From 9a52e83315c9cfa35bce14b6a5e98d2a69f837d4 Mon Sep 17 00:00:00 2001
From: Emilien Mantel <emilien.mantel@triplestack.fr>
Date: Mon, 2 Jun 2025 10:30:32 +0200
Subject: [PATCH] :alembic: Modernize role

- Drop ngrok support
- Do not link legacy tests files
---
 .github/workflows/molecule.yml                |   3 +-
 molecule/_shared/base.yml                     |   3 +
 molecule/_shared/converge.yml                 |  17 +-
 .../_shared/group_vars/all/main.yml           |  24 +-
 molecule/_shared/prepare.yml                  | 108 ++++++-
 molecule/_shared/vars/misc.yml                | 259 -----------------
 molecule/_shared/verify.yml                   | 265 +++++++++++++++++-
 tasks/ssl/acme.yml                            |   2 +-
 tests/file/test.crt                           |  19 --
 tests/file/test.key                           |  28 --
 10 files changed, 376 insertions(+), 352 deletions(-)
 rename tests/group_vars/all.yml => molecule/_shared/group_vars/all/main.yml (95%)
 delete mode 100644 molecule/_shared/vars/misc.yml
 delete mode 100644 tests/file/test.crt
 delete mode 100644 tests/file/test.key

diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml
index 37d38de..ea12ae4 100644
--- a/.github/workflows/molecule.yml
+++ b/.github/workflows/molecule.yml
@@ -32,11 +32,10 @@ jobs:
           path: "${{ github.repository }}"
 
       - name: Molecule
-        uses: gofrolist/molecule-action@v2.3.19
+        uses: gofrolist/molecule-action@v2.7.62
         with:
           molecule_options: --base-config molecule/_shared/base.yml
           molecule_args: --scenario-name ${{ matrix.scenario }}
-          molecule_working_dir: "HanXHX/ansible-nginx"
         continue-on-error: ${{ matrix.allowed-to-fail }}
 
       - name: Fake command
diff --git a/molecule/_shared/base.yml b/molecule/_shared/base.yml
index 0101203..54e7092 100644
--- a/molecule/_shared/base.yml
+++ b/molecule/_shared/base.yml
@@ -35,5 +35,8 @@ provisioner:
     converge: ../_shared/converge.yml
     prepare: ../_shared/prepare.yml
     verify: ../_shared/verify.yml
+  inventory:
+    links:
+      group_vars: ../_shared/group_vars
 verifier:
   name: ansible
diff --git a/molecule/_shared/converge.yml b/molecule/_shared/converge.yml
index 7f830f0..73a8110 100644
--- a/molecule/_shared/converge.yml
+++ b/molecule/_shared/converge.yml
@@ -1,20 +1,9 @@
 ---
 
-- name: Converge
+- name: Converge  # noqa: role-name[path]
   hosts: all
   gather_facts: true
-  vars_files:
-    - vars/misc.yml
   vars:
     nginx_debug_role: true
-  tasks:
-    - name: SHELL | Get ngrok public address
-      ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3
-      args:
-        executable: /bin/bash
-      register: ngrok
-      changed_when: false
-
-    - name: Include role
-      ansible.builtin.include_role:
-        name: "hanxhx.nginx"
+  roles:
+    - ../../../
diff --git a/tests/group_vars/all.yml b/molecule/_shared/group_vars/all/main.yml
similarity index 95%
rename from tests/group_vars/all.yml
rename to molecule/_shared/group_vars/all/main.yml
index 504657e..d6a86ae 100644
--- a/tests/group_vars/all.yml
+++ b/molecule/_shared/group_vars/all/main.yml
@@ -42,8 +42,6 @@ nginx_acmesh: true
 nginx_acmesh_test: true
 
 nginx_ssl_pairs:
-  - name: '{{ ngrok.stdout }}'
-    acme: true
   - name: 'test-ssl-selfsigned.local'
     self_signed: true
     force: false
@@ -236,17 +234,17 @@ nginx_sites:
     ssl_name: 'test-ssl.local'
     headers:
       'X-Proxy-Protocol': '1'
-  - name: '{{ ngrok.stdout }}'
-    proto: ['http', 'https']
-    listen_proxy_protocol: [21080]
-    listen_proxy_protocol_ssl: [21443]
-    template: '_base'
-    ssl_name: '{{ ngrok.stdout }}'
-    headers:
-      'X-acme': '1'
-  - name: 'test-custom-template.local'
-    custom_template: 'templates/custom_template.conf.j2'
-    root: '/tmp/custom-template'
+#  - name: '{{ ngrok.stdout }}'
+#    proto: ['http', 'https']
+#    listen_proxy_protocol: [21080]
+#    listen_proxy_protocol_ssl: [21443]
+#    template: '_base'
+#    ssl_name: '{{ ngrok.stdout }}'
+#    headers:
+#      'X-acme': '1'
+#  - name: 'test-custom-template.local'
+#    custom_template: 'templates/custom_template.conf.j2'
+#    root: '/tmp/custom-template'
 
 nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}"
 nginx_dh_length: 1024
diff --git a/molecule/_shared/prepare.yml b/molecule/_shared/prepare.yml
index 01d50cc..c4dc253 100644
--- a/molecule/_shared/prepare.yml
+++ b/molecule/_shared/prepare.yml
@@ -3,13 +3,107 @@
 - name: Prepare
   hosts: all
   gather_facts: true
-  vars_files:
-    - vars/misc.yml
-
   tasks:
+    - name: APT_REPOSITORY | Install backports
+      ansible.builtin.apt_repository:
+        repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main'
+        state: present
+      when: nginx_backports is defined and nginx_backports
 
-    - name: INCLUDE_TASKS | Pre tasks related to OS
-      ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml"
+    - name: APT | Install needed packages
+      ansible.builtin.apt:
+        pkg: "{{ packages }}"
+        update_cache: true
+        cache_valid_time: 3600
+        state: present
+      vars:
+        packages:
+          - cron
+          - curl
+          - daemonize
+          - jq
+          - nghttp2
+          - strace
+          - vim
+          - unzip
 
-    - name: INCLUDE_TASKS | Pre_tasks common
-      ansible.builtin.include_tasks: "../../tests/includes/pre_common.yml"
+    - name: APT | Install PHP
+      ansible.builtin.apt:
+        pkg: "{{ pkgs }}"
+        update_cache: true
+        cache_valid_time: 3600
+        state: present
+      vars:
+        pkgs:
+          - php-cli
+          - php-fpm
+
+    - name: SHELL | Get current PHP version  # noqa: risky-shell-pipe
+      ansible.builtin.shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}'
+      changed_when: false
+      register: cur_php_version
+
+    - name: SERVICE | Ensure PHP-FPM is started
+      ansible.builtin.service:
+        name: "php{{ cur_php_version.stdout }}-fpm"
+        state: started
+
+    - name: USER | Create PHP User foo
+      ansible.builtin.user:
+        name: foo
+        system: true
+
+    - name: INCLUDE_ROLE | hanxhx.php
+      ansible.builtin.include_role:
+        name: "hanxhx.php"
+      vars:
+        php_version: "{{ cur_php_version.stdout }}"
+        php_autoremove_default_pool: false
+        php_fpm_poold:
+          - name: 'hx_unix'
+            user: 'foo'
+            php_value:
+              display_errors: 'Off'
+            php_admin_value:
+              memory_limit: '98M'
+          - name: 'hx_ip'
+            listen: '127.0.0.1:9636'
+
+    - name: FILE | Create an internal SSL dir
+      ansible.builtin.file:
+        path: "{{ int_ansible_ssl_dir }}"
+        state: directory
+        mode: 0750
+        owner: root
+        group: root
+
+    - name: COPY | Deploy test cert/key
+      ansible.builtin.copy:
+        src: "file/{{ item }}"
+        dest: "{{ int_ansible_ssl_dir }}/{{ item }}"
+        mode: 0640
+        owner: root
+        group: root
+      loop:
+        - 'test.key'
+        - 'test.crt'
+
+    - name: COPY | Add all hosts in /etc/hosts
+      ansible.builtin.copy:
+        content: |
+          127.0.0.1 localhost
+          {% for s in nginx_sites %}
+          {% if s.name is string %}
+          127.0.0.1 {{ s.name }}
+          {% else %}
+          127.0.0.1 {% for n in s.name %}{{ n }} {% endfor %}
+          {% endif %}
+          {% if s.redirect_from is defined %}
+          127.0.0.1 {% for rf in s.redirect_from %}{{ rf }} {% endfor %}
+          {% endif %}
+          {% endfor %}
+        dest: "/etc/hosts"
+        mode: 0644
+        owner: root
+        group: root
+        unsafe_writes: true
diff --git a/molecule/_shared/vars/misc.yml b/molecule/_shared/vars/misc.yml
deleted file mode 100644
index 3cbe715..0000000
--- a/molecule/_shared/vars/misc.yml
+++ /dev/null
@@ -1,259 +0,0 @@
----
-
-# Force SysVinit, since systemd won't work in a Docker container
-ansible_service_mgr: "sysvinit"
-
-# ----------------------------------------
-# Copied from {role_dir}/tests/group_vars/all.yml
-# ----------------------------------------
-
-# Internal vars
-int_ansible_ssl_dir: '/etc/ansible-ssl'
-# Role vars
-nginx_worker_processes: 1    # Ansible+FreeBSD can't detect CPU number
-nginx_apt_package: 'nginx-extras'
-nginx_module_packages: ['libnginx-mod-http-headers-more-filter']
-nginx_custom_core:
-  - 'worker_rlimit_nofile 4242;'
-
-nginx_upstreams:
-  - name: 'test'
-    servers:
-      - path: '127.0.0.1:80'
-        max_conns: 150
-        weight: 10
-        down: false
-  - name: 'test-absent'
-    servers:
-      - path: '127.0.0.1:80'
-        max_conns: 150
-        weight: 10
-        down: false
-    state: 'absent'
-
-nginx_htpasswd:
-  - name: 'hello'
-    description: 'Please login!'
-    users:
-      - name: 'hx'
-        password: 'asdfg'
-        state: 'absent'
-      - name: 'hanx'
-        password: 'qwerty'
-  - name: 'deleteme'
-    description: 'Please login!'
-    users: []
-    state: 'absent'
-
-nginx_acmesh: true
-nginx_acmesh_test: true
-
-nginx_ssl_pairs:
-  - name: '{{ ngrok.stdout }}'
-    acme: true
-  - name: 'test-ssl-selfsigned.local'
-    self_signed: true
-    force: false
-  - name:
-      - 'test-ssl-predeployed.local'
-      - 'test-multiple-name.local'    # Hack: tests for acme with multiple name, without using acme
-    dest_key: "{{ int_ansible_ssl_dir }}/test.key"
-    dest_cert: "{{ int_ansible_ssl_dir }}/test.crt"
-  - name: 'test-ssl.local'
-    key: |
-      -----BEGIN RSA PRIVATE KEY-----
-      MIIEpAIBAAKCAQEAvavrJWFp3Al2VwRgKx+4Y2mbRRvoxvyd2pyN0xMJ/tCJscaG
-      8s60v6WZ9FcCOeMkSI2DXsk4z7pbQdQn0h2GDr/5MOJkPAVWSWEN46tpaLZ3v0zp
-      88ZIbnEk1G0PsdFuW/pnLsakPlAMrl1VArFsV6YsatLt30UIYYcRO97StkoOehCx
-      A5w+XqtfHZeQZ0/DS81633gwYUcMuSTUFZ60r7ge1/m77DTSKg3rTVk5sebP8cjS
-      +aWHvxP/GyvvDsT+3gjRJx2/5O3JkfH0zaOsaU2Avj0PR0c5rhynrNO/l1k+GJJB
-      cbBrM+yA8Ofzp4oXUrCfaIq3RuL3Pd+khcKsiwIDAQABAoIBAQCPpAMQ7BUfbosQ
-      m1+5SOx7XR8Z12kSSX3CcY12rJSFRakB2TeZ6rE38lIFmV82N67iw0kaH4nGx3sU
-      /3aoyXMc+IXfX5RJYEFYkQfTw5ywkH9fgQAsfZ2dBlK+DVo1cEYDoj9CTW1VQ4pX
-      Ape+0l8agd5hiBxdWgpe0ctbbARnx584viLiA/iPBDNxKi9zEYw+WP7hSj5QWahr
-      a09tubcC4L6tjvv8CoZTRSKfCW64vWRDvE6vmA+zJN9Arc1WTYzF1KO1Gybwf8h7
-      stJb191smAgGDFhKo0j58ncyAnrS1k4mapm86QQhlfIA6DKvvC0qm3KdQns5b7HM
-      PyzW0hwBAoGBAO2mTVTOsziom9vtBwM0nRMMEgynR2X3EKMJz2mjcCf66f1F+aQ5
-      DvQFM2V8S2s1nGnPh8NKKZ8DxW1NKuR4qx82zeAXpUs9ibHxOnw4YRC485zqc2Wt
-      fSO1OEDYeKyzWP1nGGtCntYUXzJnWn/wz0mBGKzLKTuLwyFIKx1b7bybAoGBAMxR
-      N+lT57rX6d4GUqcgNOuWMZ/D8egnE5+hsoiFnHOisRLOgUgBBSy4rwAZx+rdHYT+
-      RO11L1PLYEzyvnO0f13R+N7aqKwNXDSzZGA+jb4pjkVidIC2smG/JYKJH5Z+kakw
-      mwMKP0wdRZJsCaMgScHmWJS8d6Ox/XJJoWrTWTbRAoGAWJlEgVaiaIArwz1F/QLz
-      gHNik0cWDkSi9jWlFxwwpycbbypUXM5M7dq2g6JoN6sACk6trbgLdlYgl5RKZm06
-      VuPGs0H9hOSHXkix5jfasDJT2G9r4D9ixRo9w6cwriobBjYWW3612tgzeYYgrkwn
-      655uhZUkZSfA8rqGIGbyZfsCgYAf5WH8G+wmIATTc1s92epJCOZwUY+XNVp75itP
-      4sPczX4lOHW4PuiG5cH0GxI5mRE9rNAn3c5on2xGNvMCbyAfDmNyruH8Eg3d8E9w
-      MvO/xw79x/P2EA9i8QszCKMUxGeK6RqZ6+SbxkoRJKqQe77n9UTI228179hoGhSH
-      77ySsQKBgQC8SSZn6a8PpSIIFXB9WCFMwfGFYbUz0wvpaeZP8GKx3BEzMeJqSUaJ
-      hrQgpwQXkueeamlCQcvV3AUCoBRWTYRLDrWiUIXuIgikDWBFp6TBvTnVRI7iktly
-      fNED7jXOSjJqnFmdkZlAI5V8dM++mVYVykJD6jcaVRQvxqFLrhSaRg==
-      -----END RSA PRIVATE KEY-----
-    cert: |
-      -----BEGIN CERTIFICATE-----
-      MIIDBTCCAe2gAwIBAgIJALKJfbk5vuieMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNV
-      BAMMDnRlc3Qtc3NsLmxvY2FsMB4XDTE2MDExMTE2NDI0NFoXDTI2MDEwODE2NDI0
-      NFowGTEXMBUGA1UEAwwOdGVzdC1zc2wubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUA
-      A4IBDwAwggEKAoIBAQC9q+slYWncCXZXBGArH7hjaZtFG+jG/J3anI3TEwn+0Imx
-      xobyzrS/pZn0VwI54yRIjYNeyTjPultB1CfSHYYOv/kw4mQ8BVZJYQ3jq2lotne/
-      TOnzxkhucSTUbQ+x0W5b+mcuxqQ+UAyuXVUCsWxXpixq0u3fRQhhhxE73tK2Sg56
-      ELEDnD5eq18dl5BnT8NLzXrfeDBhRwy5JNQVnrSvuB7X+bvsNNIqDetNWTmx5s/x
-      yNL5pYe/E/8bK+8OxP7eCNEnHb/k7cmR8fTNo6xpTYC+PQ9HRzmuHKes07+XWT4Y
-      kkFxsGsz7IDw5/OnihdSsJ9oirdG4vc936SFwqyLAgMBAAGjUDBOMB0GA1UdDgQW
-      BBRaSF1L+ivPhmIVGQjtviBqZWDS9DAfBgNVHSMEGDAWgBRaSF1L+ivPhmIVGQjt
-      viBqZWDS9DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCjrgB9+Zuq
-      Rx7T2mRUl4jf75dLabuBQD0ePALTtvNyBSghhzSr90mE7GlFOYAv0JsmEa3R1LVF
-      wLPIdrIhNHpt7hN0PkhUlfgmxBnRSCfhpiq4xxsDVFM7ehtDz4+dv1LUDMXo07+E
-      f24g9aqmypiFzHisUQrYIhtQmHxRpKyGp6kDAW9qNxg6k/Um00aHdYfuD9ER4ksR
-      f8Hto7f+vssKxCRY2OZXqq13PxEwC5+hgAUkTdrycA/moXFuHJi3lCnCND7sSzvG
-      tXBggOusyFZFC4bs2m+V+Z+RN+tK2c/c0nq5HR8MV5HwIm4Z8GoT2/0BfJ00cgWL
-      lVz0gDBfdH8f
-      -----END CERTIFICATE-----
-
-nginx_custom_http:
-  - 'add_header X-ansible 1;'
-  - 'geoip_country {% if ansible_os_family == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
-  - 'map $geoip_country_code $allowed_country {'
-  - '    default yes;'
-  - '    MA no;'
-  - '    DZ no;'
-  - '    TN no;'
-  - '}'
-
-nginx_default_site: 'test.local'
-nginx_default_site_ssl: 'test-ssl-predeployed.local'
-
-nginx_sites:
-  - name:
-      - 'test.local'
-      - 'test-alias.local'
-      - 'test2-alias.local'
-    template: '_base'
-    filename: 'first-test'
-    override_try_files: '$uri/ $uri =404'
-    headers:
-      'X-Frame-Options': 'deny always'
-      'X-ansible-default': '1'
-    manage_local_content: false
-    use_error_log: true
-    more:
-      - 'autoindex off;'
-    location:
-      '/test':
-        - 'return 403;'
-      '/gunther':
-        - 'return 404;'
-      '/status':
-        - 'stub_status on;'
-        - 'access_log off;'
-        - 'allow 127.0.0.1;'
-        - 'deny all;'
-  - name: 'test-htpasswd.local'
-    template: '_base'
-    location_before:
-      '/hello':
-        - htpasswd: 'hello'
-    location:
-      '/public':
-        - htpasswd: false
-    use_error_log: true
-  - name: 'test-htpasswd-all.local'
-    template: '_base'
-    htpasswd: 'hello'
-  - name: 'test-location.local'
-    template: '_base'
-    location_before:
-      '/b':
-        - 'alias /var/tmp;'
-      '/c':
-        - 'alias /var/tmp;'
-    location:
-      '/':
-        - 'alias /var/tmp;'
-      '/a':
-        - 'alias /var/tmp;'
-    location_order_before:
-      - '/b'
-      - '/c'
-    location_order:
-      - '/'
-      - '/a'
-  - name: 'test-php.local'
-    php_upstream: "manual"
-    upstream_params:
-      - 'fastcgi_param FOO bar;'
-    redirect_from:
-      - 'www.test-php.local'
-    template: '_php'
-    use_error_log: true
-    use_access_log: true
-  - name: 'test-php-index.local'
-    template: '_php_index'
-    php_upstream: 'hx_unix'
-  - name: 'test-php-index2.local'
-    template: '_php_index2'
-    php_upstream: 'hx_ip'
-  - name: 'test-proxy.local'
-    listen:
-      - 8080
-    template: '_proxy'
-    upstream_name: 'test'
-    headers:
-      'X-proxyfied': '1'
-  - name: 'deleted.local'
-    state: 'absent'
-  - name: 'redirect-to.local'
-    redirect_to: 'http://test.local'
-  - name: 'test-ssl.local'
-    proto: ['http', 'https']
-    template: '_base'
-  - name:
-      - 'test-ssl-selfsigned.local'
-      - 'www.test-ssl-selfsigned.local'
-    proto: ['http', 'https']
-    template: '_base'
-    hsts: 'max-age=1664;'
-  - name: 'test-ssl-predeployed.local'
-    proto: ['http', 'https']
-    template: '_base'
-    ssl_name: 'test-ssl-predeployed.local'
-    headers:
-      'X-ansible-default': '1'
-    ssl_template: false
-  - name: 'test-ssl-redirect.local'
-    proto: ['https']
-    template: '_base'
-    ssl_name: 'test-ssl.local'
-    redirect_https: true
-  - name:
-      - 'test-ssl-redirect-many.local'
-      - 'test-ssl-redirect-many2.local'
-    listen_ssl: [8443]
-    proto: ['https']
-    template: '_base'
-    ssl_name: 'test-ssl.local'
-    redirect_https: true
-    redirect_from:
-      - 'www.test-ssl-redirect-many.local'
-      - 'www.test-ssl-redirect-many2.local'
-  - name: 'test-ssl-proxy-protocol.local'
-    proto: ['http', 'https']
-    listen_proxy_protocol: [20080]
-    listen_proxy_protocol_ssl: [20443]
-    template: '_base'
-    ssl_name: 'test-ssl.local'
-    headers:
-      'X-Proxy-Protocol': '1'
-  - name: '{{ ngrok.stdout }}'
-    proto: ['http', 'https']
-    listen_proxy_protocol: [21080]
-    listen_proxy_protocol_ssl: [21443]
-    template: '_base'
-    ssl_name: '{{ ngrok.stdout }}'
-    headers:
-      'X-acme': '1'
-  - name: 'test-custom-template.local'
-    custom_template: 'templates/custom_template.conf.j2'
-    root: '/tmp/custom-template'
-
-nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}"
-nginx_dh_length: 1024
diff --git a/molecule/_shared/verify.yml b/molecule/_shared/verify.yml
index b12fc8a..2f14efc 100644
--- a/molecule/_shared/verify.yml
+++ b/molecule/_shared/verify.yml
@@ -3,17 +3,264 @@
 - name: Verify
   hosts: all
   gather_facts: true
-  vars_files:
-    - vars/misc.yml
   vars:
     nginx_root: "/srv/www"
   tasks:
-    - name: SHELL | Get ngrok public address
-      ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3
-      args:
-        executable: /bin/bash
-      register: ngrok
+    # --------------------------------
+    # Deploy index files
+    # --------------------------------
+    - name: -- Add PHP file --
+      ansible.builtin.copy:
+        dest: "{{ nginx_root }}/{{ item }}/public/index.php"
+        content: "<?php phpinfo();"
+        mode: 0644
+        owner: root
+        group: root
+      loop:
+        - 'test-php.local'
+        - 'test-php-index.local'
+        - 'test-php-index2.local'
+
+    - name: -- Add Directories --
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        mode: 0755
+      loop:
+        - "{{ nginx_root }}/test-htpasswd.local/public/hello"
+        - "/tmp/custom-template"
+
+    - name: -- Add HTML file --
+      ansible.builtin.copy:
+        dest: "{{ item }}/index.html"
+        content: "Index HTML test OK\n"
+        mode: 0644
+        owner: root
+        group: root
+      loop:
+        - '{{ nginx_root }}/first-test/public'
+        - '/var/tmp'
+        - '{{ nginx_root }}/test-htpasswd-all.local/public'
+        - '{{ nginx_root }}/test-ssl.local/public'
+        - '{{ nginx_root }}/test-ssl-selfsigned.local/public'
+        - '{{ nginx_root }}/test-ssl-predeployed.local/public'
+        - '{{ nginx_root }}/test-ssl-proxy-protocol.local/public'
+
+    - name: -- Create directory --
+      ansible.builtin.file:
+        path: "{{ nginx_root }}/test-htpasswd.local/public/hello"
+        state: directory
+        mode: 0755
+        owner: root
+        group: root
+
+    - name: -- Add HTML file hello --
+      ansible.builtin.copy:
+        dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html"
+        content: "hello\n"
+        mode: 0644
+        owner: root
+        group: root
+
+    # --------------------------------
+    # Test custom facts
+    # --------------------------------
+    - name: -- CHECK FACTS --
+      ansible.builtin.assert:
+        that: "ansible_local.nginx.fact_nginx_sites[0].name[0] == 'test.local'"
+
+    # --------------------------------
+    # Simple sites tests
+    # --------------------------------
+    - name: -- VERIFY SITES --
+      ansible.builtin.uri:
+        url: "http://{{ item | nginx_site_name }}{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
+        status_code: '200,301,302,401,403'
+        follow_redirects: none
+      loop: "{{ nginx_sites }}"
+      when: item.state is undefined or item.state != "absent"
       changed_when: false
 
-    - name: INCLUDE_TASKS | Post_tasks common
-      ansible.builtin.include_tasks: "../../tests/includes/post_common.yml"
+    - name: -- VERIFY FORBIDDEN --
+      ansible.builtin.uri:
+        url: "http://test-php-index.local/phpinfo.php"
+        status_code: 403
+
+    - name: -- VERIFY REDIRECT SITES --
+      ansible.builtin.uri:
+        url: "http://{{ item.redirect_from[0] }}/"
+        status_code: 301
+        follow_redirects: none
+      loop: "{{ nginx_sites }}"
+      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and (item.proto is not defined or 'https' not in item.proto)
+      changed_when: false
+
+    - name: -- VERIFY REDIRECT HTTPS SITES --
+      ansible.builtin.uri:
+        url: "https://{{ item.redirect_from[0] }}:{{ item.listen_ssl[0] | default(443) }}/"
+        status_code: 301
+        follow_redirects: none
+        validate_certs: false
+      loop: "{{ nginx_sites }}"
+      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and item.proto is defined and 'https' in item.proto
+      changed_when: false
+
+    # --------------------------------
+    # PHP
+    # --------------------------------
+    - name: -- VERIFY PHP SITES --
+      ansible.builtin.uri:
+        url: "http://{{ item.name }}/"
+        return_content: true
+      register: p
+      loop: "{{ nginx_sites }}"
+      when: >
+        item.template is defined and
+        (item.template == '_php' or item.template == '_php_index' or item.template == '_php_index2')
+      failed_when: p.content.find('PHP Version') == -1
+
+    - name: -- VERIFY INDEX2 --
+      ansible.builtin.uri:
+        url: "http://test-php-index2.local/lorem.php?ipsum=sit&dolor=amet"
+        return_content: true
+      register: p2
+      failed_when: p2.content.find('PHP Version') == -1
+
+    # --------------------------------
+    # Basic Auth
+    # --------------------------------
+    - name: -- VERIFY AUTH BASIC NONE --
+      ansible.builtin.uri:
+        url: "http://test-htpasswd.local/hello/"
+        status_code: 401
+
+    - name: -- VERIFY AUTH BASIC FAIL --
+      ansible.builtin.uri:
+        url: "http://test-htpasswd.local/hello/"
+        status_code: 401
+        user: "fail"
+        password: "fail"
+        force_basic_auth: true
+
+    - name: -- VERIFY AUTH BASIC OK --
+      ansible.builtin.uri:
+        url: "http://test-htpasswd.local/hello/"
+        user: "hanx"
+        password: "qwerty"
+        force_basic_auth: true
+
+    - name: -- VERIFY AUTH BASIC FAIL GLOBAL --
+      ansible.builtin.uri:
+        url: "http://test-htpasswd-all.local/"
+        status_code: 401
+        user: "fail"
+        password: "fail"
+        force_basic_auth: true
+
+    - name: -- VERIFY AUTH BASIC OK GLOBAL --
+      ansible.builtin.uri:
+        url: "http://test-htpasswd-all.local/"
+        user: "hanx"
+        password: "qwerty"
+        force_basic_auth: true
+
+    # --------------------------------
+    # SSL
+    # --------------------------------
+    - name: -- VERIFY SSL --
+      ansible.builtin.uri:
+        url: "https://{{ item }}/"
+        return_content: true
+        validate_certs: false
+      register: sslok
+      failed_when: sslok.content.find('Index HTML test OK') == -1
+      loop:
+        - 'test-ssl-predeployed.local'
+        - 'test-ssl-selfsigned.local'
+        - 'test-ssl.local'
+
+    - name: -- VERIFY SSL REDIRECT --
+      ansible.builtin.uri:
+        url: "http://{{ item.name }}/"
+        validate_certs: false
+        status_code: 301
+        return_content: true
+        follow_redirects: none
+      register: sslredirok
+      failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location'
+      loop:
+        - name: 'test-ssl-redirect.local'
+        - name: 'test-ssl-redirect-many.local'
+          port: '8443'
+        - name: 'test-ssl-redirect-many2.local'
+          port: '8443'
+
+    # --------------------------------
+    # Default sites
+    # --------------------------------
+    - name: -- VERIFY DEFAULT SITE --
+      ansible.builtin.uri:
+        url: 'http://127.0.0.1/'
+        return_content: true
+      register: vdefault
+      failed_when: >
+        vdefault.content.find('Index HTML test OK') == -1 or
+        vdefault.x_ansible_default is not defined
+
+    - name: -- VERIFY DEFAULT SITE + STUB STATUS--
+      ansible.builtin.uri:
+        url: 'http://127.0.0.1/status'
+        return_content: true
+      register: vdefault_status
+      failed_when: >
+        vdefault_status.content.find('Active connections') == -1 or
+        vdefault_status.x_ansible_default is not defined
+
+    - name: -- VERIFY DEFAULT SSL SITE --
+      ansible.builtin.uri:
+        url: 'https://127.0.0.1/'
+        return_content: true
+        validate_certs: false
+      register: vdefault
+      failed_when: >
+        vdefault.content.find('Index HTML test OK') == -1 or
+        vdefault.x_ansible_default is not defined
+
+    - name: -- VERIFY NOT DEFAULT SITE --
+      ansible.builtin.uri:
+        url: 'http://test-php.local/'
+        return_content: true
+      register: vphp
+      failed_when: vphp.x_ansible_default is defined
+
+    - name: -- VERIFY NOT DEFAULT SSL SITE --
+      ansible.builtin.uri:
+        url: 'https://test-ssl.local/'
+        return_content: true
+        validate_certs: false
+      register: notdefaultssl
+      failed_when: notdefaultssl.x_ansible_default is defined
+
+    # --------------------------------
+    # Check Proxy protocol
+    # --------------------------------
+    - name: SHELL | Check HTTP proxy protocol
+      ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
+      args:
+        executable: /bin/bash
+      changed_when: false
+
+    - name: SHELL | Check HTTPS proxy protocol
+      ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
+      args:
+        executable: /bin/bash
+      changed_when: false
+
+    # --------------------------------
+    # Check HTTP2
+    # --------------------------------
+    - name: SHELL | Check HTTP2
+      ansible.builtin.shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2
+      args:
+        executable: /bin/bash
+      changed_when: false
diff --git a/tasks/ssl/acme.yml b/tasks/ssl/acme.yml
index 74f0d5e..de881e6 100644
--- a/tasks/ssl/acme.yml
+++ b/tasks/ssl/acme.yml
@@ -13,7 +13,7 @@
 
 - name: SET_FACT | Assign var with certificates to create
   ansible.builtin.set_fact:
-    acme_create: "{{ acme_create | default([]) + [(item.item)] }}"
+    acme_create: "{{ acme_create | default([]) + [item.item] }}"
   loop: "{{ acme_installed_certs.results }}"
   when: item.skipped is not defined and (not item.stat.exists or item.stat.size == 0)
 
diff --git a/tests/file/test.crt b/tests/file/test.crt
deleted file mode 100644
index 363d156..0000000
--- a/tests/file/test.crt
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDHTCCAgWgAwIBAgIJAJzUwbFlhyxIMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNV
-BAMMGnRlc3Qtc3NsLXByZWRlcGxveWVkLmxvY2FsMB4XDTE2MDExMjE2MDUxNVoX
-DTI2MDEwOTE2MDUxNVowJTEjMCEGA1UEAwwadGVzdC1zc2wtcHJlZGVwbG95ZWQu
-bG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm4q94vffiU89G
-GO7rjDfr3C32tH9sM5sXqJT+7N5BLYLF0iSRIvy33MtwFu//TV3f+8nLlQuHYVVk
-L6NEvaL8lh+nRexCQ/y+aXMh7lMhuwPXGgPR1LXsTqyDXbmV9c7k/Kwx5qHAcOb9
-d9YzmcOSO4M9v3WMl/4Zw2J7zNYruypxNBgFEwFx3NJ3AztACMYoVOIR5mS8ARX6
-xea4ddii1F41Vch+eiCGP9VZwDhEujhjy9PXvdBtYNwggM6d82Df9wwaFyIW5DU4
-PhpgAngvE2keY0GLy/LaXa6LAW+TCfPMRT2RtDuvqWr+useWF+O3n81TZqM/G7LV
-9iPxkkRNAgMBAAGjUDBOMB0GA1UdDgQWBBSzXW5UY02/S0xrrobZCVOhas6VeDAf
-BgNVHSMEGDAWgBSzXW5UY02/S0xrrobZCVOhas6VeDAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBCwUAA4IBAQC0+Tr0w9aG4f3LG3+WRGKfMopKICNEkA7JrPrvVUq8
-7UgtdrpOUZAL5AKxVVo1rHDdoL/VpjdqHdhyPzaSUl8hppCFsWmdQh4wLKGoyvcN
-AqSGpXTeLSoFJ357F2OIQpXm2lfT2fVGebwyCNFkwpp7klFnmOusSl2/v5Y5cz+A
-WvWrDg3jsNglx3mNLVcjbOSnen2PsZSmcVo27D0el6oDju8jjstyJ+Dvu0WP+CDL
-s/VolFdbei7d4r2dj86OZ/BCZurltyc0wI3NMOdUuA7q4f1MPTRu7qr/ua5ItK92
-Avc+Gjn/Y/aIhzKpPicJQDK6FzxjfhCc8xtk0EjB4IpP
------END CERTIFICATE-----
diff --git a/tests/file/test.key b/tests/file/test.key
deleted file mode 100644
index 7fbe267..0000000
--- a/tests/file/test.key
+++ /dev/null
@@ -1,28 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDm4q94vffiU89G
-GO7rjDfr3C32tH9sM5sXqJT+7N5BLYLF0iSRIvy33MtwFu//TV3f+8nLlQuHYVVk
-L6NEvaL8lh+nRexCQ/y+aXMh7lMhuwPXGgPR1LXsTqyDXbmV9c7k/Kwx5qHAcOb9
-d9YzmcOSO4M9v3WMl/4Zw2J7zNYruypxNBgFEwFx3NJ3AztACMYoVOIR5mS8ARX6
-xea4ddii1F41Vch+eiCGP9VZwDhEujhjy9PXvdBtYNwggM6d82Df9wwaFyIW5DU4
-PhpgAngvE2keY0GLy/LaXa6LAW+TCfPMRT2RtDuvqWr+useWF+O3n81TZqM/G7LV
-9iPxkkRNAgMBAAECggEAEEeZkczrRpUcP1gQuKEZbFMJFqUhevKkk+V6JAN1pGje
-GK65j1ZFNX2nBo9Hetvsq5doYidvOat+RuMpAvbQIDlBoBzJDN8YWiC7UoAocm9q
-VOdrr4btEO13MogQRuefH/xE8/vMGfKcBvFFNDw6UvxJQ7hVRIWPECf7sLj/vPOC
-OpMKghxcabQqidMPKyyHVPhQjuIvqW/SqBFpD+Ul0Ja1QGdx+p+/EwVmXnei6Kr8
-/ypULreHqIlBLD6McfFehxDV0m5U7qXb5xK3zdUurIhZixKLjbdRrorNInfEvlOh
-vDy+hsF5GSzvn9dRrMAy/QcRPpXU47VNYZ5BfdCBTQKBgQD8VCbdpG5siXSlIjZd
-xypgK1ttp8udTPWC1trnAc+Ku9O+cGmvABxYJA1iR/GDpSfMxglB7OhSecywKrr+
-S7Yjs9e/dyBmvF7U15JJaGp+db2Ct64z7MvqkwSJ5a0qrrZJRFetDdqdH9FPvURs
-B147jbKsPiGcljjXbZlOBHJH9wKBgQDqPqoA3VqYOmvR7Ei8/skY2EOpFpOhSNko
-ARFwUsDNHRk677URH97TCHq5UrwubfCeIcIptXHrMfaTsfq8vPLPykReIMRaknxf
-DULJPHSoeBLrCAZmaWF1JVyYhrLhHNAzQ3u7a/kYIJm87FEZy3Ml6FSZmIGbRBqx
-zqZYKoHs2wKBgQD469tbk7cLg556uYGAidYYAS20w29uwlkAtgxFD9g6OIjuud7I
-MQfFO+uoJOjwwaC9ti+zxY56roVq1PybmP0Zw3T3AQIJ15KFzhQWLte/4U8PATzt
-JJEV2+sCTn3COZDCPpVvttcPYjAOxdwV5j7j6Sl2GeT2oIt6mjg+asyCiQKBgQDk
-LPxu8TBRfv8OMqs8Jrf/EpL9/7b48bxOwpOZJZMXelPcXCm1r6TfTrA1HAmg9Ijh
-kKLQ/CUm5Ll7b3B+L1Qa4r2sLyD11SF/eaxn2BMPFD/hYCTT160ObsF+9h8DN4z7
-kq3RiMDRJth69nuds9fLwj++ipcdhr62G0VgNq/u5wKBgCz/I5J3tPNjrU9YampR
-0gNnUkUfJWbiVMsG9uwL9l0L/ZzQHvELJ523QXQ0v/e/szHCyoX319u8HEQlC0Jw
-Twlj81HDZzruDUB/mcH6Ee3zHKOmmF6ma+CgoYJJElKW89MUttPdmkH2J1QqLz+7
-EGREwqjr8/wm22DzKNiyDXJ0
------END PRIVATE KEY-----