refactor templating

defaults/main.yml

@@ -91,6 +91,39 @@ nginx_xxxsp_parameters:
 
 nginx_vhosts_dir: /var/www/vhosts
 
-nginx_default_page_enabled: False
+nginx_vhosts_default:
+  - file: default
+    server:
+      - port: 80
+        server_name: "{{ ansible_hostname }}"
+        locations:
+          - match: /
+            root: /var/www/vhosts/default
+            index: index.html
+
+# nginx_vhosts_default:
+#   - file: default
+#     upstream:
+#       name: my_pool
+#       servers: []
+#     servers:
+#       - port: 80
+#         server_name: demo.example.com
+#         tls_redirect: False # skips locations if enabled
+#         tls_redirect_url:
+#         tls:
+#           cert: /etc/pki/tls/..
+#           key: /etc/pki/tls/..
+#           dhparam:
+#         client_max_body_size:
+#         locations:
+#           - match: /
+#             root: /var/www/vhosts/default
+#             index: index.html
+#             proxy_pass:
+#             proxy_headers: []
+#     error_page: /usr/share/nginx/html
+
+nginx_vhosts_extra: []
 
 nginx_server_names_hash_bucket_size: 32

tasks/install.yml

@@ -85,7 +85,7 @@
 
     - name: Set selinux booleans
       seboolean:
-        name: "{{ item.name }}"
+        name: "{{ item.file }}"
         state: "{{ item.state }}"
         persistent: "{{ item.persistent }}"
       loop: "{{ nginx_set_sebooleans }}"
@@ -118,20 +118,28 @@
 - block:
     - name: Add default page configuration file
       template:
-        src: etc/nginx/sites-available/default.j2
+        src: etc/nginx/sites-available/vhost.j2
-        dest: /etc/nginx/sites-available/default
+        dest: "/etc/nginx/sites-available/{{ item.file }}"
         owner: root
         group: root
         mode: 0640
+      loop:
+        - nginx_vhosts_default
+        - nginx_vhosts_extra
+      loop_control:
+        label: "{{ item.file }}"
       notify: __nginx_reload
 
-    - name: Enable default page
+    - name: Enable vhosts
       file:
-        src: /etc/nginx/sites-available/default
+        src: "/etc/nginx/sites-available/{{ item.file }}"
-        dest: /etc/nginx/sites-enabled/default
+        dest: "/etc/nginx/sites-enabled/{{ item.file }}"
-        owner: root
+        state: "{{ 'link' when item.state == 'enabled' else 'absent' }}"
-        group: root
+      loop:
-        state: link
+        - nginx_vhosts_default
+        - nginx_vhosts_extra
+      loop_control:
+        label: "{{ item.file }}"
       notify: __nginx_reload
   when: nginx_default_page_enabled | bool
   become: True

templates/etc/nginx/sites-available/default.j2

@@ -1,42 +0,0 @@
-#jinja2: lstrip_blocks: True
-# {{ ansible_managed }}
-server {
-    listen       80;
-    server_name  {{ ansible_fqdn }};
-
-    {% if nginx_tls_enabled %}
-    return 301 https://$server_name$request_uri;
-    {% else %}
-    location / {
-        root   /var/www/vhosts/default;
-        index  index.html index.htm;
-    }
-
-    # redirect server error pages to the static page /50x.html
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-    {% endif %}
-}
-
-{% if nginx_tls_enabled %}
-server {
-    listen 443 ssl;
-    server_name  {{ ansible_fqdn }};
-
-    location / {
-        root   /var/www/vhosts/default;
-        index  index.html index.htm;
-    }
-
-    # redirect server error pages to the static page /50x.html
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-
-    ssl_certificate /etc/pki/tls/certs/{{ nginx_tls_cert_file }};
-    ssl_certificate_key /etc/pki/tls/private/{{ nginx_tls_key_file }};
-}
-{% endif %}

templates/etc/nginx/sites-available/vhost.j2

@@ -0,0 +1,59 @@
+#jinja2: lstrip_blocks: True
+{{ ansible_managed | comment }}
+
+{% if item.upstream is defined and item.upstream %}
+upstream {{ item.upstream.name }} {
+    {% for upserver in item.upstream.servers %}
+    server {{ upserver }};
+    {% endfor %}
+}
+
+{% endif %}
+{% for server in item.servers %}
+server {
+    listen       {{ server.port }} {{ 'ssl' if server.tls is defined and server.tls else '' }};
+    server_name  {{ server.server_name }};
+
+    {% if server.tls is defined and server.tls %}
+    ssl_certificate {{ server.tls.cert }};
+    ssl_certificate_key {{ server.tls.key }};
+    {% if server.tls.dhparam is defined %}
+    ssl_dhparam {{ item.value.ssl.dhparam }};
+    {% endif %}
+    {% endif %}
+
+    {% if server.tls_redirect | default(False) %}
+    return 301 https://{% if server.tls_redirect_url is defined %}{{ server.tls_redirect_url }}{% else %}$server_name{% endif %}$request_uri;
+    {% else %}
+    {% if server.client_max_body_size is defined and server.client_max_body_size %}
+        client_max_body_size {{ server.client_max_body_size }};
+    {% endif %}
+    {% for location in server.locations %}
+    location {{ location.match }}
+        {% if location.root is defined and location.root %}
+        root   {{ location.root }};
+        {% endif %}
+        {% if location.index is defined and location.index %}
+        index  {{ location.index }};
+        {% endif %}
+        {% if location.proxy_pass is defined and location.proxy_pass %}
+
+            proxy_pass {{ location.proxy_pass }}
+            {% if location.proxy_http_version is defined and location.proxy_http_version %}
+            proxy_http_version {{ location.proxy_http_version }};
+            {% endif %}
+            {% for pheader in location.proxy_headers | default([]) %}
+            proxy_set_header {{ pheader }};
+            {% endfor %}
+        {% endif %}
+    }
+
+    {% endfor %}
+    # redirect server error pages to the static page /50x.html
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   {{ item.error_page | default("/usr/share/nginx/html") }};
+    }
+    {% endif %}
+}
+{% endfor %}