diff --git a/doc/site.md b/doc/site.md index c3fb834..8f8c940 100644 --- a/doc/site.md +++ b/doc/site.md @@ -9,14 +9,30 @@ Common ------ - `name`: (M) Domain or list of domain used. -- `template`: (D) template used to create site. Optional if you set `state`=`absent` or using `redirect_to`. -- `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation. - `state`: (O) Site status. Can be "present" (default), "absent" and "disabled". +- `filename`: (O) Specify filename in `/etc/nginx/sites-*`. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation. + +(O): Optional +(M): Mandatory +(D): Depends other keys... + +You can use 2 config (at the same time time): + +- pre-built: Some configuration are templated (Wordpress, Symfony...), auto create root dir, perform an "A+" on ssllabs for https... etc +- custom: Push your own site config template. Usefull when you have a complex configuration. + + +Pre-built site config +--------------------- + +# Keys + +- `template`: (M) template used to create site. Optional if you set `state`=`absent` or using `redirect_to`. - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme). - `headers`: (O) Set additionals header as key/value list. You can append "always" to the value. Show [nginx doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html). - `redirect_to_code`: Redirect code (default: 302) -- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS. If "true", you _MUST_ set `proto` to ```['https']```. +- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS. If "true", you _MUST_ set `proto` to `['https']`. - `location`: (O) Add new custom locations (it does not overwrite!) - `location_order`: (O) Due to non preditive `location` order, you can provide the good order (see test-location.local in [tests/test.yml](../tests/test.yml)). - `location_before`: (O) Add new custom locations before generated location by template @@ -33,12 +49,7 @@ Common - `listen_proxy_protocol_ssl` (O) Enable proxy protocol on https port. - `hsts` (O) overwrite default header for hsts -(O): Optional -(M): Mandatory -(D): Depends other keys... - -Templates ---------- +### Templates - `_base`: static template - `_dokuwiki` @@ -51,8 +62,7 @@ Templates Templates works as parent-child. -About proxy template --------------------- +### About proxy template Proxy template allow you to use Nginx as reverse proxy. Usefull when you have an application service such as Redmine, Jenkins... @@ -63,10 +73,69 @@ You have many key added to site key: (O) : Optional -Default sites --------------- +### Default sites You can manage default site by setting domain name to these variables. - `nginx_default_site` - `nginx_default_site_ssl` + +*IT WORKS ONLY WITH PRE-BUIT SITES* + + +### Example + + +```yaml +- nginx_sites: + - name: 'mywebsite.com' + template: '_wordpress' + headers: + x-ansibled: '1' + manage_local_content: false +``` + + +Custom site config +------------------ + +### Keys + +- `custom_template`: (M) template path used + +You can add some extra infos if needed. + +### Example: + +```yaml +- nginx_sites: + - name: 'mycustom-website.com' + custom_template: 'my/template_dir/the-template.conf.j2' + allow_admin: '192.168.0.0/24' +``` + +In `my/template_dir/the-template.conf.j2`: + +``` +# +# {{ ansible_managed }} - {{ item.name }} +# + +server { + listen 8080 http2 proxy_protocol; + server_name {{ item.name }}; + index index.html; + root /var/www/{{ item.name }}; + + location / { + try_files $uri $uri/ =404; + } + + location /admin { + allow {{ item.allow_admin }}; + deny all; + } +} +``` + + diff --git a/tasks/site.yml b/tasks/site.yml index 2fda5db..643c958 100644 --- a/tasks/site.yml +++ b/tasks/site.yml @@ -50,7 +50,17 @@ owner: root group: root notify: ['reload nginx', 'restart nginx freebsd'] - when: item.state is not defined or item.state != 'absent' + when: (item.state is not defined or item.state != 'absent') and item.custom_template is not defined + loop: "{{ nginx_sites }}" + loop_control: + label: "{{ item | nginx_site_name }}" + +- name: TEMPLATE | Create sites with preconfigured template + template: + src: "{{ item.custom_template }}" + dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}" + notify: ['reload nginx', 'restart nginx freebsd'] + when: (item.state is not defined or item.state != 'absent') and item.custom_template is defined loop: "{{ nginx_sites }}" loop_control: label: "{{ item | nginx_site_name }}" diff --git a/tests/includes/pre_Debian.yml b/tests/includes/pre_Debian.yml index e8e14ce..e354aaf 100644 --- a/tests/includes/pre_Debian.yml +++ b/tests/includes/pre_Debian.yml @@ -17,7 +17,6 @@ - cron - curl - daemonize - - fcgiwrap - jq - nghttp2 - strace @@ -40,11 +39,6 @@ changed_when: false register: cur_php_version -- name: SERVICE | Force start fcgiwrap - service: - name: "fcgiwrap" - state: started - # Bypasses Ansible+Docker issue. With service module... php is not really started! - name: COMMAND | Force start PHP command: "service php{{ cur_php_version.stdout }}-fpm start" diff --git a/tests/includes/pre_FreeBSD.yml b/tests/includes/pre_FreeBSD.yml index 2d9b316..84003fe 100644 --- a/tests/includes/pre_FreeBSD.yml +++ b/tests/includes/pre_FreeBSD.yml @@ -42,7 +42,6 @@ register: sf loop: - php-fpm - - fcgiwrap - name: STAT | Check ports stat: diff --git a/tests/templates/custom_template.conf.j2 b/tests/templates/custom_template.conf.j2 new file mode 100644 index 0000000..9c19619 --- /dev/null +++ b/tests/templates/custom_template.conf.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} - custom template + +server { + listen 80; + listen 8888 http2; + listen 9999 http2 proxy_protocol; + server_name {{ item.name }}; + + index index.html index.htm; + + root {{ item.root }}; + + location / { + try_files $uri $uri/ =404; + } +} diff --git a/tests/test.yml b/tests/test.yml index 9af416c..a48ccca 100644 --- a/tests/test.yml +++ b/tests/test.yml @@ -289,6 +289,9 @@ ssl_name: '{{ ngrok.stdout }}' headers: 'X-acme': '1' + - name: 'test-custom-template.local' + custom_template: 'templates/custom_template.conf.j2' + root: '/tmp/custom-template' nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636' }] }] }}" nginx_dh_length: 1024 @@ -316,6 +319,14 @@ - 'test-php-index.local' - 'test-php-index2.local' + - name: -- Add Directories -- + file: + path: "{{ item }}" + state: directory + loop: + - "{{ nginx_root }}/test-htpasswd.local/public/hello" + - "/tmp/custom-template" + - name: -- Add HTML file -- ansible.builtin.copy: dest: "{{ item }}/index.html" diff --git a/vars/Debian.yml b/vars/Debian.yml index d01aec5..2315287 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -3,6 +3,3 @@ nginx_events_use: 'epoll' nginx_pid: '/run/nginx.pid' nginx_etc_dir: '/etc/nginx' - -# Specific sites -nginx_fcgiwrap_sock: '/var/run/fcgiwrap.socket' diff --git a/vars/FreeBSD.yml b/vars/FreeBSD.yml index e615e95..f1273e8 100644 --- a/vars/FreeBSD.yml +++ b/vars/FreeBSD.yml @@ -4,7 +4,4 @@ nginx_events_use: 'kqueue' nginx_pid: '/var/run/nginx.pid' nginx_etc_dir: '/usr/local/etc/nginx' -# Specific sites -nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock' - nginx_acmesh_bin: '/usr/local/sbin/acme.sh'