item.file }}" state: "{{ item.state }}" persistent: "{{ item.persistent }}" loop: "{{ nginx_set_sebooleans }}" @@ -118,20 +118,28 @@ - block: - name: Add default page configuration file template: - src: etc/nginx/sites-available/default.j2 - dest: /etc/nginx/sites-available/default + src: etc/nginx/sites-available/vhost.j2 + dest: "/etc/nginx/sites-available/{{ item.file }}" owner: root group: root mode: 0640 + loop: + - nginx_vhosts_default + - nginx_vhosts_extra + loop_control: + label: "{{ item.file }}" notify: __nginx_reload - - name: Enable default page + - name: Enable vhosts file: - src: /etc/nginx/sites-available/default - dest: /etc/nginx/sites-enabled/default - owner: root - group: root - state: link + src: "/etc/nginx/sites-available/{{ item.file }}" + dest: "/etc/nginx/sites-enabled/{{ item.file }}" + state: "{{ 'link' when item.state == 'enabled' else 'absent' }}" + loop: + - nginx_vhosts_default + - nginx_vhosts_extra + loop_control: + label: "{{ item.file }}" notify: __nginx_reload when: nginx_default_page_enabled | bool become: True diff --git a/templates/etc/nginx/sites-available/default.j2 b/templates/etc/nginx/sites-available/default.j2 deleted file mode 100644 index 399e9e1..0000000 --- a/templates/etc/nginx/sites-available/default.j2 +++ /dev/null @@ -1,42 +0,0 @@ -#jinja2: lstrip_blocks: True -# {{ ansible_managed }} -server { - listen 80; - server_name {{ ansible_fqdn }}; - - {% if nginx_tls_enabled %} - return 301 https://$server_name$request_uri; - {% else %} - location / { - root /var/www/vhosts/default; - index index.html index.htm; - } - - # redirect server error pages to the static page /50x.html - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - {% endif %} -} - -{% if nginx_tls_enabled %} -server { - listen 443 ssl; - server_name {{ ansible_fqdn }}; - - location / { - root /var/www/vhosts/default; - index index.html index.htm; - } - - # redirect server error pages to the static page /50x.html - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - ssl_certificate /etc/pki/tls/certs/{{ nginx_tls_cert_file }}; - ssl_certificate_key /etc/pki/tls/private/{{ nginx_tls_key_file }}; -} -{% endif %} diff --git a/templates/etc/nginx/sites-available/vhost.j2 b/templates/etc/nginx/sites-available/vhost.j2 new file mode 100644 index 0000000..0ab3e4d --- /dev/null +++ b/templates/etc/nginx/sites-available/vhost.j2 @@ -0,0 +1,59 @@ +#jinja2: lstrip_blocks: True +{{ ansible_managed | comment }} + +{% if item.upstream is defined and item.upstream %} +upstream {{ item.upstream.name }} { + {% for upserver in item.upstream.servers %} + server {{ upserver }}; + {% endfor %} +} + +{% endif %} +{% for server in item.servers %} +server { + listen {{ server.port }} {{ 'ssl' if server.tls is defined and server.tls else '' }}; + server_name {{ server.server_name }}; + + {% if server.tls is defined and server.tls %} + ssl_certificate {{ server.tls.cert }}; + ssl_certificate_key {{ server.tls.key }}; + {% if server.tls.dhparam is defined %} + ssl_dhparam {{ item.value.ssl.dhparam }}; + {% endif %} + {% endif %} + + {% if server.tls_redirect | default(False) %} + return 301 https://{% if server.tls_redirect_url is defined %}{{ server.tls_redirect_url }}{% else %}$server_name{% endif %}$request_uri; + {% else %} + {% if server.client_max_body_size is defined and server.client_max_body_size %} + client_max_body_size {{ server.client_max_body_size }}; + {% endif %} + {% for location in server.locations %} + location {{ location.match }} + {% if location.root is defined and location.root %} + root {{ location.root }}; + {% endif %} + {% if location.index is defined and location.index %} + index {{ location.index }}; + {% endif %} + {% if location.proxy_pass is defined and location.proxy_pass %} + + proxy_pass {{ location.proxy_pass }} + {% if location.proxy_http_version is defined and location.proxy_http_version %} + proxy_http_version {{ location.proxy_http_version }}; + {% endif %} + {% for pheader in location.proxy_headers | default([]) %} + proxy_set_header {{ pheader }}; + {% endfor %} + {% endif %} + } + + {% endfor %} + # redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root {{ item.error_page | default("/usr/share/nginx/html") }}; + } + {% endif %} +} +{% endfor %}