Renaming variables *vhost* -> *site*

Vhost is an Apache configuration, not Nginx. Manages backward compatibility.
2017-04-25 12:27:08 +02:00 · 2017-04-25 12:27:08 +02:00 · cbdfc741ba
parent a60e81cc1f
commit cbdfc741ba
14 changed files with 83 additions and 68 deletions
--- a/README.md
+++ b/README.md
@ -8,11 +8,11 @@ Install and configure Nginx on Debian/FreeBSD.
 Features:

 - SSL/TLS "hardened" support
- Manage basic auth on vhost / location
+- Manage basic auth on site / location
 - Proxy + Upstream
 - Fast PHP configuration
- Preconfigured vhost templates (should work on many app)
- Auto-configure HTTP2 on SSL/TLS vhosts
+- Preconfigured site templates (should work on many app)
+- Auto-configure HTTP2 on SSL/TLS sites
 - Manage dynamic modules (install and loading)
 - Deploy custom facts.d with sites config
 - Can listen with proxy protocol
@ -63,7 +63,7 @@ Last updates from Debian backports loads modules from /etc/nginx/modules-enabled
 Fine configuration
 ------------------

-[Vhost configuration](doc/vhost.md)
+[Site configuration](doc/site.md)

 [PHP configuration](doc/php.md)

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -16,8 +16,8 @@ nginx_resolver_valid: '300s'
 nginx_resolver_timeout: '5s'
 nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
 nginx_auto_config_httpv2: true
-nginx_default_vhost: null
-nginx_default_vhost_ssl: null
+nginx_default_site: null
+nginx_default_site_ssl: null
 nginx_fastcgi_fix_realpath: true

 #
@ -91,9 +91,9 @@ nginx_http_gzip_disable: '"msie6"'
 nginx_custom_http: []

 #
-# Vhosts
+# Sites
 #
-nginx_vhosts: []
+nginx_sites: []

 #
 # htpasswd
--- a/doc/auth.md
+++ b/doc/auth.md
@ -4,7 +4,7 @@ Auth Basic management
 Description
 -----------

-Auth basic is managed in a separate list. Each auth file can be shared between locations or vhosts.
+Auth basic is managed in a separate list. Each auth file can be shared between locations or sites.

 Each htpasswd has few keys:

@ -19,8 +19,8 @@ Example
 -------

 ```yaml
-nginx_vhosts:
-# htpasswd on all vhost
+nginx_sites:
+# htpasswd on all site
  - name: test.local
    htpasswd: 'hello'
    template: '_base'
--- a/doc/vhost.md
+++ b/doc/vhost.md
@ -1,17 +1,17 @@
-Vhost management
-================
+Site management
+===============

 You can see many examples in: [tests/test.yml](../tests/test.yml).

-`nginx_vhosts`: List of dict. A vhost has few keys. See bellow.
+`nginx_sites`: List of dict. A site has few keys. See bellow.

 Common
 ------

 - `name`: (M) Domain or list of domain used.
- `template`: (D) template used to create vhost. Optional if you set `delete` to true or using `redirect_tor`.
+- `template`: (D) template used to create site. Optional if you set `delete` to true or using `redirect_tor`.
 - `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation.
- `state`: (O) Vhost status. Can be "present" (default), "absent" and "disabled".
+- `state`: (O) Site status. Can be "present" (default), "absent" and "disabled".
 - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
 - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
 - `headers`: (O) Set additionals header as key/value list. You can append "always" to the value. Show [nginx doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html).
@ -23,7 +23,7 @@ Common
 - `upstream_params`: (O) Add upstream params (useful when you want to pass variables to PHP)
 - `override_try_files`: (O) overrides default try\_files defined in template
 - `manage_local_content`: (O) Boolean. Set to false if you do not want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature.
- `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all vhost. Set "false" to disable.
+- `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all site. Set "false" to disable.
 - `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support.
 - `ssl_name`: (D) name of the key used when using TLS/SSL. Optional when `proto` contains "https". If you don't set this value, it will search by `name`.
 - `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false".
@ -57,17 +57,17 @@ About proxy template

 Proxy template allow you to use Nginx as reverse proxy. Usefull when you have an application service such as Redmine, Jenkins...

-You have many key added to vhost key:
+You have many key added to site key:

 - `upstream_name`: (O) upstream name used to pass proxy
- `proxy_params`: (M) list of raw params passed to the vhost
+- `proxy_params`: (M) list of raw params passed to the site

 (O) : Optional

-Default vhosts
+Default sites
 --------------

-You can manage default vhost by setting domain name to these variables.
+You can manage default site by setting domain name to these variables.

- `nginx_default_vhost`
- `nginx_default_vhost_ssl`
+- `nginx_default_site`
+- `nginx_default_site_ssl`
--- a/doc/ssl.md
+++ b/doc/ssl.md
@ -33,7 +33,7 @@ Tips
 ----

 - Deploying key/cert is not mandatory with this role. You can manage it in other place ([letsencrypt](https://letsencrypt.org/)? :)). You just need to set `dest_cert` and `dest_key`!
- In `nginx_vhosts`, `ssl_name` is mandatory. This role will search in `nginx_ssl_pairs` with vhost `name` (first in list if it's a list).
+- In `nginx_sites`, `ssl_name` is mandatory. This role will search in `nginx_ssl_pairs` with site `name` (first in list if it's a list).

 Diffie-Hellman
 --------------
@ -44,7 +44,7 @@ Example
 -------

 ```yaml
-nginx_vhosts;
+nginx_sites;
  - name: 'test-ssl.local'
    proto: ['http', 'https']
    template: '_base'
--- a/doc/upstream.md
+++ b/doc/upstream.md
@ -8,7 +8,7 @@ Note: Few params are unavailable on old Nginx version. But this role do _not_ pu
 Upstream params
 ---------------

- `name`: upstream name. Can be use in vhost with *proxy_pass http://upstream_name*
+- `name`: upstream name. Can be use in site with *proxy_pass http://upstream_name*
 - `params`: list of param (hash, zone...)
 - `servers`: each upstream MUST have at least 1 server
 - `state`: Optional. Can be 'absent' or 'present'
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -25,6 +25,5 @@
 - name: INCLUDE | SSL configuration
  include: ssl.yml

- name: INCLUDE | Vhosts configuration
-  include: vhost.yml
-
+- name: INCLUDE | Sites configuration
+  include: site.yml
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@ -1,5 +1,20 @@
 ---

+- name: SET_FACT | Backward compatibility (nginx_vhosts)
+  set_fact:
+    nginx_sites: "{{ nginx_vhosts }}"
+  when: nginx_vhosts is defined
+
+- name: SET_FACT | Backward compatibility (nginx_default_vhost_ssl)
+  set_fact:
+    nginx_default_site_ssl: "{{ nginx_default_vhost_ssl }}"
+  when: nginx_default_vhost_ssl is defined
+
+- name: SET_FACT | Backward compatibility (nginx_default_vhost)
+  set_fact:
+    nginx_default_site: "{{ nginx_default_vhost }}"
+  when: nginx_default_vhost is defined
+
 - name: SHELL | Get Nginx version
  shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
  args:
--- a/tasks/vhost.yml
+++ b/tasks/vhost.yml
@ -1,82 +1,82 @@
 ---

 - name: FAIL | Check filenames
-  fail: msg="Forbidden keyword default on vhost {{ item.name if item.name is string else item.name[0] }}"
+  fail: msg="Forbidden keyword default on site {{ item.name if item.name is string else item.name[0] }}"
  when: item.filename is defined and item.filename == 'default'
-  with_items: "{{ nginx_vhosts }}"
+  with_items: "{{ nginx_sites }}"

 - name: FAIL | Check HTTPS redir and proto
  fail: msg="You can't have HTTP proto and HTTPS redirection at the same time"
  when: >
    ((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and
    (item.redirect_http is defined and item.redirect_http)
-  with_items: "{{ nginx_vhosts }}"
+  with_items: "{{ nginx_sites }}"

 - name: FILE | Create root directory
  file: >
    path={{ nginx_root }}
    state=directory

- name: FILE | Create root public folders (foreach nginx_vhosts)
+- name: FILE | Create root public folders (foreach nginx_sites)
  file: >
    path={{ nginx_root }}/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}/public
    state=directory
    owner={{ item.owner | default(nginx_user) }}
    group={{ item.group | default(nginx_user) }}
    mode={{ item.mode | default('0755') }}
-  with_items: "{{ nginx_vhosts }}"
+  with_items: "{{ nginx_sites }}"
  when: >
    item.root is not defined and
    (item.template is defined and item.template not in nginx_templates_no_dir) and
    (item.state is not defined or not item.state != 'absent') and
    item.redirect_to is not defined

- name: TEMPLATE | Create vhosts
+- name: TEMPLATE | Create sites
  template: >
    src=etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2
    dest={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
-  with_items: "{{ nginx_vhosts }}"
+  with_items: "{{ nginx_sites }}"
  notify: ['reload nginx', 'restart nginx freebsd']
  when: item.state is not defined or item.state != 'absent'

- name: FILE | Delete vhosts
+- name: FILE | Delete sites
  file: path={{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0.filename | default(item.0.name if item.0.name is string else item.0.name[0]) }} state=absent
  with_nested:
-    - "{{ nginx_vhosts }}"
+    - "{{ nginx_sites }}"
    - ['sites-available', 'sites-enabled']
  notify: ['reload nginx', 'restart nginx freebsd']
  when: item.state is defined and item.state == 'absent'

- name: FILE | Enable vhosts
+- name: FILE | Enable sites
  file: >
    src={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
    dest={{ nginx_etc_dir }}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
    state=link
-  with_items: "{{ nginx_vhosts }}"
+  with_items: "{{ nginx_sites }}"
  notify: ['reload nginx', 'restart nginx freebsd']
  when: >
    item.state is not defined or item.state == 'present'

- name: FILE | Disable vhosts
+- name: FILE | Disable sites
  file: path={{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }} state=absent
-  with_items: "{{ nginx_vhosts }}"
+  with_items: "{{ nginx_sites }}"
  notify: ['reload nginx', 'restart nginx freebsd']
  when: item.state is defined and item.state == 'disabled'

- name: FILE | Delete default vhost when explicitely defined
+- name: FILE | Delete default site when explicitely defined
  file: >
    path={{ nginx_etc_dir }}/sites-enabled/default
    state=absent
  notify: ['reload nginx', 'restart nginx freebsd']
-  when: nginx_default_vhost is not none
+  when: nginx_default_site is not none

- name: FILE | Auto set default vhost
+- name: FILE | Auto set default site
  file: >
    src={{ nginx_etc_dir }}/sites-available/default
    dest={{ nginx_etc_dir }}/sites-enabled/default
    state=link
  notify: ['reload nginx', 'restart nginx freebsd']
-  when: nginx_default_vhost is none
+  when: nginx_default_site is none

 - name: TEMPLATE | Deploy facts
  template:
--- a/templates/etc/ansible/facts.d/nginx.fact.j2
+++ b/templates/etc/ansible/facts.d/nginx.fact.j2
@ -1,4 +1,4 @@
 {
-       "fact_nginx_vhosts":
-       {{ nginx_vhosts | to_nice_json(indent=8) }}
+       "fact_nginx_sites":
+       {{ nginx_sites | to_nice_json(indent=8) }}
 }
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@ -42,12 +42,12 @@ server {
 server {
 {% if 'http' in __proto %}
 {% for port in __listen %}
-	listen {{ port }}{% if nginx_default_vhost == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+	listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
 {% endfor %}
 {% endif %}
 {% if 'https' in __proto %}
 {% for port in __listen_ssl %}
-	listen {{ port }}{% if nginx_default_vhost_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %};
+	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %};
 {% endfor %}
 {{ ssl(__ssl_name) }}
 {% if item.ssl_template is not defined or item.ssl_template != false %}
--- a/tests/test.yml
+++ b/tests/test.yml
@ -115,8 +115,9 @@
      - '    DZ no;'
      - '    TN no;'
      - '}'
-    nginx_default_vhost: 'first-test'
-    nginx_default_vhost_ssl: 'test-ssl-predeployed.local'
+    nginx_default_site: 'first-test'
+    nginx_default_site_ssl: 'test-ssl-predeployed.local'
+# TODO: nginx_vhosts -> nginx_sites (for now check backward compatibility)
    nginx_vhosts:
      - name:
          - 'test.local'
@ -255,13 +256,13 @@
 # --------------------------------
    - name: -- CHECK FACTS --
      assert:
-        that: "'{{ ansible_local.nginx.fact_nginx_vhosts[0].name[0] }}' == 'test.local'"
+        that: "'{{ ansible_local.nginx.fact_nginx_sites[0].name[0] }}' == 'test.local'"
 # --------------------------------
-# Simple vhosts tests
+# Simple sites tests
 # --------------------------------
-    - name: -- VERIFY VHOSTS --
+    - name: -- VERIFY SITES --
      command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
-      with_items: "{{ nginx_vhosts }}"
+      with_items: "{{ nginx_sites }}"
      when: item.state is undefined or item.state != "absent"
      changed_when: false
    - name: -- VERIFY FORBIDDEN --
@ -269,9 +270,9 @@
      register: f
      failed_when: f.stdout.find('403 Forbidden') == -1
      changed_when: false
-    - name: -- VERIFY REDIRECT VHOSTS --
+    - name: -- VERIFY REDIRECT SITES --
      command: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
-      with_items: "{{ nginx_vhosts }}"
+      with_items: "{{ nginx_sites }}"
      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent")
      changed_when: false
      register: r
@ -280,7 +281,7 @@
 # --------------------------------
 # PHP
 # --------------------------------
-    - name: -- VERIFY PHP5 VHOSTS (implicit default) --
+    - name: -- VERIFY PHP5 SITES (implicit default) --
      command: "curl -H 'Host: {{ item }}' http://127.0.0.1/"
      register: p
      changed_when: false
@ -288,7 +289,7 @@
      with_items: ['test-php-index.local']
      when: nginx_php56

-    - name: -- VERIFY PHP7 VHOSTS --
+    - name: -- VERIFY PHP7 SITES --
      command: "curl -H 'Host: {{ item }}' http://127.0.0.1/"
      register: p
      changed_when: false
@ -394,33 +395,33 @@
          port: '8443'

 # --------------------------------
-# Default vhosts
+# Default sites
 # --------------------------------
-    - name: -- VERIFY DEFAULT VHOST --
+    - name: -- VERIFY DEFAULT SITE --
      command: "curl -v http://127.0.0.1/"
      changed_when: false
      register: vdefault
      failed_when: >
        vdefault.stdout.find('Index HTML test OK') == -1 or
        vdefault.stderr.find('X-ansible-default') == -1
-    - name: -- VERIFY DEFAULT SSL VHOST --
+    - name: -- VERIFY DEFAULT SSL SITE --
      command: "curl --insecure -v https://127.0.0.1/"
      changed_when: false
      register: defaultssl
      failed_when: >
        defaultssl.stdout.find('Index HTML test OK') == -1 or
        defaultssl.stderr.find('X-ansible-default') == -1
-    - name: -- VERIFY NOT DEFAULT VHOST --
+    - name: -- VERIFY NOT DEFAULT SITE --
      command: "curl -v -H 'Host: test-php.local' http://127.0.0.1/"
      changed_when: false
      register: vphp
      failed_when: vphp.stderr.find('X-ansible-default') != -1
-    - name: -- VERIFY NOT DEFAULT SSL VHOST --
+    - name: -- VERIFY NOT DEFAULT SSL SITE --
      command: "curl --insecure -v -H 'Host: test-ssl.local' https://127.0.0.1/"
      changed_when: false
      register: notdefaultssl
      failed_when: notdefaultssl.stderr.find('X-ansible-default') != -1
-    - name: -- VERIFY DEFAULT VHOST + STUB_STATUS --
+    - name: -- VERIFY DEFAULT SITE + STUB_STATUS --
      command: "curl -v http://127.0.0.1/status"
      changed_when: false
      register: vdefault_status
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@ -2,7 +2,7 @@ nginx_events_use: 'epoll'
 nginx_pid: '/run/nginx.pid'
 nginx_etc_dir: '/etc/nginx'

-# Specific vhosts
+# Specific sites
 nginx_nagios_root: '/usr/share/nagios3/htdocs'
 nginx_nagios_stylesheets: '/etc/nagios3/stylesheets'
 nginx_fcgiwrap_sock: '/var/run/fcgiwrap.socket'
--- a/vars/FreeBSD.yml
+++ b/vars/FreeBSD.yml
@ -2,6 +2,6 @@ nginx_events_use: 'kqueue'
 nginx_pid: '/var/run/nginx.pid'
 nginx_etc_dir: '/usr/local/etc/nginx'

-# Specific vhosts
+# Specific sites
 nginx_nagios_root: '/usr/local/www/nagios'
 nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock'