Changeis for proxy_protocol and apply default values

2019-12-31 13:07:13 +01:00 · 2019-12-31 13:07:13 +01:00 · 0363a37e06
parent a1e76453cf
commit 0363a37e06
5 changed files with 30 additions and 18 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -84,6 +84,18 @@ nginx_http_gzip_disable: '"msie6"'
 #
 nginx_custom_http: []

+#
+# Nginx default
+#
+nginx_default_listen:
+  - '80'
+  - '[::]:80'
+nginx_default_listen_ssl:
+  - '443'
+  - '[::]:443'
+nginx_default_listen_proxy_protocol: []
+nginx_default_listen_proxy_protocol_ssl: []
+
 #
 # Sites
 #
--- a/doc/site.md
+++ b/doc/site.md
@ -29,8 +29,8 @@ Common
 - `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support.
 - `ssl_name`: (D) name of the key used when using TLS/SSL. Optional when `proto` contains "https". If you don't set this value, it will search by `name`.
 - `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false".
- `http_proxy_protocol_port` (O) Enable proxy protocol on http port.
- `https_proxy_protocol_port` (O) Enable proxy protocol on https port.
+- `listen_proxy_protocol` (O) Enable proxy protocol on http port.
+- `listen_proxy_protocol_ssl` (O) Enable proxy protocol on https port.

 (O): Optional
 (M): Mandatory
--- a/templates/etc/nginx/conf.d/FAKESITE.conf.j2
+++ b/templates/etc/nginx/conf.d/FAKESITE.conf.j2
@ -1,12 +1,12 @@
 {% set site = nginx_sites | nginx_search_by_ssl_name(item.name) %}
-{% set __listen = site.listen | default(['80', '[::]:80']) %}
-{% set __http_proxy_protocol_port = site.http_proxy_protocol_port | default([]) %}
+{% set __listen = item.listen | default(nginx_default_listen) %}
+{% set __listen_proxy_protocol = item.listen_proxy_protocol | default(nginx_default_listen_proxy_protocol) %}

 server {
 {% for port in __listen %}
 	listen {{ port }};
 {% endfor %}
-{% for port in __http_proxy_protocol_port %}
+{% for port in __listen_proxy_protocol %}
 	listen {{ port }} proxy_protocol;
 {% endfor %}

--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@ -1,9 +1,9 @@
 {% set __proto = item.proto | default(['http']) %}
 {% set __main_name =  item | nginx_site_name %}
-{% set __listen = item.listen | default(['80', '[::]:80']) %}
-{% set __listen_ssl = item.listen_ssl | default(['443', '[::]:443']) %}
-{% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %}
-{% set __https_proxy_protocol_port = item.https_proxy_protocol_port | default([]) %}
+{% set __listen = item.listen | default(nginx_default_listen) %}
+{% set __listen_ssl = item.listen_ssl | default(nginx_default_listen_ssl) %}
+{% set __listen_proxy_protocol = item.listen_proxy_protocol | default(nginx_default_listen_proxy_protocol) %}
+{% set __listen_proxy_protocol_ssl = item.listen_proxy_protocol_ssl | default(nginx_default_listen_proxy_protocol_ssl) %}
 {% set __location = item.location | default({}) %}
 {% set __location_before = item.location_before | default({}) %}
 {% set __headers = item.headers | default(nginx_servers_default_headers) %}
@ -53,7 +53,7 @@ server {
 {% for port in __listen %}
 	listen {{ port }};
 {% endfor %}
-{% for port in __http_proxy_protocol_port %}
+{% for port in __listen_proxy_protocol %}
 	listen {{ port }} proxy_protocol;
 {% endfor %}
 	server_name {{ server_name(name) }};
@ -75,7 +75,7 @@ server {
 {% for port in __listen %}
 	listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %};
 {% endfor %}
-{% for port in __http_proxy_protocol_port %}
+{% for port in __listen_proxy_protocol %}
 	listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %} proxy_protocol;
 {% endfor %}
 {% endif %}
@ -83,7 +83,7 @@ server {
 {% for port in __listen_ssl %}
 	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %};
 {% endfor %}
-{% for port in __https_proxy_protocol_port %}
+{% for port in __listen_proxy_protocol_ssl %}
 	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol;
 {% endfor %}
 {{ ssl(__ssl_name) }}
@ -196,7 +196,7 @@ server {
 {% for port in __listen %}
 	listen {{ port }};
 {% endfor %}
-{% for port in __http_proxy_protocol_port %}
+{% for port in __listen_proxy_protocol %}
 	listen {{ port }} proxy_protocol;
 {% endfor %}

@ -211,7 +211,7 @@ server {
 {% for port in __listen_ssl %}
 	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %};
 {% endfor %}
-{% for port in __https_proxy_protocol_port %}
+{% for port in __listen_proxy_protocol_ssl %}
 	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol;
 {% endfor %}
 {{ ssl(__ssl_name) }}
--- a/tests/test.yml
+++ b/tests/test.yml
@ -263,16 +263,16 @@
          - 'www.test-ssl-redirect-many2.local'
      - name: 'test-ssl-proxy-protocol.local'
        proto: ['http', 'https']
-        http_proxy_protocol_port: [20080]
-        https_proxy_protocol_port: [20443]
+        listen_proxy_protocol: [20080]
+        listen_proxy_protocol_ssl: [20443]
        template: '_base'
        ssl_name: 'test-ssl.local'
        headers:
          'X-Proxy-Protocol': '1'
      - name: '{{ ngrok.stdout }}'
        proto: ['http', 'https']
-        http_proxy_protocol_port: [21080]
-        https_proxy_protocol_port: [21443]
+        listen_proxy_protocol: [21080]
+        listen_proxy_protocol_ssl: [21443]
        template: '_base'
        ssl_name: '{{ ngrok.stdout }}'
        headers: