radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

⚗️ Modernize role 

- Drop ngrok support
- Do not link legacy tests files
modernize
Emilien Mantel 2025-06-02 10:30:32 +02:00
parent 591f2c6bcb
commit 9a52e83315
10 changed files with 376 additions and 352 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/workflows/molecule.yml vendored
View File

@ -32,11 +32,10 @@ jobs:
path: "${{ github.repository }}" path: "${{ github.repository }}"
- name: Molecule - name: Molecule
uses: gofrolist/molecule-action@v2.3.19 uses: gofrolist/molecule-action@v2.7.62
with: with:
molecule_options: --base-config molecule/_shared/base.yml molecule_options: --base-config molecule/_shared/base.yml
molecule_args: --scenario-name ${{ matrix.scenario }} molecule_args: --scenario-name ${{ matrix.scenario }}
molecule_working_dir: "HanXHX/ansible-nginx"
continue-on-error: ${{ matrix.allowed-to-fail }} continue-on-error: ${{ matrix.allowed-to-fail }}
- name: Fake command - name: Fake command

3
molecule/_shared/base.yml
View File

@ -35,5 +35,8 @@ provisioner:
converge: ../_shared/converge.yml converge: ../_shared/converge.yml
prepare: ../_shared/prepare.yml prepare: ../_shared/prepare.yml
verify: ../_shared/verify.yml verify: ../_shared/verify.yml
inventory:
links:
group_vars: ../_shared/group_vars
verifier: verifier:
name: ansible name: ansible

17
molecule/_shared/converge.yml
View File

@ -1,20 +1,9 @@
--- ---
- name: Converge - name: Converge # noqa: role-name[path]
hosts: all hosts: all
gather_facts: true gather_facts: true
vars_files:
- vars/misc.yml
vars: vars:
nginx_debug_role: true nginx_debug_role: true
tasks: roles:
- name: SHELL | Get ngrok public address - ../../../
ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3
args:
executable: /bin/bash
register: ngrok
changed_when: false
- name: Include role
ansible.builtin.include_role:
name: "hanxhx.nginx"

24
tests/group_vars/all.yml → molecule/_shared/group_vars/all/main.yml
View File

@ -42,8 +42,6 @@ nginx_acmesh: true
nginx_acmesh_test: true nginx_acmesh_test: true
nginx_ssl_pairs: nginx_ssl_pairs:
- name: '{{ ngrok.stdout }}'
acme: true
- name: 'test-ssl-selfsigned.local' - name: 'test-ssl-selfsigned.local'
self_signed: true self_signed: true
force: false force: false
@ -236,17 +234,17 @@ nginx_sites:
ssl_name: 'test-ssl.local' ssl_name: 'test-ssl.local'
headers: headers:
'X-Proxy-Protocol': '1' 'X-Proxy-Protocol': '1'
- name: '{{ ngrok.stdout }}' # - name: '{{ ngrok.stdout }}'
proto: ['http', 'https'] # proto: ['http', 'https']
listen_proxy_protocol: [21080] # listen_proxy_protocol: [21080]
listen_proxy_protocol_ssl: [21443] # listen_proxy_protocol_ssl: [21443]
template: '_base' # template: '_base'
ssl_name: '{{ ngrok.stdout }}' # ssl_name: '{{ ngrok.stdout }}'
headers: # headers:
'X-acme': '1' # 'X-acme': '1'
- name: 'test-custom-template.local' # - name: 'test-custom-template.local'
custom_template: 'templates/custom_template.conf.j2' # custom_template: 'templates/custom_template.conf.j2'
root: '/tmp/custom-template' # root: '/tmp/custom-template'
nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}" nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}"
nginx_dh_length: 1024 nginx_dh_length: 1024

108
molecule/_shared/prepare.yml
View File

@ -3,13 +3,107 @@
- name: Prepare - name: Prepare
hosts: all hosts: all
gather_facts: true gather_facts: true
vars_files:
- vars/misc.yml
tasks: tasks:
- name: APT_REPOSITORY | Install backports
ansible.builtin.apt_repository:
repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main'
state: present
when: nginx_backports is defined and nginx_backports
- name: INCLUDE_TASKS | Pre tasks related to OS - name: APT | Install needed packages
ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml" ansible.builtin.apt:
pkg: "{{ packages }}"
update_cache: true
cache_valid_time: 3600
state: present
vars:
packages:
- cron
- curl
- daemonize
- jq
- nghttp2
- strace
- vim
- unzip
- name: INCLUDE_TASKS | Pre_tasks common - name: APT | Install PHP
ansible.builtin.include_tasks: "../../tests/includes/pre_common.yml" ansible.builtin.apt:
pkg: "{{ pkgs }}"
update_cache: true
cache_valid_time: 3600
state: present
vars:
pkgs:
- php-cli
- php-fpm
- name: SHELL | Get current PHP version # noqa: risky-shell-pipe
ansible.builtin.shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}'
changed_when: false
register: cur_php_version
- name: SERVICE | Ensure PHP-FPM is started
ansible.builtin.service:
name: "php{{ cur_php_version.stdout }}-fpm"
state: started
- name: USER | Create PHP User foo
ansible.builtin.user:
name: foo
system: true
- name: INCLUDE_ROLE | hanxhx.php
ansible.builtin.include_role:
name: "hanxhx.php"
vars:
php_version: "{{ cur_php_version.stdout }}"
php_autoremove_default_pool: false
php_fpm_poold:
- name: 'hx_unix'
user: 'foo'
php_value:
display_errors: 'Off'
php_admin_value:
memory_limit: '98M'
- name: 'hx_ip'
listen: '127.0.0.1:9636'
- name: FILE | Create an internal SSL dir
ansible.builtin.file:
path: "{{ int_ansible_ssl_dir }}"
state: directory
mode: 0750
owner: root
group: root
- name: COPY | Deploy test cert/key
ansible.builtin.copy:
src: "file/{{ item }}"
dest: "{{ int_ansible_ssl_dir }}/{{ item }}"
mode: 0640
owner: root
group: root
loop:
- 'test.key'
- 'test.crt'
- name: COPY | Add all hosts in /etc/hosts
ansible.builtin.copy:
content: |
127.0.0.1 localhost
{% for s in nginx_sites %}
{% if s.name is string %}
127.0.0.1 {{ s.name }}
{% else %}
127.0.0.1 {% for n in s.name %}{{ n }} {% endfor %}
{% endif %}
{% if s.redirect_from is defined %}
127.0.0.1 {% for rf in s.redirect_from %}{{ rf }} {% endfor %}
{% endif %}
{% endfor %}
dest: "/etc/hosts"
mode: 0644
owner: root
group: root
unsafe_writes: true

259
molecule/_shared/vars/misc.yml
View File

@ -1,259 +0,0 @@
---
# Force SysVinit, since systemd won't work in a Docker container
ansible_service_mgr: "sysvinit"
# ----------------------------------------
# Copied from {role_dir}/tests/group_vars/all.yml
# ----------------------------------------
# Internal vars
int_ansible_ssl_dir: '/etc/ansible-ssl'
# Role vars
nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
nginx_apt_package: 'nginx-extras'
nginx_module_packages: ['libnginx-mod-http-headers-more-filter']
nginx_custom_core:
- 'worker_rlimit_nofile 4242;'
nginx_upstreams:
- name: 'test'
servers:
- path: '127.0.0.1:80'
max_conns: 150
weight: 10
down: false
- name: 'test-absent'
servers:
- path: '127.0.0.1:80'
max_conns: 150
weight: 10
down: false
state: 'absent'
nginx_htpasswd:
- name: 'hello'
description: 'Please login!'
users:
- name: 'hx'
password: 'asdfg'
state: 'absent'
- name: 'hanx'
password: 'qwerty'
- name: 'deleteme'
description: 'Please login!'
users: []
state: 'absent'
nginx_acmesh: true
nginx_acmesh_test: true
nginx_ssl_pairs:
- name: '{{ ngrok.stdout }}'
acme: true
- name: 'test-ssl-selfsigned.local'
self_signed: true
force: false
- name:
- 'test-ssl-predeployed.local'
- 'test-multiple-name.local' # Hack: tests for acme with multiple name, without using acme
dest_key: "{{ int_ansible_ssl_dir }}/test.key"
dest_cert: "{{ int_ansible_ssl_dir }}/test.crt"
- name: 'test-ssl.local'
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvavrJWFp3Al2VwRgKx+4Y2mbRRvoxvyd2pyN0xMJ/tCJscaG
8s60v6WZ9FcCOeMkSI2DXsk4z7pbQdQn0h2GDr/5MOJkPAVWSWEN46tpaLZ3v0zp
88ZIbnEk1G0PsdFuW/pnLsakPlAMrl1VArFsV6YsatLt30UIYYcRO97StkoOehCx
A5w+XqtfHZeQZ0/DS81633gwYUcMuSTUFZ60r7ge1/m77DTSKg3rTVk5sebP8cjS
+aWHvxP/GyvvDsT+3gjRJx2/5O3JkfH0zaOsaU2Avj0PR0c5rhynrNO/l1k+GJJB
cbBrM+yA8Ofzp4oXUrCfaIq3RuL3Pd+khcKsiwIDAQABAoIBAQCPpAMQ7BUfbosQ
m1+5SOx7XR8Z12kSSX3CcY12rJSFRakB2TeZ6rE38lIFmV82N67iw0kaH4nGx3sU
/3aoyXMc+IXfX5RJYEFYkQfTw5ywkH9fgQAsfZ2dBlK+DVo1cEYDoj9CTW1VQ4pX
Ape+0l8agd5hiBxdWgpe0ctbbARnx584viLiA/iPBDNxKi9zEYw+WP7hSj5QWahr
a09tubcC4L6tjvv8CoZTRSKfCW64vWRDvE6vmA+zJN9Arc1WTYzF1KO1Gybwf8h7
stJb191smAgGDFhKo0j58ncyAnrS1k4mapm86QQhlfIA6DKvvC0qm3KdQns5b7HM
PyzW0hwBAoGBAO2mTVTOsziom9vtBwM0nRMMEgynR2X3EKMJz2mjcCf66f1F+aQ5
DvQFM2V8S2s1nGnPh8NKKZ8DxW1NKuR4qx82zeAXpUs9ibHxOnw4YRC485zqc2Wt
fSO1OEDYeKyzWP1nGGtCntYUXzJnWn/wz0mBGKzLKTuLwyFIKx1b7bybAoGBAMxR
N+lT57rX6d4GUqcgNOuWMZ/D8egnE5+hsoiFnHOisRLOgUgBBSy4rwAZx+rdHYT+
RO11L1PLYEzyvnO0f13R+N7aqKwNXDSzZGA+jb4pjkVidIC2smG/JYKJH5Z+kakw
mwMKP0wdRZJsCaMgScHmWJS8d6Ox/XJJoWrTWTbRAoGAWJlEgVaiaIArwz1F/QLz
gHNik0cWDkSi9jWlFxwwpycbbypUXM5M7dq2g6JoN6sACk6trbgLdlYgl5RKZm06
VuPGs0H9hOSHXkix5jfasDJT2G9r4D9ixRo9w6cwriobBjYWW3612tgzeYYgrkwn
655uhZUkZSfA8rqGIGbyZfsCgYAf5WH8G+wmIATTc1s92epJCOZwUY+XNVp75itP
4sPczX4lOHW4PuiG5cH0GxI5mRE9rNAn3c5on2xGNvMCbyAfDmNyruH8Eg3d8E9w
MvO/xw79x/P2EA9i8QszCKMUxGeK6RqZ6+SbxkoRJKqQe77n9UTI228179hoGhSH
77ySsQKBgQC8SSZn6a8PpSIIFXB9WCFMwfGFYbUz0wvpaeZP8GKx3BEzMeJqSUaJ
hrQgpwQXkueeamlCQcvV3AUCoBRWTYRLDrWiUIXuIgikDWBFp6TBvTnVRI7iktly
fNED7jXOSjJqnFmdkZlAI5V8dM++mVYVykJD6jcaVRQvxqFLrhSaRg==
-----END RSA PRIVATE KEY-----
cert: |
-----BEGIN CERTIFICATE-----
MIIDBTCCAe2gAwIBAgIJALKJfbk5vuieMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNV
BAMMDnRlc3Qtc3NsLmxvY2FsMB4XDTE2MDExMTE2NDI0NFoXDTI2MDEwODE2NDI0
NFowGTEXMBUGA1UEAwwOdGVzdC1zc2wubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9q+slYWncCXZXBGArH7hjaZtFG+jG/J3anI3TEwn+0Imx
xobyzrS/pZn0VwI54yRIjYNeyTjPultB1CfSHYYOv/kw4mQ8BVZJYQ3jq2lotne/
TOnzxkhucSTUbQ+x0W5b+mcuxqQ+UAyuXVUCsWxXpixq0u3fRQhhhxE73tK2Sg56
ELEDnD5eq18dl5BnT8NLzXrfeDBhRwy5JNQVnrSvuB7X+bvsNNIqDetNWTmx5s/x
yNL5pYe/E/8bK+8OxP7eCNEnHb/k7cmR8fTNo6xpTYC+PQ9HRzmuHKes07+XWT4Y
kkFxsGsz7IDw5/OnihdSsJ9oirdG4vc936SFwqyLAgMBAAGjUDBOMB0GA1UdDgQW
BBRaSF1L+ivPhmIVGQjtviBqZWDS9DAfBgNVHSMEGDAWgBRaSF1L+ivPhmIVGQjt
viBqZWDS9DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCjrgB9+Zuq
Rx7T2mRUl4jf75dLabuBQD0ePALTtvNyBSghhzSr90mE7GlFOYAv0JsmEa3R1LVF
wLPIdrIhNHpt7hN0PkhUlfgmxBnRSCfhpiq4xxsDVFM7ehtDz4+dv1LUDMXo07+E
f24g9aqmypiFzHisUQrYIhtQmHxRpKyGp6kDAW9qNxg6k/Um00aHdYfuD9ER4ksR
f8Hto7f+vssKxCRY2OZXqq13PxEwC5+hgAUkTdrycA/moXFuHJi3lCnCND7sSzvG
tXBggOusyFZFC4bs2m+V+Z+RN+tK2c/c0nq5HR8MV5HwIm4Z8GoT2/0BfJ00cgWL
lVz0gDBfdH8f
-----END CERTIFICATE-----
nginx_custom_http:
- 'add_header X-ansible 1;'
- 'geoip_country {% if ansible_os_family == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
- 'map $geoip_country_code $allowed_country {'
- ' default yes;'
- ' MA no;'
- ' DZ no;'
- ' TN no;'
- '}'
nginx_default_site: 'test.local'
nginx_default_site_ssl: 'test-ssl-predeployed.local'
nginx_sites:
- name:
- 'test.local'
- 'test-alias.local'
- 'test2-alias.local'
template: '_base'
filename: 'first-test'
override_try_files: '$uri/ $uri =404'
headers:
'X-Frame-Options': 'deny always'
'X-ansible-default': '1'
manage_local_content: false
use_error_log: true
more:
- 'autoindex off;'
location:
'/test':
- 'return 403;'
'/gunther':
- 'return 404;'
'/status':
- 'stub_status on;'
- 'access_log off;'
- 'allow 127.0.0.1;'
- 'deny all;'
- name: 'test-htpasswd.local'
template: '_base'
location_before:
'/hello':
- htpasswd: 'hello'
location:
'/public':
- htpasswd: false
use_error_log: true
- name: 'test-htpasswd-all.local'
template: '_base'
htpasswd: 'hello'
- name: 'test-location.local'
template: '_base'
location_before:
'/b':
- 'alias /var/tmp;'
'/c':
- 'alias /var/tmp;'
location:
'/':
- 'alias /var/tmp;'
'/a':
- 'alias /var/tmp;'
location_order_before:
- '/b'
- '/c'
location_order:
- '/'
- '/a'
- name: 'test-php.local'
php_upstream: "manual"
upstream_params:
- 'fastcgi_param FOO bar;'
redirect_from:
- 'www.test-php.local'
template: '_php'
use_error_log: true
use_access_log: true
- name: 'test-php-index.local'
template: '_php_index'
php_upstream: 'hx_unix'
- name: 'test-php-index2.local'
template: '_php_index2'
php_upstream: 'hx_ip'
- name: 'test-proxy.local'
listen:
- 8080
template: '_proxy'
upstream_name: 'test'
headers:
'X-proxyfied': '1'
- name: 'deleted.local'
state: 'absent'
- name: 'redirect-to.local'
redirect_to: 'http://test.local'
- name: 'test-ssl.local'
proto: ['http', 'https']
template: '_base'
- name:
- 'test-ssl-selfsigned.local'
- 'www.test-ssl-selfsigned.local'
proto: ['http', 'https']
template: '_base'
hsts: 'max-age=1664;'
- name: 'test-ssl-predeployed.local'
proto: ['http', 'https']
template: '_base'
ssl_name: 'test-ssl-predeployed.local'
headers:
'X-ansible-default': '1'
ssl_template: false
- name: 'test-ssl-redirect.local'
proto: ['https']
template: '_base'
ssl_name: 'test-ssl.local'
redirect_https: true
- name:
- 'test-ssl-redirect-many.local'
- 'test-ssl-redirect-many2.local'
listen_ssl: [8443]
proto: ['https']
template: '_base'
ssl_name: 'test-ssl.local'
redirect_https: true
redirect_from:
- 'www.test-ssl-redirect-many.local'
- 'www.test-ssl-redirect-many2.local'
- name: 'test-ssl-proxy-protocol.local'
proto: ['http', 'https']
listen_proxy_protocol: [20080]
listen_proxy_protocol_ssl: [20443]
template: '_base'
ssl_name: 'test-ssl.local'
headers:
'X-Proxy-Protocol': '1'
- name: '{{ ngrok.stdout }}'
proto: ['http', 'https']
listen_proxy_protocol: [21080]
listen_proxy_protocol_ssl: [21443]
template: '_base'
ssl_name: '{{ ngrok.stdout }}'
headers:
'X-acme': '1'
- name: 'test-custom-template.local'
custom_template: 'templates/custom_template.conf.j2'
root: '/tmp/custom-template'
nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}"
nginx_dh_length: 1024

265
molecule/_shared/verify.yml
View File

@ -3,17 +3,264 @@
- name: Verify - name: Verify
hosts: all hosts: all
gather_facts: true gather_facts: true
vars_files:
- vars/misc.yml
vars: vars:
nginx_root: "/srv/www" nginx_root: "/srv/www"
tasks: tasks:
- name: SHELL | Get ngrok public address # --------------------------------
ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3 # Deploy index files
args: # --------------------------------
executable: /bin/bash - name: -- Add PHP file --
register: ngrok ansible.builtin.copy:
dest: "{{ nginx_root }}/{{ item }}/public/index.php"
content: "<?php phpinfo();"
mode: 0644
owner: root
group: root
loop:
- 'test-php.local'
- 'test-php-index.local'
- 'test-php-index2.local'
- name: -- Add Directories --
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: 0755
loop:
- "{{ nginx_root }}/test-htpasswd.local/public/hello"
- "/tmp/custom-template"
- name: -- Add HTML file --
ansible.builtin.copy:
dest: "{{ item }}/index.html"
content: "Index HTML test OK\n"
mode: 0644
owner: root
group: root
loop:
- '{{ nginx_root }}/first-test/public'
- '/var/tmp'
- '{{ nginx_root }}/test-htpasswd-all.local/public'
- '{{ nginx_root }}/test-ssl.local/public'
- '{{ nginx_root }}/test-ssl-selfsigned.local/public'
- '{{ nginx_root }}/test-ssl-predeployed.local/public'
- '{{ nginx_root }}/test-ssl-proxy-protocol.local/public'
- name: -- Create directory --
ansible.builtin.file:
path: "{{ nginx_root }}/test-htpasswd.local/public/hello"
state: directory
mode: 0755
owner: root
group: root
- name: -- Add HTML file hello --
ansible.builtin.copy:
dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html"
content: "hello\n"
mode: 0644
owner: root
group: root
# --------------------------------
# Test custom facts
# --------------------------------
- name: -- CHECK FACTS --
ansible.builtin.assert:
that: "ansible_local.nginx.fact_nginx_sites[0].name[0] == 'test.local'"
# --------------------------------
# Simple sites tests
# --------------------------------
- name: -- VERIFY SITES --
ansible.builtin.uri:
url: "http://{{ item | nginx_site_name }}{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
status_code: '200,301,302,401,403'
follow_redirects: none
loop: "{{ nginx_sites }}"
when: item.state is undefined or item.state != "absent"
changed_when: false changed_when: false
- name: INCLUDE_TASKS | Post_tasks common - name: -- VERIFY FORBIDDEN --
ansible.builtin.include_tasks: "../../tests/includes/post_common.yml" ansible.builtin.uri:
url: "http://test-php-index.local/phpinfo.php"
status_code: 403
- name: -- VERIFY REDIRECT SITES --
ansible.builtin.uri:
url: "http://{{ item.redirect_from[0] }}/"
status_code: 301
follow_redirects: none
loop: "{{ nginx_sites }}"
when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and (item.proto is not defined or 'https' not in item.proto)
changed_when: false
- name: -- VERIFY REDIRECT HTTPS SITES --
ansible.builtin.uri:
url: "https://{{ item.redirect_from[0] }}:{{ item.listen_ssl[0] | default(443) }}/"
status_code: 301
follow_redirects: none
validate_certs: false
loop: "{{ nginx_sites }}"
when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and item.proto is defined and 'https' in item.proto
changed_when: false
# --------------------------------
# PHP
# --------------------------------
- name: -- VERIFY PHP SITES --
ansible.builtin.uri:
url: "http://{{ item.name }}/"
return_content: true
register: p
loop: "{{ nginx_sites }}"
when: >
item.template is defined and
(item.template == '_php' or item.template == '_php_index' or item.template == '_php_index2')
failed_when: p.content.find('PHP Version') == -1
- name: -- VERIFY INDEX2 --
ansible.builtin.uri:
url: "http://test-php-index2.local/lorem.php?ipsum=sit&dolor=amet"
return_content: true
register: p2
failed_when: p2.content.find('PHP Version') == -1
# --------------------------------
# Basic Auth
# --------------------------------
- name: -- VERIFY AUTH BASIC NONE --
ansible.builtin.uri:
url: "http://test-htpasswd.local/hello/"
status_code: 401
- name: -- VERIFY AUTH BASIC FAIL --
ansible.builtin.uri:
url: "http://test-htpasswd.local/hello/"
status_code: 401
user: "fail"
password: "fail"
force_basic_auth: true
- name: -- VERIFY AUTH BASIC OK --
ansible.builtin.uri:
url: "http://test-htpasswd.local/hello/"
user: "hanx"
password: "qwerty"
force_basic_auth: true
- name: -- VERIFY AUTH BASIC FAIL GLOBAL --
ansible.builtin.uri:
url: "http://test-htpasswd-all.local/"
status_code: 401
user: "fail"
password: "fail"
force_basic_auth: true
- name: -- VERIFY AUTH BASIC OK GLOBAL --
ansible.builtin.uri:
url: "http://test-htpasswd-all.local/"
user: "hanx"
password: "qwerty"
force_basic_auth: true
# --------------------------------
# SSL
# --------------------------------
- name: -- VERIFY SSL --
ansible.builtin.uri:
url: "https://{{ item }}/"
return_content: true
validate_certs: false
register: sslok
failed_when: sslok.content.find('Index HTML test OK') == -1
loop:
- 'test-ssl-predeployed.local'
- 'test-ssl-selfsigned.local'
- 'test-ssl.local'
- name: -- VERIFY SSL REDIRECT --
ansible.builtin.uri:
url: "http://{{ item.name }}/"
validate_certs: false
status_code: 301
return_content: true
follow_redirects: none
register: sslredirok
failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location'
loop:
- name: 'test-ssl-redirect.local'
- name: 'test-ssl-redirect-many.local'
port: '8443'
- name: 'test-ssl-redirect-many2.local'
port: '8443'
# --------------------------------
# Default sites
# --------------------------------
- name: -- VERIFY DEFAULT SITE --
ansible.builtin.uri:
url: 'http://127.0.0.1/'
return_content: true
register: vdefault
failed_when: >
vdefault.content.find('Index HTML test OK') == -1 or
vdefault.x_ansible_default is not defined
- name: -- VERIFY DEFAULT SITE + STUB STATUS--
ansible.builtin.uri:
url: 'http://127.0.0.1/status'
return_content: true
register: vdefault_status
failed_when: >
vdefault_status.content.find('Active connections') == -1 or
vdefault_status.x_ansible_default is not defined
- name: -- VERIFY DEFAULT SSL SITE --
ansible.builtin.uri:
url: 'https://127.0.0.1/'
return_content: true
validate_certs: false
register: vdefault
failed_when: >
vdefault.content.find('Index HTML test OK') == -1 or
vdefault.x_ansible_default is not defined
- name: -- VERIFY NOT DEFAULT SITE --
ansible.builtin.uri:
url: 'http://test-php.local/'
return_content: true
register: vphp
failed_when: vphp.x_ansible_default is defined
- name: -- VERIFY NOT DEFAULT SSL SITE --
ansible.builtin.uri:
url: 'https://test-ssl.local/'
return_content: true
validate_certs: false
register: notdefaultssl
failed_when: notdefaultssl.x_ansible_default is defined
# --------------------------------
# Check Proxy protocol
# --------------------------------
- name: SHELL | Check HTTP proxy protocol
ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
args:
executable: /bin/bash
changed_when: false
- name: SHELL | Check HTTPS proxy protocol
ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
args:
executable: /bin/bash
changed_when: false
# --------------------------------
# Check HTTP2
# --------------------------------
- name: SHELL | Check HTTP2
ansible.builtin.shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2
args:
executable: /bin/bash
changed_when: false

2
tasks/ssl/acme.yml
View File

@ -13,7 +13,7 @@
- name: SET_FACT | Assign var with certificates to create - name: SET_FACT | Assign var with certificates to create
ansible.builtin.set_fact: ansible.builtin.set_fact:
acme_create: "{{ acme_create | default([]) + [(item.item)] }}" acme_create: "{{ acme_create | default([]) + [item.item] }}"
loop: "{{ acme_installed_certs.results }}" loop: "{{ acme_installed_certs.results }}"
when: item.skipped is not defined and (not item.stat.exists or item.stat.size == 0) when: item.skipped is not defined and (not item.stat.exists or item.stat.size == 0)

19
tests/file/test.crt
View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDHTCCAgWgAwIBAgIJAJzUwbFlhyxIMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNV
BAMMGnRlc3Qtc3NsLXByZWRlcGxveWVkLmxvY2FsMB4XDTE2MDExMjE2MDUxNVoX
DTI2MDEwOTE2MDUxNVowJTEjMCEGA1UEAwwadGVzdC1zc2wtcHJlZGVwbG95ZWQu
bG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm4q94vffiU89G
GO7rjDfr3C32tH9sM5sXqJT+7N5BLYLF0iSRIvy33MtwFu//TV3f+8nLlQuHYVVk
L6NEvaL8lh+nRexCQ/y+aXMh7lMhuwPXGgPR1LXsTqyDXbmV9c7k/Kwx5qHAcOb9
d9YzmcOSO4M9v3WMl/4Zw2J7zNYruypxNBgFEwFx3NJ3AztACMYoVOIR5mS8ARX6
xea4ddii1F41Vch+eiCGP9VZwDhEujhjy9PXvdBtYNwggM6d82Df9wwaFyIW5DU4
PhpgAngvE2keY0GLy/LaXa6LAW+TCfPMRT2RtDuvqWr+useWF+O3n81TZqM/G7LV
9iPxkkRNAgMBAAGjUDBOMB0GA1UdDgQWBBSzXW5UY02/S0xrrobZCVOhas6VeDAf
BgNVHSMEGDAWgBSzXW5UY02/S0xrrobZCVOhas6VeDAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQC0+Tr0w9aG4f3LG3+WRGKfMopKICNEkA7JrPrvVUq8
7UgtdrpOUZAL5AKxVVo1rHDdoL/VpjdqHdhyPzaSUl8hppCFsWmdQh4wLKGoyvcN
AqSGpXTeLSoFJ357F2OIQpXm2lfT2fVGebwyCNFkwpp7klFnmOusSl2/v5Y5cz+A
WvWrDg3jsNglx3mNLVcjbOSnen2PsZSmcVo27D0el6oDju8jjstyJ+Dvu0WP+CDL
s/VolFdbei7d4r2dj86OZ/BCZurltyc0wI3NMOdUuA7q4f1MPTRu7qr/ua5ItK92
Avc+Gjn/Y/aIhzKpPicJQDK6FzxjfhCc8xtk0EjB4IpP
-----END CERTIFICATE-----

28
tests/file/test.key
View File

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDm4q94vffiU89G
GO7rjDfr3C32tH9sM5sXqJT+7N5BLYLF0iSRIvy33MtwFu//TV3f+8nLlQuHYVVk
L6NEvaL8lh+nRexCQ/y+aXMh7lMhuwPXGgPR1LXsTqyDXbmV9c7k/Kwx5qHAcOb9
d9YzmcOSO4M9v3WMl/4Zw2J7zNYruypxNBgFEwFx3NJ3AztACMYoVOIR5mS8ARX6
xea4ddii1F41Vch+eiCGP9VZwDhEujhjy9PXvdBtYNwggM6d82Df9wwaFyIW5DU4
PhpgAngvE2keY0GLy/LaXa6LAW+TCfPMRT2RtDuvqWr+useWF+O3n81TZqM/G7LV
9iPxkkRNAgMBAAECggEAEEeZkczrRpUcP1gQuKEZbFMJFqUhevKkk+V6JAN1pGje
GK65j1ZFNX2nBo9Hetvsq5doYidvOat+RuMpAvbQIDlBoBzJDN8YWiC7UoAocm9q
VOdrr4btEO13MogQRuefH/xE8/vMGfKcBvFFNDw6UvxJQ7hVRIWPECf7sLj/vPOC
OpMKghxcabQqidMPKyyHVPhQjuIvqW/SqBFpD+Ul0Ja1QGdx+p+/EwVmXnei6Kr8
/ypULreHqIlBLD6McfFehxDV0m5U7qXb5xK3zdUurIhZixKLjbdRrorNInfEvlOh
vDy+hsF5GSzvn9dRrMAy/QcRPpXU47VNYZ5BfdCBTQKBgQD8VCbdpG5siXSlIjZd
xypgK1ttp8udTPWC1trnAc+Ku9O+cGmvABxYJA1iR/GDpSfMxglB7OhSecywKrr+
S7Yjs9e/dyBmvF7U15JJaGp+db2Ct64z7MvqkwSJ5a0qrrZJRFetDdqdH9FPvURs
B147jbKsPiGcljjXbZlOBHJH9wKBgQDqPqoA3VqYOmvR7Ei8/skY2EOpFpOhSNko
ARFwUsDNHRk677URH97TCHq5UrwubfCeIcIptXHrMfaTsfq8vPLPykReIMRaknxf
DULJPHSoeBLrCAZmaWF1JVyYhrLhHNAzQ3u7a/kYIJm87FEZy3Ml6FSZmIGbRBqx
zqZYKoHs2wKBgQD469tbk7cLg556uYGAidYYAS20w29uwlkAtgxFD9g6OIjuud7I
MQfFO+uoJOjwwaC9ti+zxY56roVq1PybmP0Zw3T3AQIJ15KFzhQWLte/4U8PATzt
JJEV2+sCTn3COZDCPpVvttcPYjAOxdwV5j7j6Sl2GeT2oIt6mjg+asyCiQKBgQDk
LPxu8TBRfv8OMqs8Jrf/EpL9/7b48bxOwpOZJZMXelPcXCm1r6TfTrA1HAmg9Ijh
kKLQ/CUm5Ll7b3B+L1Qa4r2sLyD11SF/eaxn2BMPFD/hYCTT160ObsF+9h8DN4z7
kq3RiMDRJth69nuds9fLwj++ipcdhr62G0VgNq/u5wKBgCz/I5J3tPNjrU9YampR
0gNnUkUfJWbiVMsG9uwL9l0L/ZzQHvELJ523QXQ0v/e/szHCyoX319u8HEQlC0Jw
Twlj81HDZzruDUB/mcH6Ee3zHKOmmF6ma+CgoYJJElKW89MUttPdmkH2J1QqLz+7
EGREwqjr8/wm22DzKNiyDXJ0
-----END PRIVATE KEY-----