Merge branch 'master' into debian_11

doc/site.md

@@ -9,14 +9,30 @@ Common
 ------
 
 - `name`: (M) Domain or list of domain used.
-- `template`: (D) template used to create site. Optional if you set `state`=`absent` or using `redirect_to`.
-- `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation.
 - `state`: (O) Site status. Can be "present" (default), "absent" and "disabled".
+- `filename`: (O) Specify filename in `/etc/nginx/sites-*`. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation.
+
+(O): Optional
+(M): Mandatory
+(D): Depends other keys...
+
+You can use 2 config (at the same time time):
+
+- pre-built: Some configuration are templated (Wordpress, Symfony...), auto create root dir, perform an "A+" on ssllabs for https... etc
+- custom: Push your own site config template. Usefull when you have a complex configuration.
+
+
+Pre-built site config
+---------------------
+
+# Keys
+
+- `template`: (M) template used to create site. Optional if you set `state`=`absent` or using `redirect_to`.
 - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
 - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
 - `headers`: (O) Set additionals header as key/value list. You can append "always" to the value. Show [nginx doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html).
 - `redirect_to_code`: Redirect code (default: 302)
-- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS. If "true", you _MUST_ set `proto` to ```['https']```.
+- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS. If "true", you _MUST_ set `proto` to `['https']`.
 - `location`: (O) Add new custom locations (it does not overwrite!)
 - `location_order`: (O) Due to non preditive `location` order, you can provide the good order (see test-location.local in [tests/test.yml](../tests/test.yml)).
 - `location_before`: (O) Add new custom locations before generated location by template
@@ -33,12 +49,7 @@ Common
 - `listen_proxy_protocol_ssl` (O) Enable proxy protocol on https port.
 - `hsts` (O) overwrite default header for hsts
 
-(O): Optional
-(M): Mandatory
-(D): Depends other keys...
-
-Templates
----------
+### Templates
 
 - `_base`: static template
 - `_dokuwiki`
@@ -51,8 +62,7 @@ Templates
 
 Templates works as parent-child.
 
-About proxy template
---------------------
+### About proxy template
 
 Proxy template allow you to use Nginx as reverse proxy. Usefull when you have an application service such as Redmine, Jenkins...
 
@@ -63,10 +73,69 @@ You have many key added to site key:
 
 (O) : Optional
 
-Default sites
---------------
+### Default sites
 
 You can manage default site by setting domain name to these variables.
 
 - `nginx_default_site`
 - `nginx_default_site_ssl`
+
+*IT WORKS ONLY WITH PRE-BUIT SITES*
+
+
+### Example
+
+
+```yaml
+- nginx_sites:
+  - name: 'mywebsite.com'
+    template: '_wordpress'
+    headers:
+      x-ansibled: '1'
+    manage_local_content: false
+```
+
+
+Custom site config 
+------------------
+
+### Keys
+
+- `custom_template`: (M) template path used 
+
+You can add some extra infos if needed.
+
+### Example:
+
+```yaml
+- nginx_sites:
+  - name: 'mycustom-website.com'
+    custom_template: 'my/template_dir/the-template.conf.j2'
+    allow_admin: '192.168.0.0/24'
+```
+
+In `my/template_dir/the-template.conf.j2`:
+
+```
+#
+# {{ ansible_managed }} - {{ item.name }}
+#
+
+server {
+	listen 8080 http2 proxy_protocol;
+    server_name {{ item.name }};
+	index index.html;
+    root /var/www/{{ item.name }};
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+
+	location /admin {
+		allow {{ item.allow_admin }};
+		deny all;
+	}
+}
+```
+
+

tasks/site.yml

@@ -50,7 +50,17 @@
     owner: root
     group: root
   notify: ['reload nginx', 'restart nginx freebsd']
-  when: item.state is not defined or item.state != 'absent'
+  when: (item.state is not defined or item.state != 'absent') and item.custom_template is not defined
+  loop: "{{ nginx_sites }}"
+  loop_control:
+    label: "{{ item | nginx_site_name }}"
+
+- name: TEMPLATE | Create sites with preconfigured template
+  template:
+    src: "{{ item.custom_template }}"
+    dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
+  notify: ['reload nginx', 'restart nginx freebsd']
+  when: (item.state is not defined or item.state != 'absent') and item.custom_template is defined
   loop: "{{ nginx_sites }}"
   loop_control:
     label: "{{ item | nginx_site_name }}"

tests/includes/pre_Debian.yml

@@ -17,7 +17,6 @@
       - cron
       - curl
       - daemonize
-      - fcgiwrap
       - jq
       - nghttp2
       - strace
@@ -40,11 +39,6 @@
   changed_when: false
   register: cur_php_version
 
-- name: SERVICE | Force start fcgiwrap
-  service:
-    name: "fcgiwrap"
-    state: started
-
 # Bypasses Ansible+Docker issue. With service module... php is not really started!
 - name: COMMAND | Force start PHP
   command: "service php{{ cur_php_version.stdout }}-fpm start"

tests/includes/pre_FreeBSD.yml

@@ -42,7 +42,6 @@
   register: sf
   loop:
     - php-fpm
-    - fcgiwrap
 
 - name: STAT | Check ports
   stat:

tests/templates/custom_template.conf.j2

@@ -0,0 +1,16 @@
+# {{ ansible_managed }} - custom template
+
+server {
+	listen 80;
+	listen 8888 http2;
+	listen 9999 http2 proxy_protocol;
+	server_name {{ item.name }};
+
+	index index.html index.htm;
+
+	root {{ item.root }};
+
+	location / {
+		try_files $uri $uri/ =404;
+	}
+}

tests/test.yml

@@ -289,6 +289,9 @@
         ssl_name: '{{ ngrok.stdout }}'
         headers:
           'X-acme': '1'
+      - name: 'test-custom-template.local'
+        custom_template: 'templates/custom_template.conf.j2'
+        root: '/tmp/custom-template'
 
     nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636' }] }] }}"
     nginx_dh_length: 1024
@@ -316,6 +319,14 @@
         - 'test-php-index.local'
         - 'test-php-index2.local'
 
+    - name: -- Add Directories --
+      file:
+        path: "{{ item }}"
+        state: directory
+      loop:
+        - "{{ nginx_root }}/test-htpasswd.local/public/hello"
+        - "/tmp/custom-template"
+
     - name: -- Add HTML file --
       ansible.builtin.copy:
         dest: "{{ item }}/index.html"

vars/Debian.yml

@@ -3,6 +3,3 @@
 nginx_events_use: 'epoll'
 nginx_pid: '/run/nginx.pid'
 nginx_etc_dir: '/etc/nginx'
-
-# Specific sites
-nginx_fcgiwrap_sock: '/var/run/fcgiwrap.socket'

vars/FreeBSD.yml

@@ -4,7 +4,4 @@ nginx_events_use: 'kqueue'
 nginx_pid: '/var/run/nginx.pid'
 nginx_etc_dir: '/usr/local/etc/nginx'
 
-# Specific sites
-nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock'
-
 nginx_acmesh_bin: '/usr/local/sbin/acme.sh'