radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix yaml lint

debian_11
Emilien Mantel 2021-09-01 11:21:12 +02:00
parent bdddb06fcc
commit 6c7e0c2a47
18 changed files with 192 additions and 198 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -1,3 +1,5 @@
---
env: env:
- PLATFORM='docker-debian-stretch' ANSIBLE_VERSION='ansible>=2.6,<2.7' - PLATFORM='docker-debian-stretch' ANSIBLE_VERSION='ansible>=2.6,<2.7'
- PLATFORM='docker-debian-buster' ANSIBLE_VERSION='ansible>=2.6,<2.7' - PLATFORM='docker-debian-buster' ANSIBLE_VERSION='ansible>=2.6,<2.7'

6
.yamllint.yml 100644
View File

@ -0,0 +1,6 @@
---
extends: default
rules:
line-length: disable

2
defaults/main.yml
View File

@ -14,7 +14,7 @@ nginx_log_dir: '/var/log/nginx'
nginx_resolver_hosts: ['8.8.8.8', '8.8.4.4'] nginx_resolver_hosts: ['8.8.8.8', '8.8.4.4']
nginx_resolver_valid: '300s' nginx_resolver_valid: '300s'
nginx_resolver_timeout: '5s' nginx_resolver_timeout: '5s'
nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
nginx_auto_config_httpv2: true nginx_auto_config_httpv2: true
nginx_default_site: null nginx_default_site: null
nginx_default_site_ssl: null nginx_default_site_ssl: null

41
meta/main.yml
View File

@ -1,4 +1,5 @@
--- ---
galaxy_info: galaxy_info:
author: Emilien Mantel author: Emilien Mantel
description: Nginx for Debian / FreeBSD description: Nginx for Debian / FreeBSD
@ -6,25 +7,25 @@ galaxy_info:
license: GPLv2 license: GPLv2
min_ansible_version: 2.11 min_ansible_version: 2.11
platforms: platforms:
- name: Debian - name: Debian
versions: versions:
- stretch - stretch
- buster - buster
- bullseye - bullseye
- name: FreeBSD - name: FreeBSD
versions: versions:
- 11.0 - 11.0
- 11.1 - 11.1
- 12.0 - 12.0
galaxy_tags: galaxy_tags:
- web - web
- debian - debian
- proxy - proxy
- http - http
- http2 - http2
- https - https
- ssl - ssl
- tls - tls
- nginx - nginx
- cdn - cdn
dependencies: [] dependencies: []

31
tasks/install_Debian.yml
View File

@ -7,7 +7,7 @@
- name: APT | Update cache - name: APT | Update cache
apt: apt:
update_cache: yes update_cache: true
cache_valid_time: 3600 cache_valid_time: 3600
changed_when: false changed_when: false
@ -33,22 +33,21 @@
- block: - block:
- name: APT | Install git - name: APT | Install git
apt: apt:
pkg: git pkg: git
- name: GIT | Get acme.sh - name: GIT | Get acme.sh
git: git:
repo: 'https://github.com/Neilpang/acme.sh.git' repo: 'https://github.com/Neilpang/acme.sh.git'
dest: '{{ nginx_acmesh_git_dir }}' dest: '{{ nginx_acmesh_git_dir }}'
update: no update: false
version: master version: master
- name: COMMAND | Install acme.sh - name: COMMAND | Install acme.sh
command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}" command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
args: args:
chdir: "{{ nginx_acmesh_git_dir }}" chdir: "{{ nginx_acmesh_git_dir }}"
creates: "{{ nginx_acmesh_dir }}" creates: "{{ nginx_acmesh_dir }}"
when: not acme.stat.exists when: not acme.stat.exists

2
tasks/install_FreeBSD.yml
View File

@ -56,4 +56,4 @@
- name: SERVICE | Enable nginx - name: SERVICE | Enable nginx
service: service:
name: nginx name: nginx
enabled: yes enabled: true

4
tasks/prepare.yml
View File

@ -6,7 +6,7 @@
executable: /bin/sh executable: /bin/sh
register: nginx_version register: nginx_version
changed_when: false changed_when: false
check_mode: no check_mode: false
tags: tags:
- skip_ansible_lint - skip_ansible_lint
@ -22,7 +22,7 @@
executable: /bin/sh executable: /bin/sh
register: shell_modules register: shell_modules
changed_when: false changed_when: false
check_mode: no check_mode: false
tags: tags:
- skip_ansible_lint - skip_ansible_lint

126
tasks/ssl/acme.yml
View File

@ -20,79 +20,79 @@
- name: BLOCK | Start acme - name: BLOCK | Start acme
block: block:
- name: TEMPLATE | Create fake site - name: TEMPLATE | Create fake site
template: template:
src: "etc/nginx/conf.d/FAKESITE.conf.j2" src: "etc/nginx/conf.d/FAKESITE.conf.j2"
dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
register: fake_site register: fake_site
- name: FILE | Delete current site if needed - name: FILE | Delete current site if needed
file: file:
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}" path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
state: absent state: absent
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
when: fake_site.changed when: fake_site.changed
- name: SERVICE | Restart nginx - name: SERVICE | Restart nginx
service: service:
name: nginx name: nginx
state: restarted state: restarted
when: fake_site.changed and ansible_virtualization_type != 'docker' when: fake_site.changed and ansible_virtualization_type != 'docker'
- name: COMMAND | Restart nginx - name: COMMAND | Restart nginx
command: service nginx restart command: service nginx restart
args: args:
warn: false warn: false
when: fake_site.changed and ansible_virtualization_type == 'docker' when: fake_site.changed and ansible_virtualization_type == 'docker'
- name: COMMAND | Get certificates - name: COMMAND | Get certificates
command: | command: |
{{ nginx_acmesh_bin }} {{ nginx_acmesh_bin }}
--home {{ nginx_acmesh_dir }} --home {{ nginx_acmesh_dir }}
--issue{% for s in nginx_sites | nginx_search_by_ssl_name(item.name) | nginx_all_site_names %} -d {{ s }}{% endfor %} --issue{% for s in nginx_sites | nginx_search_by_ssl_name(item.name) | nginx_all_site_names %} -d {{ s }}{% endfor %}
--nginx --nginx
{% if nginx_acmesh_test %}--test --log{% endif %} {% if nginx_acmesh_test %}--test --log{% endif %}
args: args:
creates: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/fullchain.cer" creates: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/fullchain.cer"
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
register: acme_get register: acme_get
failed_when: acme_get.rc != 0 and acme_get.rc != 2 failed_when: acme_get.rc != 0 and acme_get.rc != 2
no_log: "{{ not nginx_debug_role }}" no_log: "{{ not nginx_debug_role }}"
- name: FILE | Create SSL dir per site - name: FILE | Create SSL dir per site
file: file:
path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}" path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
- name: COMMAND | Install certificates - name: COMMAND | Install certificates
command: | command: |
{{ nginx_acmesh_bin }} {{ nginx_acmesh_bin }}
--home {{ nginx_acmesh_dir }} --home {{ nginx_acmesh_dir }}
--install-cert -d {{ nginx_sites | nginx_search_by_ssl_name(item | nginx_site_name) | nginx_site_name }} --install-cert -d {{ nginx_sites | nginx_search_by_ssl_name(item | nginx_site_name) | nginx_site_name }}
--fullchain-file {{ item | nginx_cert_path(nginx_ssl_dir) }} --fullchain-file {{ item | nginx_cert_path(nginx_ssl_dir) }}
--key-file {{ item | nginx_key_path(nginx_ssl_dir) }} --key-file {{ item | nginx_key_path(nginx_ssl_dir) }}
--reloadcmd "service nginx reload" --reloadcmd "service nginx reload"
args: args:
creates: "{{ item | nginx_cert_path(nginx_ssl_dir) }}" creates: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
loop: "{{ nginx_ssl_pairs }}" loop: "{{ nginx_ssl_pairs }}"
when: item.acme is defined and item.acme when: item.acme is defined and item.acme
notify: restart nginx notify: restart nginx
rescue: rescue:
- name: FAIL | Explicit - name: FAIL | Explicit
fail: fail:
msg: "Something is bad... Auto crash!" msg: "Something is bad... Auto crash!"
always: always:
- name: FILE | Delete fake sites - name: FILE | Delete fake sites
file: file:
path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf" path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
state: absent state: absent
loop: "{{ acme_create }}" loop: "{{ acme_create }}"
notify: restart nginx notify: restart nginx
- name: META | Flush handlers - name: META | Flush handlers
meta: flush_handlers meta: flush_handlers

4
tasks/ssl/standard.yml
View File

@ -5,7 +5,7 @@
- name: STAT | Get info about DH file - name: STAT | Get info about DH file
stat: stat:
path: "{{ nginx_dh_path }}" path: "{{ nginx_dh_path }}"
get_checksum: no get_checksum: false
register: stat_dh_file register: stat_dh_file
- name: SHELL | Get info about DH file - name: SHELL | Get info about DH file
@ -56,8 +56,6 @@
notify: restart nginx notify: restart nginx
no_log: "{{ not nginx_debug_role }}" no_log: "{{ not nginx_debug_role }}"
- name: COMMAND | Create self-signed certificates - name: COMMAND | Create self-signed certificates
command: | command: |
openssl req openssl req

1
tests/includes/post_Debian.yml
View File

@ -1,2 +1 @@
--- ---

1
tests/includes/post_FreeBSD.yml
View File

@ -1,2 +1 @@
--- ---

8
tests/includes/pre_Debian.yml
View File

@ -9,7 +9,7 @@
- name: APT | Install needed packages - name: APT | Install needed packages
apt: apt:
pkg: "{{ packages }}" pkg: "{{ packages }}"
update_cache: yes update_cache: true
cache_valid_time: 3600 cache_valid_time: 3600
state: present state: present
vars: vars:
@ -27,7 +27,7 @@
- name: APT | Install PHP - name: APT | Install PHP
apt: apt:
pkg: "{{ pkgs }}" pkg: "{{ pkgs }}"
update_cache: yes update_cache: true
cache_valid_time: 3600 cache_valid_time: 3600
state: present state: present
vars: vars:
@ -61,7 +61,7 @@
unarchive: unarchive:
src: "/tmp/ngrok.zip" src: "/tmp/ngrok.zip"
dest: "/tmp" dest: "/tmp"
remote_src: yes remote_src: true
- name: SET_FACT | ngrok_path - name: SET_FACT | ngrok_path
set_fact: set_fact:
@ -70,7 +70,7 @@
- name: USER | Create PHP User foo - name: USER | Create PHP User foo
user: user:
name: foo name: foo
system: yes system: true
- name: INCLUDE_ROLE | HanXHX.php - name: INCLUDE_ROLE | HanXHX.php
include_role: include_role:

10
tests/includes/pre_FreeBSD.yml
View File

@ -17,8 +17,6 @@
sockets: sockets:
- host: '127.0.0.1' - host: '127.0.0.1'
port: 9000 port: 9000
# nginx_load_modules:
# - /usr/local/libexec/nginx/ngx_http_geoip_module.so
ngrok_path: '/usr/local/bin/ngrok' ngrok_path: '/usr/local/bin/ngrok'
- name: PKGNG | Install needed packages - name: PKGNG | Install needed packages
@ -30,22 +28,16 @@
- curl - curl
- daemonize - daemonize
- fcgiwrap - fcgiwrap
# - GeoIP
- jq - jq
- nghttp2 - nghttp2
- php74 - php74
- vim - vim
#- name: COMMAND | Get geoip database
# command: geoipupdate.sh
# args:
# creates: /usr/local/share/GeoIP/GeoIP.dat
- name: SERVICE | Force start services - name: SERVICE | Force start services
service: service:
name: "{{ item }}" name: "{{ item }}"
state: started state: started
enabled: yes enabled: true
register: sf register: sf
loop: loop:
- php-fpm - php-fpm

2
tests/includes/pre_common.yml
View File

@ -24,7 +24,7 @@
lineinfile: lineinfile:
line: "set mouse=" line: "set mouse="
dest: "{{ item }}/.vimrc" dest: "{{ item }}/.vimrc"
create: yes create: true
loop: loop:
- /root - /root
- /home/vagrant - /home/vagrant

144
tests/test.yml
View File

@ -39,13 +39,13 @@
{% endif %} {% endif %}
{% endfor %} {% endfor %}
dest: "/etc/hosts" dest: "/etc/hosts"
unsafe_writes: yes unsafe_writes: true
vars: vars:
# Internal vars # Internal vars
int_ansible_ssl_dir: '/etc/ansible-ssl' int_ansible_ssl_dir: '/etc/ansible-ssl'
# Role vars # Role vars
nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
nginx_apt_package: 'nginx-extras' nginx_apt_package: 'nginx-extras'
nginx_module_packages: ['libnginx-mod-http-headers-more-filter'] nginx_module_packages: ['libnginx-mod-http-headers-more-filter']
nginx_upstreams: nginx_upstreams:
@ -85,7 +85,7 @@
force: false force: false
- name: - name:
- 'test-ssl-predeployed.local' - 'test-ssl-predeployed.local'
- 'test-multiple-name.local' # Hack: tests for acme with multiple name, without using acme - 'test-multiple-name.local' # Hack: tests for acme with multiple name, without using acme
dest_key: "{{ int_ansible_ssl_dir }}/test.key" dest_key: "{{ int_ansible_ssl_dir }}/test.key"
dest_cert: "{{ int_ansible_ssl_dir }}/test.crt" dest_cert: "{{ int_ansible_ssl_dir }}/test.crt"
- name: 'test-ssl.local' - name: 'test-ssl.local'
@ -154,7 +154,7 @@
- 'test-alias.local' - 'test-alias.local'
- 'test2-alias.local' - 'test2-alias.local'
template: '_base' template: '_base'
filename : 'first-test' filename: 'first-test'
override_try_files: '$uri/ $uri =404' override_try_files: '$uri/ $uri =404'
headers: headers:
'X-Frame-Options': 'deny always' 'X-Frame-Options': 'deny always'
@ -283,15 +283,15 @@
roles: roles:
- ../../ - ../../
post_tasks: post_tasks:
# -------------------------------- # --------------------------------
# Apps # Apps
# -------------------------------- # --------------------------------
- name: INCLUDE_TASKS | Post_tasks related to OS version - name: INCLUDE_TASKS | Post_tasks related to OS version
include_tasks: "includes/post_{{ ansible_distribution }}.yml" include_tasks: "includes/post_{{ ansible_distribution }}.yml"
# -------------------------------- # --------------------------------
# Deploy index files # Deploy index files
# -------------------------------- # --------------------------------
- name: -- Add PHP file -- - name: -- Add PHP file --
copy: copy:
dest: "{{ nginx_root }}/{{ item }}/public/index.php" dest: "{{ nginx_root }}/{{ item }}/public/index.php"
@ -325,15 +325,16 @@
dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html" dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html"
content: "hello\n" content: "hello\n"
# -------------------------------- # --------------------------------
# Test custom facts # Test custom facts
# -------------------------------- # --------------------------------
- name: -- CHECK FACTS -- - name: -- CHECK FACTS --
assert: assert:
that: "'{{ ansible_local.nginx.fact_nginx_sites[0].name[0] }}' == 'test.local'" that: "'{{ ansible_local.nginx.fact_nginx_sites[0].name[0] }}' == 'test.local'"
# --------------------------------
# Simple sites tests # --------------------------------
# -------------------------------- # Simple sites tests
# --------------------------------
- name: -- VERIFY SITES -- - name: -- VERIFY SITES --
uri: uri:
url: "http://{{ item | nginx_site_name }}{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/" url: "http://{{ item | nginx_site_name }}{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
@ -362,18 +363,18 @@
url: "https://{{ item.redirect_from[0] }}:{{ item.listen_ssl[0] | default(443) }}/" url: "https://{{ item.redirect_from[0] }}:{{ item.listen_ssl[0] | default(443) }}/"
status_code: 301 status_code: 301
follow_redirects: none follow_redirects: none
validate_certs: no validate_certs: false
loop: "{{ nginx_sites }}" loop: "{{ nginx_sites }}"
when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and item.proto is defined and 'https' in item.proto when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and item.proto is defined and 'https' in item.proto
changed_when: false changed_when: false
# -------------------------------- # --------------------------------
# PHP # PHP
# -------------------------------- # --------------------------------
- name: -- VERIFY PHP SITES -- - name: -- VERIFY PHP SITES --
uri: uri:
url: "http://{{ item.name }}/" url: "http://{{ item.name }}/"
return_content: yes return_content: true
register: p register: p
loop: "{{ nginx_sites }}" loop: "{{ nginx_sites }}"
when: > when: >
@ -384,13 +385,13 @@
- name: -- VERIFY INDEX2 -- - name: -- VERIFY INDEX2 --
uri: uri:
url: "http://test-php-index2.local/lorem.php?ipsum=sit&dolor=amet" url: "http://test-php-index2.local/lorem.php?ipsum=sit&dolor=amet"
return_content: yes return_content: true
register: p2 register: p2
failed_when: p2.content.find('PHP Version') == -1 failed_when: p2.content.find('PHP Version') == -1
# -------------------------------- # --------------------------------
# Basic Auth # Basic Auth
# -------------------------------- # --------------------------------
- name: -- VERIFY AUTH BASIC NONE -- - name: -- VERIFY AUTH BASIC NONE --
uri: uri:
url: "http://test-htpasswd.local/hello/" url: "http://test-htpasswd.local/hello/"
@ -402,14 +403,14 @@
status_code: 401 status_code: 401
user: "fail" user: "fail"
password: "fail" password: "fail"
force_basic_auth: yes force_basic_auth: true
- name: -- VERIFY AUTH BASIC OK -- - name: -- VERIFY AUTH BASIC OK --
uri: uri:
url: "http://test-htpasswd.local/hello/" url: "http://test-htpasswd.local/hello/"
user: "hanx" user: "hanx"
password: "qwerty" password: "qwerty"
force_basic_auth: yes force_basic_auth: true
- name: -- VERIFY AUTH BASIC FAIL GLOBAL -- - name: -- VERIFY AUTH BASIC FAIL GLOBAL --
uri: uri:
@ -417,23 +418,23 @@
status_code: 401 status_code: 401
user: "fail" user: "fail"
password: "fail" password: "fail"
force_basic_auth: yes force_basic_auth: true
- name: -- VERIFY AUTH BASIC OK GLOBAL -- - name: -- VERIFY AUTH BASIC OK GLOBAL --
uri: uri:
url: "http://test-htpasswd-all.local/" url: "http://test-htpasswd-all.local/"
user: "hanx" user: "hanx"
password: "qwerty" password: "qwerty"
force_basic_auth: yes force_basic_auth: true
# -------------------------------- # --------------------------------
# SSL # SSL
# -------------------------------- # --------------------------------
- name: -- VERIFY SSL -- - name: -- VERIFY SSL --
uri: uri:
url: "https://{{ item }}/" url: "https://{{ item }}/"
return_content: yes return_content: true
validate_certs: no validate_certs: false
register: sslok register: sslok
failed_when: sslok.content.find('Index HTML test OK') == -1 failed_when: sslok.content.find('Index HTML test OK') == -1
loop: loop:
@ -445,9 +446,9 @@
- name: -- VERIFY SSL REDIRECT -- - name: -- VERIFY SSL REDIRECT --
uri: uri:
url: "http://{{ item.name }}/" url: "http://{{ item.name }}/"
validate_certs: no validate_certs: false
status_code: 301 status_code: 301
return_content: yes return_content: true
follow_redirects: none follow_redirects: none
register: sslredirok register: sslredirok
failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location' failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location'
@ -458,13 +459,13 @@
- name: 'test-ssl-redirect-many2.local' - name: 'test-ssl-redirect-many2.local'
port: '8443' port: '8443'
# -------------------------------- # --------------------------------
# Default sites # Default sites
# -------------------------------- # --------------------------------
- name: -- VERIFY DEFAULT SITE -- - name: -- VERIFY DEFAULT SITE --
uri: uri:
url: 'http://127.0.0.1/' url: 'http://127.0.0.1/'
return_content: yes return_content: true
register: vdefault register: vdefault
failed_when: > failed_when: >
vdefault.content.find('Index HTML test OK') == -1 or vdefault.content.find('Index HTML test OK') == -1 or
@ -473,7 +474,7 @@
- name: -- VERIFY DEFAULT SITE + STUB STATUS-- - name: -- VERIFY DEFAULT SITE + STUB STATUS--
uri: uri:
url: 'http://127.0.0.1/status' url: 'http://127.0.0.1/status'
return_content: yes return_content: true
register: vdefault_status register: vdefault_status
failed_when: > failed_when: >
vdefault_status.content.find('Active connections') == -1 or vdefault_status.content.find('Active connections') == -1 or
@ -482,8 +483,8 @@
- name: -- VERIFY DEFAULT SSL SITE -- - name: -- VERIFY DEFAULT SSL SITE --
uri: uri:
url: 'https://127.0.0.1/' url: 'https://127.0.0.1/'
return_content: yes return_content: true
validate_certs: no validate_certs: false
register: vdefault register: vdefault
failed_when: > failed_when: >
vdefault.content.find('Index HTML test OK') == -1 or vdefault.content.find('Index HTML test OK') == -1 or
@ -492,55 +493,46 @@
- name: -- VERIFY NOT DEFAULT SITE -- - name: -- VERIFY NOT DEFAULT SITE --
uri: uri:
url: 'http://test-php.local/' url: 'http://test-php.local/'
return_content: yes return_content: true
register: vphp register: vphp
failed_when: vphp.x_ansible_default is defined failed_when: vphp.x_ansible_default is defined
- name: -- VERIFY NOT DEFAULT SSL SITE -- - name: -- VERIFY NOT DEFAULT SSL SITE --
uri: uri:
url: 'https://test-ssl.local/' url: 'https://test-ssl.local/'
return_content: yes return_content: true
validate_certs: no validate_certs: false
register: notdefaultssl register: notdefaultssl
failed_when: notdefaultssl.x_ansible_default is defined failed_when: notdefaultssl.x_ansible_default is defined
# --------------------------------
# -------------------------------- # Check Proxy protocol
# Check Proxy protocol # Note: Debian Stretch doesn't any version of curl with "--haproxy-protocol" argument
# -------------------------------- # --------------------------------
# Note: Debian Stretch doesn't any version of curl with "--haproxy-protocol" argument
- block: - block:
- name: SHELL | Check HTTP proxy protocol - name: SHELL | Check HTTP proxy protocol
shell: curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol' shell: curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
args: args:
executable: /bin/sh executable: /bin/sh
warn: no warn: false
changed_when: false changed_when: false
tags:
- skip_ansible_lint
- name: SHELL | Check HTTPS proxy protocol - name: SHELL | Check HTTPS proxy protocol
shell: curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol' shell: curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
args: args:
executable: /bin/sh executable: /bin/sh
warn: no warn: false
changed_when: false changed_when: false
tags:
- skip_ansible_lint
when: not (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('9', 'eq')) when: not (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('9', 'eq'))
# -------------------------------- # --------------------------------
# Check HTTP2 # Check HTTP2
# -------------------------------- # --------------------------------
- name: SHELL | Check HTTP2 - name: SHELL | Check HTTP2
shell: nghttp -nv https://localhost 2> /dev/null | grep -q h2 shell: nghttp -nv https://localhost 2> /dev/null | grep -q h2
args: args:
executable: /bin/sh executable: /bin/sh
changed_when: false changed_when: false
when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules
tags:
- skip_ansible_lint

2
vars/Debian.yml
View File

@ -1,3 +1,5 @@
---
nginx_events_use: 'epoll' nginx_events_use: 'epoll'
nginx_pid: '/run/nginx.pid' nginx_pid: '/run/nginx.pid'
nginx_etc_dir: '/etc/nginx' nginx_etc_dir: '/etc/nginx'

2
vars/FreeBSD.yml
View File

@ -1,3 +1,5 @@
---
nginx_events_use: 'kqueue' nginx_events_use: 'kqueue'
nginx_pid: '/var/run/nginx.pid' nginx_pid: '/var/run/nginx.pid'
nginx_etc_dir: '/usr/local/etc/nginx' nginx_etc_dir: '/usr/local/etc/nginx'

2
vars/main.yml
View File

@ -1,3 +1,5 @@
---
nginx_upstream_server_params: nginx_upstream_server_params:
- key: 'weight' - key: 'weight'
default: 1 default: 1