diff --git a/defaults/main.yml b/defaults/main.yml index b94112a..a6b825e 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -84,6 +84,18 @@ nginx_http_gzip_disable: '"msie6"' # nginx_custom_http: [] +# +# Nginx default +# +nginx_default_listen: + - '80' + - '[::]:80' +nginx_default_listen_ssl: + - '443' + - '[::]:443' +nginx_default_listen_proxy_protocol: [] +nginx_default_listen_proxy_protocol_ssl: [] + # # Sites # diff --git a/doc/site.md b/doc/site.md index 4a6b43c..7dcdf4f 100644 --- a/doc/site.md +++ b/doc/site.md @@ -29,8 +29,8 @@ Common - `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support. - `ssl_name`: (D) name of the key used when using TLS/SSL. Optional when `proto` contains "https". If you don't set this value, it will search by `name`. - `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false". -- `http_proxy_protocol_port` (O) Enable proxy protocol on http port. -- `https_proxy_protocol_port` (O) Enable proxy protocol on https port. +- `listen_proxy_protocol` (O) Enable proxy protocol on http port. +- `listen_proxy_protocol_ssl` (O) Enable proxy protocol on https port. (O): Optional (M): Mandatory diff --git a/templates/etc/nginx/conf.d/FAKESITE.conf.j2 b/templates/etc/nginx/conf.d/FAKESITE.conf.j2 index ad2d923..4656b80 100644 --- a/templates/etc/nginx/conf.d/FAKESITE.conf.j2 +++ b/templates/etc/nginx/conf.d/FAKESITE.conf.j2 @@ -1,12 +1,12 @@ {% set site = nginx_sites | nginx_search_by_ssl_name(item.name) %} -{% set __listen = site.listen | default(['80', '[::]:80']) %} -{% set __http_proxy_protocol_port = site.http_proxy_protocol_port | default([]) %} +{% set __listen = item.listen | default(nginx_default_listen) %} +{% set __listen_proxy_protocol = item.listen_proxy_protocol | default(nginx_default_listen_proxy_protocol) %} server { {% for port in __listen %} listen {{ port }}; {% endfor %} -{% for port in __http_proxy_protocol_port %} +{% for port in __listen_proxy_protocol %} listen {{ port }} proxy_protocol; {% endfor %} diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2 index 5393ce4..e753cd6 100644 --- a/templates/etc/nginx/sites-available/_base.j2 +++ b/templates/etc/nginx/sites-available/_base.j2 @@ -1,9 +1,9 @@ {% set __proto = item.proto | default(['http']) %} {% set __main_name = item | nginx_site_name %} -{% set __listen = item.listen | default(['80', '[::]:80']) %} -{% set __listen_ssl = item.listen_ssl | default(['443', '[::]:443']) %} -{% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %} -{% set __https_proxy_protocol_port = item.https_proxy_protocol_port | default([]) %} +{% set __listen = item.listen | default(nginx_default_listen) %} +{% set __listen_ssl = item.listen_ssl | default(nginx_default_listen_ssl) %} +{% set __listen_proxy_protocol = item.listen_proxy_protocol | default(nginx_default_listen_proxy_protocol) %} +{% set __listen_proxy_protocol_ssl = item.listen_proxy_protocol_ssl | default(nginx_default_listen_proxy_protocol_ssl) %} {% set __location = item.location | default({}) %} {% set __location_before = item.location_before | default({}) %} {% set __headers = item.headers | default(nginx_servers_default_headers) %} @@ -53,7 +53,7 @@ server { {% for port in __listen %} listen {{ port }}; {% endfor %} -{% for port in __http_proxy_protocol_port %} +{% for port in __listen_proxy_protocol %} listen {{ port }} proxy_protocol; {% endfor %} server_name {{ server_name(name) }}; @@ -75,7 +75,7 @@ server { {% for port in __listen %} listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %}; {% endfor %} -{% for port in __http_proxy_protocol_port %} +{% for port in __listen_proxy_protocol %} listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %} proxy_protocol; {% endfor %} {% endif %} @@ -83,7 +83,7 @@ server { {% for port in __listen_ssl %} listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %}; {% endfor %} -{% for port in __https_proxy_protocol_port %} +{% for port in __listen_proxy_protocol_ssl %} listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol; {% endfor %} {{ ssl(__ssl_name) }} @@ -196,7 +196,7 @@ server { {% for port in __listen %} listen {{ port }}; {% endfor %} -{% for port in __http_proxy_protocol_port %} +{% for port in __listen_proxy_protocol %} listen {{ port }} proxy_protocol; {% endfor %} @@ -211,7 +211,7 @@ server { {% for port in __listen_ssl %} listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %}; {% endfor %} -{% for port in __https_proxy_protocol_port %} +{% for port in __listen_proxy_protocol_ssl %} listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol; {% endfor %} {{ ssl(__ssl_name) }} diff --git a/tests/test.yml b/tests/test.yml index 2af23d9..ce42855 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -263,16 +263,16 @@ - 'www.test-ssl-redirect-many2.local' - name: 'test-ssl-proxy-protocol.local' proto: ['http', 'https'] - http_proxy_protocol_port: [20080] - https_proxy_protocol_port: [20443] + listen_proxy_protocol: [20080] + listen_proxy_protocol_ssl: [20443] template: '_base' ssl_name: 'test-ssl.local' headers: 'X-Proxy-Protocol': '1' - name: '{{ ngrok.stdout }}' proto: ['http', 'https'] - http_proxy_protocol_port: [21080] - https_proxy_protocol_port: [21443] + listen_proxy_protocol: [21080] + listen_proxy_protocol_ssl: [21443] template: '_base' ssl_name: '{{ ngrok.stdout }}' headers: