Migrate to jinja block ok
Emilien Mantel
parent
084a6f283b
commit
ec94521c5b
|
|
@ -52,7 +52,7 @@ Few tips:
|
|||
- you can use your own templates, you must keep the same directory organization
|
||||
- you should see COMMON.j2 to see all abilities
|
||||
|
||||
You can see many examples in: [tests/test.yml].
|
||||
You can see many examples in: [tests/test.yml](tests/test.yml).
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ nginx_apt_package: nginx-full
|
|||
#
|
||||
# Nginx shared variables
|
||||
#
|
||||
nginx_root: "/var/www"
|
||||
nginx_root: "/srv/www"
|
||||
nginx_log_dir: '/var/log/nginx'
|
||||
nginx_ssl_dir: '/etc/nginx/ssl'
|
||||
nginx_resolver:
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
galaxy_info:
|
||||
author: Emilien Mantel
|
||||
description: Nginx for Debian
|
||||
company: your company (optional)
|
||||
company:
|
||||
license: GPLv2
|
||||
min_ansible_version: 1.2
|
||||
platforms:
|
||||
|
|
|
|||
|
|
@ -3,6 +3,11 @@
|
|||
- name: APT | Install nginx
|
||||
apt: pkg={{ nginx_apt_package }} state=latest update_cache=yes cache_valid_time=3600
|
||||
|
||||
- name: SHELL | Get Nginx version
|
||||
shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
|
||||
register: nginx_version
|
||||
changed_when: false
|
||||
|
||||
- name: TEMPLATE | Deploy nginx.conf
|
||||
template: src=etc/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf validate= "nginx -t"
|
||||
notify: restart nginx
|
||||
|
|
|
|||
|
|
@ -1,41 +1,53 @@
|
|||
---
|
||||
|
||||
- name: FILE | Create root folders (foreach nginx_vhosts)
|
||||
file: path={{ nginx_root }}/{{ item.name }} state=directory recurse=yes owner=www-data group=www-data mode=0755
|
||||
file: path={{ nginx_root }}/{{ item.name }}/public state=directory recurse=yes owner=www-data group=www-data mode=0755
|
||||
file: >
|
||||
path={{ nginx_root }}/{{ item.name[0] }}/public
|
||||
state=directory
|
||||
recurse=yes
|
||||
owner={{ item.owner | default('www-data') }}
|
||||
group={{ item.group | default('www-data') }}
|
||||
mode={{ item.mode | default('0755') }}
|
||||
with_items: nginx_vhosts
|
||||
when: item.root is not defined
|
||||
|
||||
- name: TEMPLATE | Create vhosts
|
||||
template: src=etc/nginx/sites-available/{{ item.template }}.j2 dest=/etc/nginx/sites-available/{{ item.name }}
|
||||
template: >
|
||||
src=etc/nginx/sites-available/{{ item.template }}.j2
|
||||
dest=/etc/nginx/sites-available/{{ item.name[0] }}
|
||||
with_items: nginx_vhosts
|
||||
notify: reload nginx
|
||||
|
||||
- name: COMMAND | Get sites available
|
||||
command: ls -1 /etc/nginx/sites-available
|
||||
register: old_vhosts
|
||||
changed_when: false
|
||||
ignore_errors: true
|
||||
|
||||
- name: Delete unmanaged vhosts
|
||||
file: path=/etc/nginx/sites-enabled/{{ item }} state=absent
|
||||
file: path=/etc/nginx/sites-available/{{ item }} state=absent
|
||||
with_items: old_vhosts.stdout_lines
|
||||
when: item not in nginx_vhosts|map(attribute='name') and item != 'default'
|
||||
|
||||
#- name: COPY | Add index.html / index.php
|
||||
# copy: src={{ item }} dest={{ nginx_root }}/{{ item.name }}/public/{{ item }} owner=www-data group=www-data mode=0666
|
||||
# with_fileglob: "web/*"
|
||||
|
||||
- name: FILE | Enable vhosts (symlink to sites-enabled)
|
||||
file: src=/etc/nginx/sites-available/{{ item.name }} dest=/etc/nginx/sites-enabled/{{ item.name }} state=link
|
||||
- name: FILE | Delete vhosts
|
||||
file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
|
||||
file: dest=/etc/nginx/sites-available/{{ item.name[0] }} state=absent
|
||||
with_items: nginx_vhosts
|
||||
notify: reload nginx
|
||||
when: item.delete is defined and item.delete
|
||||
|
||||
- name: FILE | Create ssl dir per vhost (if needed)
|
||||
file: dest=/etc/nginx/ssl/{{ item.name }} owner=root mode=0750 state=directory
|
||||
- name: FILE | Enable vhosts
|
||||
file: >
|
||||
src=/etc/nginx/sites-available/{{ item.name[0] }}
|
||||
dest=/etc/nginx/sites-enabled/{{ item.name[0] }}
|
||||
state=link
|
||||
with_items: nginx_vhosts
|
||||
when: item.ssl.use is defined and item.ssl.use
|
||||
notify: reload nginx
|
||||
when: item.enabled is not defined or (item.enabled is defined and item.enabled)
|
||||
|
||||
- name: FILE | Disable vhosts
|
||||
file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
|
||||
with_items: nginx_vhosts
|
||||
notify: reload nginx
|
||||
when: item.enabled is defined and not item.enabled
|
||||
|
||||
#- name: FILE | Create ssl dir per vhost (if needed)
|
||||
# file: dest=/etc/nginx/ssl/{{ item.name }} owner=root mode=0750 state=directory
|
||||
# with_items: nginx_vhosts
|
||||
# when: item.ssl.use is defined and item.ssl.use
|
||||
|
||||
# TODO...
|
||||
#- name: COPY | Deploy SSL keys if needed
|
||||
|
|
|
|||
|
|
@ -0,0 +1,70 @@
|
|||
{% set __listen = item.listen | default(['80']) %}
|
||||
{% set __listen_ssl = item.listen_ssl | default(['443']) %}
|
||||
#
|
||||
# {{ ansible_managed }}
|
||||
#
|
||||
|
||||
#
|
||||
# HTTP
|
||||
#
|
||||
server {
|
||||
{% for port in __listen %}
|
||||
listen {{ port }};
|
||||
{% endfor %}
|
||||
server_name {{ item.name | join(' ') }};
|
||||
|
||||
{% if item.root is defined %}
|
||||
root {{ item.root }};
|
||||
{% else %}
|
||||
root {{ nginx_root }}/{{ item.name[0] }}/public;
|
||||
{% endif %}
|
||||
|
||||
{% block template_index %}
|
||||
index {{ item.index | default('index.html index.htm') }};
|
||||
{% endblock %}
|
||||
|
||||
{% block template_try_files %}
|
||||
try_files $uri $uri/ =404;
|
||||
{% endblock %}
|
||||
|
||||
{% block template_custom_location %}
|
||||
{% endblock %}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
location ~* \.(txt|js|css|png|jpg|jpeg|gif|ico|svg)$ {
|
||||
expires 30d;
|
||||
log_not_found off;
|
||||
}
|
||||
|
||||
{% if item.use_access_log is defined and item.use_access_log %}
|
||||
access_log {{ nginx_log_dir }}/{{ item.name }}_access.log combined;
|
||||
{% else %}
|
||||
access_log off;
|
||||
{% endif %}
|
||||
{% if item.use_error_log is defined and item.use_error_log %}
|
||||
error_log {{ nginx_log_dir }}/{{ item.name }}_error.log {{ nginx_error_log_level }};
|
||||
{% else %}
|
||||
error_log off;
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
# HTTPS
|
||||
#server {
|
||||
#}
|
||||
|
||||
{% if item.redirect_from is defined and item.redirect_from is iterable %}
|
||||
#
|
||||
# Redirect from
|
||||
#
|
||||
server {
|
||||
{% for port in __listen %}
|
||||
listen {{ port }};
|
||||
{% endfor %}
|
||||
server_name {{ item.redirect_from | join(' ') }};
|
||||
return 301 $scheme://{{ item.name[0] }}$request_uri;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
# vim:filetype=nginx
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
{% extends "_base.j2" %}
|
||||
{% block template_index %}
|
||||
index {{ item.index | default('index.html index.htm index.php') }};
|
||||
{% endblock %}
|
||||
|
||||
{% block template_try_files %}
|
||||
try_files $uri $uri/ index.php;
|
||||
{% endblock %}
|
||||
|
||||
{% block template_custom_location %}
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass php;
|
||||
fastcgi_index index.php;
|
||||
{# TODO: fastcgi_intercept_errors {{ item.php.intercept_errors | default('on') }}; #}
|
||||
fastcgi_intercept_errors on;
|
||||
{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
|
||||
include fastcgi_params;
|
||||
{% else %}
|
||||
include fastcgi.conf;
|
||||
{% endif %}
|
||||
|
||||
# TODO...
|
||||
# Newrelic custom header: https://docs.newrelic.com/docs/apm/other-features/request-queueing/request-queue-server-configuration-examples
|
||||
#fastcgi_param HTTP_X_REQUEST_START "t=${msec}";
|
||||
# Newrelic custom PHP appname: https://docs.newrelic.com/docs/agents/php-agent/configuration/php-directory-ini-settings#perdir-nginx
|
||||
#fastcgi_param PHP_VALUE "newrelic.appname=${host}";
|
||||
}
|
||||
{% endblock %}
|
||||
|
|
@ -5,32 +5,35 @@
|
|||
- apt: pkg={{ item }} update_cache=yes cache_valid_time=3600 state=present
|
||||
with_items:
|
||||
- php5-fpm
|
||||
- lineinfile: dest=/etc/hosts line="127.0.2.2 {{ nginx_vhosts|map(attribute='name')| join(' ') }}"
|
||||
- lineinfile: >
|
||||
dest=/etc/hosts
|
||||
line="127.0.2.2 {% for name in nginx_vhosts|map(attribute='name') %}{{ name | join(' ') }} {% endfor %}"
|
||||
vars:
|
||||
nginx_php: true
|
||||
nginx_php_sockets:
|
||||
- unix_socket: "/var/run/php5-fpm.sock"
|
||||
nginx_vhosts:
|
||||
- name: 'test.local'
|
||||
aliases:
|
||||
- test-alias.local
|
||||
- test2-alias.local
|
||||
template: 'static'
|
||||
- name:
|
||||
- 'test.local'
|
||||
- 'test-alias.local'
|
||||
- 'test2-alias.local'
|
||||
template: '_base'
|
||||
ssl:
|
||||
use: false
|
||||
- name: 'test-php.local'
|
||||
template: 'wordpress'
|
||||
- name:
|
||||
- 'test-php.local'
|
||||
template: '_php'
|
||||
ssl:
|
||||
use: false
|
||||
roles:
|
||||
- ../../
|
||||
post_tasks:
|
||||
- name: -- Add PHP file --
|
||||
copy: dest=/var/www/test-php.local/public/index.php content="<?php phpinfo();"
|
||||
copy: dest="{{ nginx_root }}/test-php.local/public/index.php" content="<?php phpinfo();"
|
||||
- name: -- Add HTML file --
|
||||
copy: dest=/var/www/test.local/public/index.html content="HTML Message"
|
||||
copy: dest="{{ nginx_root }}/test.local/public/index.html" content="Index HTML test OK\n"
|
||||
- name: -- VERIFY VHOSTS --
|
||||
get_url: dest="/tmp/ansible_{{ item.name }}.txt" url="http://{{ item.name }}" validate_certs=no
|
||||
get_url: dest="/tmp/ansible_{{ item.name[0] }}.txt" url="http://{{ item.name[0] }}" validate_certs=no
|
||||
with_items: nginx_vhosts
|
||||
changed_when: false
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue