Add owncloud and prevent nginx from dotdeb

defaults/main.yml

@@ -110,3 +110,10 @@ nginx_ssl_pairs: []
 nginx_dh: null
 nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
 nginx_dh_length: 2048
+
+# Extra
+
+# Note:
+#   - On Debian, if you use Owncloud from Upstream repository, you must set this var to "/var/www/owncloud"
+#   - TODO: force this var in vars/FreeBSD.yml
+nginx_owncloud_root: '/usr/share/owncloud'

doc/vhost.md

@@ -41,6 +41,7 @@ Templates
 - `_dokuwiki`
 - `_redirect`: should not be called explicitly
 - `_nagios3`: access to Nagios3 (be careful: you need to install [fcgiwrap](https://packages.debian.org/jessie/fcgiwrap))
+- `_owncloud`: access to Owncloud (note: you must set `nginx_apt_package` to //nginx-extras//)
 - `_phalcon`: Phalcon PHP Framework
 - `_php`: PHP base template. Can work with many frameworks/tools
 - `_php_index`: Same as above. But you can only run index.php

templates/etc/nginx/sites-available/_base.j2

@@ -50,11 +50,13 @@ server {
 	index {{ item.index | default('index.html index.htm') }};
 {% endblock %}
 
+{% block template_more %}
 {% if item.more is defined and item.more is iterable %}
 {% for line in item.more %}
 	{{ line }}
 {% endfor %}
 {% endif %}
+{% endblock %}
 
 {% if item.htpasswd is defined %}
 {{ htpasswd(item.htpasswd, 1) }}
@@ -81,6 +83,19 @@ server {
 {% block template_custom_location %}
 {% endblock %}
 
+{% if __location is iterable and __location | length > 0 %}
+	# --> Custom locations
+{% for location, opts in __location.iteritems() %}
+	location {{ location }} {
+{% for opt in opts %}
+{% if opt.htpasswd is defined %}{{ htpasswd(opt.htpasswd, 2) }}{% else %}
+		{{ opt }}
+{% endif %}
+{% endfor  %}
+	}
+{% endfor %}	# <-- Custom locations
+{% endif %}
+
 {% block template_local_content %}
 {% if item.manage_local_content is not defined or item.manage_local_content %}
 	location ~ /\.ht {
@@ -100,19 +115,6 @@ server {
 {% endif %}
 {% endblock %}
 
-{% if __location is iterable and __location | length > 0 %}
-	# --> Custom locations
-{% for location, opts in __location.iteritems() %}
-	location {{ location }} {
-{% for opt in opts %}
-{% if opt.htpasswd is defined %}{{ htpasswd(opt.htpasswd, 2) }}{% else %}
-		{{ opt }}
-{% endif %}
-{% endfor  %}
-	}
-{% endfor %}	# <-- Custom locations
-{% endif %}
-
 {% if item.use_access_log is defined %}
 {% if item.use_access_log %}
 	access_log {{ nginx_log_dir }}/{{ __main_name }}_access.log combined;

templates/etc/nginx/sites-available/_owncloud.j2

@@ -0,0 +1,69 @@
+{% extends "_php.j2" %}
+
+{% block root %}
+	root {{ nginx_owncloud_root }};
+{% endblock %}
+
+{% block template_index %}
+	index index.php;
+{% endblock %}
+
+{% block more %}
+	error_page 403 /core/templates/403.php;
+	error_page 404 /core/templates/404.php;
+	gzip off;
+	client_max_body_size 10G;
+	fastcgi_buffers 64 4K;
+	rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
+	rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
+	rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
+{% endblock %}
+
+{% block template_headers %}
+	add_header X-XSS-Protection "1; mode=block";
+	add_header X-Robots-Tag none;
+	add_header X-Content-Type-Options nosniff;
+	add_header X-Download-Options noopen;
+	add_header X-Permitted-Cross-Domain-Policies none;
+	add_header X-Frame-Options SAMEORIGIN;
+{% endblock %}
+
+{% block template_upstream_location %}
+	location ~ /remote.php {
+		dav_methods PUT DELETE MKCOL COPY MOVE;
+		dav_ext_methods PROPFIND OPTIONS;
+		fastcgi_pass {{ php_upstream }};
+		fastcgi_param HOME /var/www/owncloud;
+		fastcgi_param HTTP_HOME /var/www/owncloud;
+		fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
+		fastcgi_param modHeadersAvailable true;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
+		include fastcgi_params;
+{% else %}
+		include fastcgi.conf;
+{% endif %}
+		}
+
+	location ~ \.php$ {
+		fastcgi_pass {{ php_upstream }};
+		fastcgi_index index.php;
+		fastcgi_param HOME /var/www/owncloud;
+		fastcgi_param HTTP_HOME /var/www/owncloud;
+		fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
+		fastcgi_param modHeadersAvailable true;
+		fastcgi_split_path_info ^(.+\.php)(/.+)$;
+{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
+		include fastcgi_params;
+{% else %}
+		include fastcgi.conf;
+{% endif %}
+	}
+
+	location ~* \.(?:css|js)$ {
+		try_files $uri /index.php$uri$is_args$args;
+		add_header Cache-Control "public, max-age=7200";
+		expires 2h;
+		access_log off;
+	}
+{% endblock %}

tests/includes/post_Debian.yml

@@ -1,10 +1,11 @@
 ---
 
 - name: APT | Install web apps
-  apt: pkg={{ item }} state=present
+  apt: pkg={{ item }} state=present install_recommends=no
   with_items:
-    - nagios3
     - backuppc
+    - nagios3
+    - owncloud
 
 - name: SERVICE | Ensure backuppc is started
   service: name=backuppc state=started

tests/includes/pre_Debian.yml

@@ -8,6 +8,10 @@
     apt_key: url='http://www.dotdeb.org/dotdeb.gpg' state=present
   - name: APT_REPOSITORY | Install dotdeb (PHP 7) 
     apt_repository: repo='deb http://packages.dotdeb.org {{ ansible_distribution_release }} all' state=present
+  - name: LINEFILEFILE | Dotdeb priority (prevent install nginx from dotdeb)
+    copy: >
+      content="Package: *\nPin: release o=packages.dotdeb.org\nPin-Priority: 100"
+      dest=/etc/apt/preferences
   when: ansible_distribution_release == 'jessie'
 
 - name: APT | Install needed packages

tests/test.yml

@@ -15,6 +15,7 @@
     int_ansible_ssl_dir: '/etc/ansible-ssl'
 # Role vars
     nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
+    nginx_apt_package: 'nginx-extras'
     nginx_backports: true
     nginx_php5: true
     nginx_php7: true
@@ -189,6 +190,8 @@
         template: '_base'
         ssl_name: 'test-ssl.local'
         redirect_https: true
+      - name: 'owncloud.local'
+        template: '_owncloud'
     nginx_dh_length: 1024
   roles:
     - ../../

vars/main.yml

@@ -28,9 +28,10 @@ nginx_dirs:
   - "{{ nginx_helper_dir }}"
 
 nginx_templates_no_dir:
-  - '_proxy'
-  - '_nagios3'
   - '_backuppc'
+  - '_nagios3'
+  - '_owncloud'
+  - '_proxy'
 
 nginx_upstream_php5: 'php5'
 nginx_upstream_php7: 'php7'