radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix some issues: 

- "main_name" is name/name[0] not filename
- improve some tests
- better proxy protocol handling (not necessary to declare ports twice)
py3
Emilien Mantel 2019-12-30 17:28:34 +01:00
parent 4a2478a4fb
commit 9b286f9b96
2 changed files with 31 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
templates/etc/nginx/sites-available/_base.j2
View File

@ -1,5 +1,5 @@
{% set __proto = item.proto | default(['http']) %} {% set __proto = item.proto | default(['http']) %}
{% set __main_name = item | nginx_site_filename %} {% set __main_name = item | nginx_site_name %}
{% set __listen = item.listen | default(['80', '[::]:80']) %} {% set __listen = item.listen | default(['80', '[::]:80']) %}
{% set __listen_ssl = item.listen_ssl | default(['443', '[::]:443']) %} {% set __listen_ssl = item.listen_ssl | default(['443', '[::]:443']) %}
{% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %} {% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %}
@ -7,9 +7,12 @@
{% set __location = item.location | default({}) %} {% set __location = item.location | default({}) %}
{% set __location_before = item.location_before | default({}) %} {% set __location_before = item.location_before | default({}) %}
{% set __headers = item.headers | default(nginx_servers_default_headers) %} {% set __headers = item.headers | default(nginx_servers_default_headers) %}
{% set __ssl_name = item.ssl_name | default(item.name if item.name is string else item.name[0]) %} {% set __ssl_name = item.ssl_name | default(__main_name) %}
{% set __location_order = item.location_order | default(__location.keys()) %} {% set __location_order = item.location_order | default(__location.keys()) %}
{% set __location_order_before = item.location_order_before | default(__location_before.keys()) %} {% set __location_order_before = item.location_order_before | default(__location_before.keys()) %}
{% set __http2 = nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %}
{% macro listen_http() %}
{% endmacro %}
{% macro server_name(name) %} {% macro server_name(name) %}
{% if name is string %}{{ name }}{% else %}{{ name | join(" ") }}{% endif %} {% if name is string %}{{ name }}{% else %}{{ name | join(" ") }}{% endif %}
{% endmacro %} {% endmacro %}
@ -48,7 +51,10 @@
{% macro httpsredirect(name) %} {% macro httpsredirect(name) %}
server { server {
{% for port in __listen %} {% for port in __listen %}
listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %}; listen {{ port }};
{% endfor %}
{% for port in __http_proxy_protocol_port %}
listen {{ port }} proxy_protocol;
{% endfor %} {% endfor %}
server_name {{ server_name(name) }}; server_name {{ server_name(name) }};
location / { location / {
@ -67,12 +73,18 @@ server {
server { server {
{% if 'http' in __proto %} {% if 'http' in __proto %}
{% for port in __listen %} {% for port in __listen %}
listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %}; listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %};
{% endfor %}
{% for port in __http_proxy_protocol_port %}
listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %} proxy_protocol;
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if 'https' in __proto %} {% if 'https' in __proto %}
{% for port in __listen_ssl %} {% for port in __listen_ssl %}
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %}; listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %};
{% endfor %}
{% for port in __https_proxy_protocol_port %}
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol;
{% endfor %} {% endfor %}
{{ ssl(__ssl_name) }} {{ ssl(__ssl_name) }}
{% if item.ssl_template is not defined or item.ssl_template != false %} {% if item.ssl_template is not defined or item.ssl_template != false %}
@ -84,7 +96,7 @@ server {
{% if item.root is defined %} {% if item.root is defined %}
root {{ item.root }}; root {{ item.root }};
{% else %} {% else %}
root {{ nginx_root }}/{{ __main_name }}/public; root {{ nginx_root }}/{{ item | nginx_site_filename }}/public;
{% endif %} {% endif %}
{% endblock %} {% endblock %}
{% block template_index %} {% block template_index %}
@ -182,18 +194,25 @@ server {
# #
server { server {
{% for port in __listen %} {% for port in __listen %}
listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %}; listen {{ port }};
{% endfor %} {% endfor %}
{% for port in __http_proxy_protocol_port %}
listen {{ port }} proxy_protocol;
{% endfor %}
server_name {{ server_name(item.redirect_from) }}; server_name {{ server_name(item.redirect_from) }};
location / { location / {
return 301 $scheme://{{ item.name if item.name is string else item.name[0] }}$request_uri; return 301 $scheme://{{ __main_name }}$request_uri;
} }
} }
{% if 'https' in __proto %} {% if 'https' in __proto %}
server { server {
{% for port in __listen_ssl %} {% for port in __listen_ssl %}
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %}; listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %};
{% endfor %}
{% for port in __https_proxy_protocol_port %}
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol;
{% endfor %} {% endfor %}
{{ ssl(__ssl_name) }} {{ ssl(__ssl_name) }}
{% if item.ssl_template is not defined or item.ssl_template != false %} {% if item.ssl_template is not defined or item.ssl_template != false %}
@ -201,7 +220,7 @@ server {
{% endif %} {% endif %}
server_name {{ server_name(item.redirect_from) }}; server_name {{ server_name(item.redirect_from) }};
location / { location / {
return 301 https://{{ item.name if item.name is string else item.name[0] }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri; return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
} }
} }
{% endif %} {% endif %}

6
tests/test.yml
View File

@ -147,7 +147,7 @@
- ' DZ no;' - ' DZ no;'
- ' TN no;' - ' TN no;'
- '}' - '}'
nginx_default_site: 'first-test' nginx_default_site: 'test.local'
nginx_default_site_ssl: 'test-ssl-predeployed.local' nginx_default_site_ssl: 'test-ssl-predeployed.local'
nginx_sites: nginx_sites:
- name: - name:
@ -156,7 +156,7 @@
- 'test2-alias.local' - 'test2-alias.local'
template: '_base' template: '_base'
filename : 'first-test' filename : 'first-test'
override_try_files: '$uri $uri /index.htm /index.html' override_try_files: '$uri/ $uri =404'
headers: headers:
'X-Frame-Options': 'deny always' 'X-Frame-Options': 'deny always'
'X-ansible-default': '1' 'X-ansible-default': '1'
@ -264,8 +264,6 @@
- 'www.test-ssl-redirect-many2.local' - 'www.test-ssl-redirect-many2.local'
- name: 'test-ssl-proxy-protocol.local' - name: 'test-ssl-proxy-protocol.local'
proto: ['http', 'https'] proto: ['http', 'https']
listen: [80, 20080]
listen_ssl: [443, 20443]
http_proxy_protocol_port: [20080] http_proxy_protocol_port: [20080]
https_proxy_protocol_port: [20443] https_proxy_protocol_port: [20443]
template: '_base' template: '_base'