radityo/ansible-nginx
1
0
Fork 0
mirror of https://github.com/HanXHX/ansible-nginx.git synced 2026-02-24 09:03:29 +07:00
Code Issues Projects Releases Wiki Activity

Refactoring + SSL support

Browse Source
This commit is contained in:
Emilien Mantel
2016-01-11 18:20:42 +01:00
parent f64e1f1106
commit 49f11751e6
13 changed files with 186 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
templates/etc/nginx/helper/ssl-legacy.j2
View File

@@ -11,8 +11,8 @@ add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_stapling on;
ssl_stapling_verify on;
resolver {{ nginx_resolver.hosts | default(['208.67.222.222', '208.67.220.220']) | join(' ') }} valid={{ nginx_resolver.valid}}s;
resolver_timeout {{ nginx_resolver.timeout }}s;
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
resolver_timeout {{ nginx_resolver_timeout }};
# vim:filetype=nginx

5
templates/etc/nginx/helper/ssl-strong.j2
View File

@@ -11,8 +11,7 @@ add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
ssl_stapling on;
ssl_stapling_verify on;
resolver {{ nginx_resolver.hosts | default(['208.67.222.222', '208.67.220.220']) | join(' ') }} valid={{ nginx_resolver.valid}}s;
resolver_timeout {{ nginx_resolver.timeout }}s;
resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
resolver_timeout {{ nginx_resolver_timeout }};
# vim:filetype=nginx

30
templates/etc/nginx/sites-available/_base.j2
View File

@@ -1,11 +1,19 @@
{% set __proto = item.proto | default(['http']) %}
{% set __main_name = item.name if item.name is string else item.name[0] %}
{% set __listen = item.listen | default(['80']) %}
{% set __listen_ssl = item.listen_ssl | default(['443']) %}
{% set __location = item.location | default({}) %}
{% macro htpasswd(htpasswd_name, indent=1) -%}
{% for ht in nginx_htpasswd %}{% if ht.name == htpasswd_name %}
{% for ht in nginx_htpasswd if ht.name == htpasswd_name %}
{{ "\t" * indent }}auth_basic "{{ ht.description }}";
{{ "\t" * indent }}auth_basic_user_file {{ nginx_htpasswd_dir }}/{{ ht.name }};
{% endif %}{% endfor%}
{% endfor%}
{%- endmacro %}
{% macro ssl(ssl_name) %}
{% for sn in nginx_ssl_pairs if sn.name == ssl_name %}
ssl_certificate {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.crt' }};
ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' }};
{% endfor %}
{%- endmacro %}
#
# {{ ansible_managed }}
@@ -15,9 +23,18 @@
# HTTP
#
server {
{% if 'http' in __proto %}
{% for port in __listen %}
listen {{ port }};
{% endfor %}
{% endif %}
{% if 'https' in __proto %}
{% for port in __listen_ssl %}
listen {{ port }} ssl;
{% endfor %}
{{ ssl(item.ssl_name) }}
include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
{% endif %}
server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(' ') }}{% endif %};
{% block root %}
{% if item.root is defined %}
@@ -97,15 +114,6 @@ server {
{% endif %}
}
{#
# HTTPS
#server {
ssl on;
ssl_certificate {{ nginx_ssl_dir }}/{{ item.name }}/{{ item.name }}.crt;
ssl_certificate_key {{ nginx_ssl_dir }}/{{ item.name }}/{{ item.name }}.key;
include {{ nginx_helper_dir }}/ssl-{{ item.ssl.template | default('strong') }};
#}
{% if item.redirect_from is defined and item.redirect_from is iterable %}
#
# Redirect from