Renaming variables *vhost* -> *site*
Vhost is an Apache configuration, not Nginx. Manages backward compatibility.pull/35/head
parent
a60e81cc1f
commit
cbdfc741ba
|
@ -8,11 +8,11 @@ Install and configure Nginx on Debian/FreeBSD.
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
- SSL/TLS "hardened" support
|
- SSL/TLS "hardened" support
|
||||||
- Manage basic auth on vhost / location
|
- Manage basic auth on site / location
|
||||||
- Proxy + Upstream
|
- Proxy + Upstream
|
||||||
- Fast PHP configuration
|
- Fast PHP configuration
|
||||||
- Preconfigured vhost templates (should work on many app)
|
- Preconfigured site templates (should work on many app)
|
||||||
- Auto-configure HTTP2 on SSL/TLS vhosts
|
- Auto-configure HTTP2 on SSL/TLS sites
|
||||||
- Manage dynamic modules (install and loading)
|
- Manage dynamic modules (install and loading)
|
||||||
- Deploy custom facts.d with sites config
|
- Deploy custom facts.d with sites config
|
||||||
- Can listen with proxy protocol
|
- Can listen with proxy protocol
|
||||||
|
@ -63,7 +63,7 @@ Last updates from Debian backports loads modules from /etc/nginx/modules-enabled
|
||||||
Fine configuration
|
Fine configuration
|
||||||
------------------
|
------------------
|
||||||
|
|
||||||
[Vhost configuration](doc/vhost.md)
|
[Site configuration](doc/site.md)
|
||||||
|
|
||||||
[PHP configuration](doc/php.md)
|
[PHP configuration](doc/php.md)
|
||||||
|
|
||||||
|
|
|
@ -16,8 +16,8 @@ nginx_resolver_valid: '300s'
|
||||||
nginx_resolver_timeout: '5s'
|
nginx_resolver_timeout: '5s'
|
||||||
nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
|
nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
|
||||||
nginx_auto_config_httpv2: true
|
nginx_auto_config_httpv2: true
|
||||||
nginx_default_vhost: null
|
nginx_default_site: null
|
||||||
nginx_default_vhost_ssl: null
|
nginx_default_site_ssl: null
|
||||||
nginx_fastcgi_fix_realpath: true
|
nginx_fastcgi_fix_realpath: true
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -91,9 +91,9 @@ nginx_http_gzip_disable: '"msie6"'
|
||||||
nginx_custom_http: []
|
nginx_custom_http: []
|
||||||
|
|
||||||
#
|
#
|
||||||
# Vhosts
|
# Sites
|
||||||
#
|
#
|
||||||
nginx_vhosts: []
|
nginx_sites: []
|
||||||
|
|
||||||
#
|
#
|
||||||
# htpasswd
|
# htpasswd
|
||||||
|
|
|
@ -4,7 +4,7 @@ Auth Basic management
|
||||||
Description
|
Description
|
||||||
-----------
|
-----------
|
||||||
|
|
||||||
Auth basic is managed in a separate list. Each auth file can be shared between locations or vhosts.
|
Auth basic is managed in a separate list. Each auth file can be shared between locations or sites.
|
||||||
|
|
||||||
Each htpasswd has few keys:
|
Each htpasswd has few keys:
|
||||||
|
|
||||||
|
@ -19,8 +19,8 @@ Example
|
||||||
-------
|
-------
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
nginx_vhosts:
|
nginx_sites:
|
||||||
# htpasswd on all vhost
|
# htpasswd on all site
|
||||||
- name: test.local
|
- name: test.local
|
||||||
htpasswd: 'hello'
|
htpasswd: 'hello'
|
||||||
template: '_base'
|
template: '_base'
|
||||||
|
|
|
@ -1,17 +1,17 @@
|
||||||
Vhost management
|
Site management
|
||||||
================
|
===============
|
||||||
|
|
||||||
You can see many examples in: [tests/test.yml](../tests/test.yml).
|
You can see many examples in: [tests/test.yml](../tests/test.yml).
|
||||||
|
|
||||||
`nginx_vhosts`: List of dict. A vhost has few keys. See bellow.
|
`nginx_sites`: List of dict. A site has few keys. See bellow.
|
||||||
|
|
||||||
Common
|
Common
|
||||||
------
|
------
|
||||||
|
|
||||||
- `name`: (M) Domain or list of domain used.
|
- `name`: (M) Domain or list of domain used.
|
||||||
- `template`: (D) template used to create vhost. Optional if you set `delete` to true or using `redirect_tor`.
|
- `template`: (D) template used to create site. Optional if you set `delete` to true or using `redirect_tor`.
|
||||||
- `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation.
|
- `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation.
|
||||||
- `state`: (O) Vhost status. Can be "present" (default), "absent" and "disabled".
|
- `state`: (O) Site status. Can be "present" (default), "absent" and "disabled".
|
||||||
- `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
|
- `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
|
||||||
- `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
|
- `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
|
||||||
- `headers`: (O) Set additionals header as key/value list. You can append "always" to the value. Show [nginx doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html).
|
- `headers`: (O) Set additionals header as key/value list. You can append "always" to the value. Show [nginx doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html).
|
||||||
|
@ -23,7 +23,7 @@ Common
|
||||||
- `upstream_params`: (O) Add upstream params (useful when you want to pass variables to PHP)
|
- `upstream_params`: (O) Add upstream params (useful when you want to pass variables to PHP)
|
||||||
- `override_try_files`: (O) overrides default try\_files defined in template
|
- `override_try_files`: (O) overrides default try\_files defined in template
|
||||||
- `manage_local_content`: (O) Boolean. Set to false if you do not want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature.
|
- `manage_local_content`: (O) Boolean. Set to false if you do not want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature.
|
||||||
- `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all vhost. Set "false" to disable.
|
- `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all site. Set "false" to disable.
|
||||||
- `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support.
|
- `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support.
|
||||||
- `ssl_name`: (D) name of the key used when using TLS/SSL. Optional when `proto` contains "https". If you don't set this value, it will search by `name`.
|
- `ssl_name`: (D) name of the key used when using TLS/SSL. Optional when `proto` contains "https". If you don't set this value, it will search by `name`.
|
||||||
- `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false".
|
- `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false".
|
||||||
|
@ -57,17 +57,17 @@ About proxy template
|
||||||
|
|
||||||
Proxy template allow you to use Nginx as reverse proxy. Usefull when you have an application service such as Redmine, Jenkins...
|
Proxy template allow you to use Nginx as reverse proxy. Usefull when you have an application service such as Redmine, Jenkins...
|
||||||
|
|
||||||
You have many key added to vhost key:
|
You have many key added to site key:
|
||||||
|
|
||||||
- `upstream_name`: (O) upstream name used to pass proxy
|
- `upstream_name`: (O) upstream name used to pass proxy
|
||||||
- `proxy_params`: (M) list of raw params passed to the vhost
|
- `proxy_params`: (M) list of raw params passed to the site
|
||||||
|
|
||||||
(O) : Optional
|
(O) : Optional
|
||||||
|
|
||||||
Default vhosts
|
Default sites
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
You can manage default vhost by setting domain name to these variables.
|
You can manage default site by setting domain name to these variables.
|
||||||
|
|
||||||
- `nginx_default_vhost`
|
- `nginx_default_site`
|
||||||
- `nginx_default_vhost_ssl`
|
- `nginx_default_site_ssl`
|
|
@ -33,7 +33,7 @@ Tips
|
||||||
----
|
----
|
||||||
|
|
||||||
- Deploying key/cert is not mandatory with this role. You can manage it in other place ([letsencrypt](https://letsencrypt.org/)? :)). You just need to set `dest_cert` and `dest_key`!
|
- Deploying key/cert is not mandatory with this role. You can manage it in other place ([letsencrypt](https://letsencrypt.org/)? :)). You just need to set `dest_cert` and `dest_key`!
|
||||||
- In `nginx_vhosts`, `ssl_name` is mandatory. This role will search in `nginx_ssl_pairs` with vhost `name` (first in list if it's a list).
|
- In `nginx_sites`, `ssl_name` is mandatory. This role will search in `nginx_ssl_pairs` with site `name` (first in list if it's a list).
|
||||||
|
|
||||||
Diffie-Hellman
|
Diffie-Hellman
|
||||||
--------------
|
--------------
|
||||||
|
@ -44,7 +44,7 @@ Example
|
||||||
-------
|
-------
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
nginx_vhosts;
|
nginx_sites;
|
||||||
- name: 'test-ssl.local'
|
- name: 'test-ssl.local'
|
||||||
proto: ['http', 'https']
|
proto: ['http', 'https']
|
||||||
template: '_base'
|
template: '_base'
|
||||||
|
|
|
@ -8,7 +8,7 @@ Note: Few params are unavailable on old Nginx version. But this role do _not_ pu
|
||||||
Upstream params
|
Upstream params
|
||||||
---------------
|
---------------
|
||||||
|
|
||||||
- `name`: upstream name. Can be use in vhost with *proxy_pass http://upstream_name*
|
- `name`: upstream name. Can be use in site with *proxy_pass http://upstream_name*
|
||||||
- `params`: list of param (hash, zone...)
|
- `params`: list of param (hash, zone...)
|
||||||
- `servers`: each upstream MUST have at least 1 server
|
- `servers`: each upstream MUST have at least 1 server
|
||||||
- `state`: Optional. Can be 'absent' or 'present'
|
- `state`: Optional. Can be 'absent' or 'present'
|
||||||
|
|
|
@ -25,6 +25,5 @@
|
||||||
- name: INCLUDE | SSL configuration
|
- name: INCLUDE | SSL configuration
|
||||||
include: ssl.yml
|
include: ssl.yml
|
||||||
|
|
||||||
- name: INCLUDE | Vhosts configuration
|
- name: INCLUDE | Sites configuration
|
||||||
include: vhost.yml
|
include: site.yml
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,20 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
|
- name: SET_FACT | Backward compatibility (nginx_vhosts)
|
||||||
|
set_fact:
|
||||||
|
nginx_sites: "{{ nginx_vhosts }}"
|
||||||
|
when: nginx_vhosts is defined
|
||||||
|
|
||||||
|
- name: SET_FACT | Backward compatibility (nginx_default_vhost_ssl)
|
||||||
|
set_fact:
|
||||||
|
nginx_default_site_ssl: "{{ nginx_default_vhost_ssl }}"
|
||||||
|
when: nginx_default_vhost_ssl is defined
|
||||||
|
|
||||||
|
- name: SET_FACT | Backward compatibility (nginx_default_vhost)
|
||||||
|
set_fact:
|
||||||
|
nginx_default_site: "{{ nginx_default_vhost }}"
|
||||||
|
when: nginx_default_vhost is defined
|
||||||
|
|
||||||
- name: SHELL | Get Nginx version
|
- name: SHELL | Get Nginx version
|
||||||
shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
|
shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
|
||||||
args:
|
args:
|
||||||
|
|
|
@ -1,82 +1,82 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: FAIL | Check filenames
|
- name: FAIL | Check filenames
|
||||||
fail: msg="Forbidden keyword default on vhost {{ item.name if item.name is string else item.name[0] }}"
|
fail: msg="Forbidden keyword default on site {{ item.name if item.name is string else item.name[0] }}"
|
||||||
when: item.filename is defined and item.filename == 'default'
|
when: item.filename is defined and item.filename == 'default'
|
||||||
with_items: "{{ nginx_vhosts }}"
|
with_items: "{{ nginx_sites }}"
|
||||||
|
|
||||||
- name: FAIL | Check HTTPS redir and proto
|
- name: FAIL | Check HTTPS redir and proto
|
||||||
fail: msg="You can't have HTTP proto and HTTPS redirection at the same time"
|
fail: msg="You can't have HTTP proto and HTTPS redirection at the same time"
|
||||||
when: >
|
when: >
|
||||||
((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and
|
((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and
|
||||||
(item.redirect_http is defined and item.redirect_http)
|
(item.redirect_http is defined and item.redirect_http)
|
||||||
with_items: "{{ nginx_vhosts }}"
|
with_items: "{{ nginx_sites }}"
|
||||||
|
|
||||||
- name: FILE | Create root directory
|
- name: FILE | Create root directory
|
||||||
file: >
|
file: >
|
||||||
path={{ nginx_root }}
|
path={{ nginx_root }}
|
||||||
state=directory
|
state=directory
|
||||||
|
|
||||||
- name: FILE | Create root public folders (foreach nginx_vhosts)
|
- name: FILE | Create root public folders (foreach nginx_sites)
|
||||||
file: >
|
file: >
|
||||||
path={{ nginx_root }}/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}/public
|
path={{ nginx_root }}/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}/public
|
||||||
state=directory
|
state=directory
|
||||||
owner={{ item.owner | default(nginx_user) }}
|
owner={{ item.owner | default(nginx_user) }}
|
||||||
group={{ item.group | default(nginx_user) }}
|
group={{ item.group | default(nginx_user) }}
|
||||||
mode={{ item.mode | default('0755') }}
|
mode={{ item.mode | default('0755') }}
|
||||||
with_items: "{{ nginx_vhosts }}"
|
with_items: "{{ nginx_sites }}"
|
||||||
when: >
|
when: >
|
||||||
item.root is not defined and
|
item.root is not defined and
|
||||||
(item.template is defined and item.template not in nginx_templates_no_dir) and
|
(item.template is defined and item.template not in nginx_templates_no_dir) and
|
||||||
(item.state is not defined or not item.state != 'absent') and
|
(item.state is not defined or not item.state != 'absent') and
|
||||||
item.redirect_to is not defined
|
item.redirect_to is not defined
|
||||||
|
|
||||||
- name: TEMPLATE | Create vhosts
|
- name: TEMPLATE | Create sites
|
||||||
template: >
|
template: >
|
||||||
src=etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2
|
src=etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2
|
||||||
dest={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
|
dest={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
|
||||||
with_items: "{{ nginx_vhosts }}"
|
with_items: "{{ nginx_sites }}"
|
||||||
notify: ['reload nginx', 'restart nginx freebsd']
|
notify: ['reload nginx', 'restart nginx freebsd']
|
||||||
when: item.state is not defined or item.state != 'absent'
|
when: item.state is not defined or item.state != 'absent'
|
||||||
|
|
||||||
- name: FILE | Delete vhosts
|
- name: FILE | Delete sites
|
||||||
file: path={{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0.filename | default(item.0.name if item.0.name is string else item.0.name[0]) }} state=absent
|
file: path={{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0.filename | default(item.0.name if item.0.name is string else item.0.name[0]) }} state=absent
|
||||||
with_nested:
|
with_nested:
|
||||||
- "{{ nginx_vhosts }}"
|
- "{{ nginx_sites }}"
|
||||||
- ['sites-available', 'sites-enabled']
|
- ['sites-available', 'sites-enabled']
|
||||||
notify: ['reload nginx', 'restart nginx freebsd']
|
notify: ['reload nginx', 'restart nginx freebsd']
|
||||||
when: item.state is defined and item.state == 'absent'
|
when: item.state is defined and item.state == 'absent'
|
||||||
|
|
||||||
- name: FILE | Enable vhosts
|
- name: FILE | Enable sites
|
||||||
file: >
|
file: >
|
||||||
src={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
|
src={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
|
||||||
dest={{ nginx_etc_dir }}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
|
dest={{ nginx_etc_dir }}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
|
||||||
state=link
|
state=link
|
||||||
with_items: "{{ nginx_vhosts }}"
|
with_items: "{{ nginx_sites }}"
|
||||||
notify: ['reload nginx', 'restart nginx freebsd']
|
notify: ['reload nginx', 'restart nginx freebsd']
|
||||||
when: >
|
when: >
|
||||||
item.state is not defined or item.state == 'present'
|
item.state is not defined or item.state == 'present'
|
||||||
|
|
||||||
- name: FILE | Disable vhosts
|
- name: FILE | Disable sites
|
||||||
file: path={{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }} state=absent
|
file: path={{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }} state=absent
|
||||||
with_items: "{{ nginx_vhosts }}"
|
with_items: "{{ nginx_sites }}"
|
||||||
notify: ['reload nginx', 'restart nginx freebsd']
|
notify: ['reload nginx', 'restart nginx freebsd']
|
||||||
when: item.state is defined and item.state == 'disabled'
|
when: item.state is defined and item.state == 'disabled'
|
||||||
|
|
||||||
- name: FILE | Delete default vhost when explicitely defined
|
- name: FILE | Delete default site when explicitely defined
|
||||||
file: >
|
file: >
|
||||||
path={{ nginx_etc_dir }}/sites-enabled/default
|
path={{ nginx_etc_dir }}/sites-enabled/default
|
||||||
state=absent
|
state=absent
|
||||||
notify: ['reload nginx', 'restart nginx freebsd']
|
notify: ['reload nginx', 'restart nginx freebsd']
|
||||||
when: nginx_default_vhost is not none
|
when: nginx_default_site is not none
|
||||||
|
|
||||||
- name: FILE | Auto set default vhost
|
- name: FILE | Auto set default site
|
||||||
file: >
|
file: >
|
||||||
src={{ nginx_etc_dir }}/sites-available/default
|
src={{ nginx_etc_dir }}/sites-available/default
|
||||||
dest={{ nginx_etc_dir }}/sites-enabled/default
|
dest={{ nginx_etc_dir }}/sites-enabled/default
|
||||||
state=link
|
state=link
|
||||||
notify: ['reload nginx', 'restart nginx freebsd']
|
notify: ['reload nginx', 'restart nginx freebsd']
|
||||||
when: nginx_default_vhost is none
|
when: nginx_default_site is none
|
||||||
|
|
||||||
- name: TEMPLATE | Deploy facts
|
- name: TEMPLATE | Deploy facts
|
||||||
template:
|
template:
|
|
@ -1,4 +1,4 @@
|
||||||
{
|
{
|
||||||
"fact_nginx_vhosts":
|
"fact_nginx_sites":
|
||||||
{{ nginx_vhosts | to_nice_json(indent=8) }}
|
{{ nginx_sites | to_nice_json(indent=8) }}
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,12 +42,12 @@ server {
|
||||||
server {
|
server {
|
||||||
{% if 'http' in __proto %}
|
{% if 'http' in __proto %}
|
||||||
{% for port in __listen %}
|
{% for port in __listen %}
|
||||||
listen {{ port }}{% if nginx_default_vhost == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
|
listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if 'https' in __proto %}
|
{% if 'https' in __proto %}
|
||||||
{% for port in __listen_ssl %}
|
{% for port in __listen_ssl %}
|
||||||
listen {{ port }}{% if nginx_default_vhost_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %};
|
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{{ ssl(__ssl_name) }}
|
{{ ssl(__ssl_name) }}
|
||||||
{% if item.ssl_template is not defined or item.ssl_template != false %}
|
{% if item.ssl_template is not defined or item.ssl_template != false %}
|
||||||
|
|
|
@ -115,8 +115,9 @@
|
||||||
- ' DZ no;'
|
- ' DZ no;'
|
||||||
- ' TN no;'
|
- ' TN no;'
|
||||||
- '}'
|
- '}'
|
||||||
nginx_default_vhost: 'first-test'
|
nginx_default_site: 'first-test'
|
||||||
nginx_default_vhost_ssl: 'test-ssl-predeployed.local'
|
nginx_default_site_ssl: 'test-ssl-predeployed.local'
|
||||||
|
# TODO: nginx_vhosts -> nginx_sites (for now check backward compatibility)
|
||||||
nginx_vhosts:
|
nginx_vhosts:
|
||||||
- name:
|
- name:
|
||||||
- 'test.local'
|
- 'test.local'
|
||||||
|
@ -255,13 +256,13 @@
|
||||||
# --------------------------------
|
# --------------------------------
|
||||||
- name: -- CHECK FACTS --
|
- name: -- CHECK FACTS --
|
||||||
assert:
|
assert:
|
||||||
that: "'{{ ansible_local.nginx.fact_nginx_vhosts[0].name[0] }}' == 'test.local'"
|
that: "'{{ ansible_local.nginx.fact_nginx_sites[0].name[0] }}' == 'test.local'"
|
||||||
# --------------------------------
|
# --------------------------------
|
||||||
# Simple vhosts tests
|
# Simple sites tests
|
||||||
# --------------------------------
|
# --------------------------------
|
||||||
- name: -- VERIFY VHOSTS --
|
- name: -- VERIFY SITES --
|
||||||
command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
|
command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
|
||||||
with_items: "{{ nginx_vhosts }}"
|
with_items: "{{ nginx_sites }}"
|
||||||
when: item.state is undefined or item.state != "absent"
|
when: item.state is undefined or item.state != "absent"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
- name: -- VERIFY FORBIDDEN --
|
- name: -- VERIFY FORBIDDEN --
|
||||||
|
@ -269,9 +270,9 @@
|
||||||
register: f
|
register: f
|
||||||
failed_when: f.stdout.find('403 Forbidden') == -1
|
failed_when: f.stdout.find('403 Forbidden') == -1
|
||||||
changed_when: false
|
changed_when: false
|
||||||
- name: -- VERIFY REDIRECT VHOSTS --
|
- name: -- VERIFY REDIRECT SITES --
|
||||||
command: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
|
command: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
|
||||||
with_items: "{{ nginx_vhosts }}"
|
with_items: "{{ nginx_sites }}"
|
||||||
when: item.redirect_from is defined and (item.state is undefined or item.state != "absent")
|
when: item.redirect_from is defined and (item.state is undefined or item.state != "absent")
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: r
|
register: r
|
||||||
|
@ -280,7 +281,7 @@
|
||||||
# --------------------------------
|
# --------------------------------
|
||||||
# PHP
|
# PHP
|
||||||
# --------------------------------
|
# --------------------------------
|
||||||
- name: -- VERIFY PHP5 VHOSTS (implicit default) --
|
- name: -- VERIFY PHP5 SITES (implicit default) --
|
||||||
command: "curl -H 'Host: {{ item }}' http://127.0.0.1/"
|
command: "curl -H 'Host: {{ item }}' http://127.0.0.1/"
|
||||||
register: p
|
register: p
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
@ -288,7 +289,7 @@
|
||||||
with_items: ['test-php-index.local']
|
with_items: ['test-php-index.local']
|
||||||
when: nginx_php56
|
when: nginx_php56
|
||||||
|
|
||||||
- name: -- VERIFY PHP7 VHOSTS --
|
- name: -- VERIFY PHP7 SITES --
|
||||||
command: "curl -H 'Host: {{ item }}' http://127.0.0.1/"
|
command: "curl -H 'Host: {{ item }}' http://127.0.0.1/"
|
||||||
register: p
|
register: p
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
@ -394,33 +395,33 @@
|
||||||
port: '8443'
|
port: '8443'
|
||||||
|
|
||||||
# --------------------------------
|
# --------------------------------
|
||||||
# Default vhosts
|
# Default sites
|
||||||
# --------------------------------
|
# --------------------------------
|
||||||
- name: -- VERIFY DEFAULT VHOST --
|
- name: -- VERIFY DEFAULT SITE --
|
||||||
command: "curl -v http://127.0.0.1/"
|
command: "curl -v http://127.0.0.1/"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: vdefault
|
register: vdefault
|
||||||
failed_when: >
|
failed_when: >
|
||||||
vdefault.stdout.find('Index HTML test OK') == -1 or
|
vdefault.stdout.find('Index HTML test OK') == -1 or
|
||||||
vdefault.stderr.find('X-ansible-default') == -1
|
vdefault.stderr.find('X-ansible-default') == -1
|
||||||
- name: -- VERIFY DEFAULT SSL VHOST --
|
- name: -- VERIFY DEFAULT SSL SITE --
|
||||||
command: "curl --insecure -v https://127.0.0.1/"
|
command: "curl --insecure -v https://127.0.0.1/"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: defaultssl
|
register: defaultssl
|
||||||
failed_when: >
|
failed_when: >
|
||||||
defaultssl.stdout.find('Index HTML test OK') == -1 or
|
defaultssl.stdout.find('Index HTML test OK') == -1 or
|
||||||
defaultssl.stderr.find('X-ansible-default') == -1
|
defaultssl.stderr.find('X-ansible-default') == -1
|
||||||
- name: -- VERIFY NOT DEFAULT VHOST --
|
- name: -- VERIFY NOT DEFAULT SITE --
|
||||||
command: "curl -v -H 'Host: test-php.local' http://127.0.0.1/"
|
command: "curl -v -H 'Host: test-php.local' http://127.0.0.1/"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: vphp
|
register: vphp
|
||||||
failed_when: vphp.stderr.find('X-ansible-default') != -1
|
failed_when: vphp.stderr.find('X-ansible-default') != -1
|
||||||
- name: -- VERIFY NOT DEFAULT SSL VHOST --
|
- name: -- VERIFY NOT DEFAULT SSL SITE --
|
||||||
command: "curl --insecure -v -H 'Host: test-ssl.local' https://127.0.0.1/"
|
command: "curl --insecure -v -H 'Host: test-ssl.local' https://127.0.0.1/"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: notdefaultssl
|
register: notdefaultssl
|
||||||
failed_when: notdefaultssl.stderr.find('X-ansible-default') != -1
|
failed_when: notdefaultssl.stderr.find('X-ansible-default') != -1
|
||||||
- name: -- VERIFY DEFAULT VHOST + STUB_STATUS --
|
- name: -- VERIFY DEFAULT SITE + STUB_STATUS --
|
||||||
command: "curl -v http://127.0.0.1/status"
|
command: "curl -v http://127.0.0.1/status"
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: vdefault_status
|
register: vdefault_status
|
||||||
|
|
|
@ -2,7 +2,7 @@ nginx_events_use: 'epoll'
|
||||||
nginx_pid: '/run/nginx.pid'
|
nginx_pid: '/run/nginx.pid'
|
||||||
nginx_etc_dir: '/etc/nginx'
|
nginx_etc_dir: '/etc/nginx'
|
||||||
|
|
||||||
# Specific vhosts
|
# Specific sites
|
||||||
nginx_nagios_root: '/usr/share/nagios3/htdocs'
|
nginx_nagios_root: '/usr/share/nagios3/htdocs'
|
||||||
nginx_nagios_stylesheets: '/etc/nagios3/stylesheets'
|
nginx_nagios_stylesheets: '/etc/nagios3/stylesheets'
|
||||||
nginx_fcgiwrap_sock: '/var/run/fcgiwrap.socket'
|
nginx_fcgiwrap_sock: '/var/run/fcgiwrap.socket'
|
||||||
|
|
|
@ -2,6 +2,6 @@ nginx_events_use: 'kqueue'
|
||||||
nginx_pid: '/var/run/nginx.pid'
|
nginx_pid: '/var/run/nginx.pid'
|
||||||
nginx_etc_dir: '/usr/local/etc/nginx'
|
nginx_etc_dir: '/usr/local/etc/nginx'
|
||||||
|
|
||||||
# Specific vhosts
|
# Specific sites
|
||||||
nginx_nagios_root: '/usr/local/www/nagios'
|
nginx_nagios_root: '/usr/local/www/nagios'
|
||||||
nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock'
|
nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock'
|
||||||
|
|
Loading…
Reference in New Issue