radityo
/
ansible-nginx
mirror of https://github.com/HanXHX/ansible-nginx.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add Debian 12 and CI

feature/add_main_opts
Emilien Mantel 2023-05-30 18:30:49 +02:00
parent f02b0e157f
commit fc73f2a31b
27 changed files with 651 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
.github/workflows/ci.yml vendored 100644
View File

@ -0,0 +1,43 @@
---
name: ci
'on':
pull_request:
push:
branches:
- master
jobs:
yaml-lint:
name: YAML Lint
runs-on: ubuntu-latest
steps:
- name: Fetch code
uses: actions/checkout@v3
- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Install test dependencies.
run: pip3 install yamllint
- name: Lint code.
run: |
yamllint .
ansible-lint:
name: Ansible Lint
runs-on: ubuntu-latest
steps:
- name: Fetch code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Run ansible-lint
uses: ansible/ansible-lint-action@v6.15.0

17
.github/workflows/galaxy.yml vendored 100644
View File

@ -0,0 +1,17 @@
---
name: Deploy on Ansible Galaxy
'on':
- push
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: galaxy
uses: robertdebock/galaxy-action@1.2.0
with:
galaxy_api_key: ${{ secrets.galaxy_api_key }}

36
.github/workflows/molecule.yml vendored 100644
View File

@ -0,0 +1,36 @@
---
name: Molecule
'on':
pull_request:
push:
branches:
- master
jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
scenario:
- debian-10
- debian-11
- debian-12
- ubuntu-18.04
- ubuntu-20.04
- ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v3
with:
path: "${{ github.repository }}"
- name: Molecule
uses: gofrolist/molecule-action@v2.3.19
with:
molecule_options: --base-config molecule/_shared/base.yml
molecule_args: --scenario-name ${{ matrix.scenario }}
molecule_working_dir: "HanXHX/ansible-nginx"

13
README.md
View File

@ -20,14 +20,15 @@ Features:
Supported OS:
| OS | Working | Stable (active support) |
| -------------------- | ------- | ----------------------- |
| OS | Working | Stable (active support) |
|----------------------|---------|------------------------------------------------------------------------------------------------------|
| Debian Jessie (8) | Yes | Check latest supported version ([1.5.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.5.0)) |
| Debian Stretch (9) | Yes | Check latest supported version ([1.9.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.9.0)) |
| Debian Buster (10) | Yes | Yes |
| Debian Bullseye (11) | Yes | Yes |
| FreeBSD 11 | Yes | No |
| FreeBSD 12 | Yes | No |
| Debian Buster (10) | Yes | Yes |
| Debian Bullseye (11) | Yes | Yes |
| Debian Bookworm (12) | Yes | No |
| FreeBSD 11 | NA | No |
| FreeBSD 12 | NA | No |
Requirements
------------

32
handlers/main.yml
View File

@ -1,42 +1,14 @@
---
- name: Reload nginx # noqa: no-changed-when
ansible.builtin.command: nginx -t
notify:
- Real-reload nginx
- Docker reload nginx
- name: Restart nginx # noqa: no-changed-when
ansible.builtin.command: nginx -t
notify:
- Real-restart nginx
- Docker restart nginx
- name: Real-reload nginx
- name: Reload nginx
ansible.builtin.service:
name: nginx
state: reloaded
when: ansible_virtualization_type != 'docker'
- name: Real-restart nginx
- name: Restart nginx
ansible.builtin.service:
name: nginx
state: restarted
when: ansible_virtualization_type != 'docker'
- name: Docker reload nginx # noqa: no-changed-when command-instead-of-module
ansible.builtin.command: service nginx reload
when: ansible_virtualization_type == 'docker'
- name: Docker restart nginx # noqa: no-changed-when command-instead-of-module
ansible.builtin.command: service nginx restart
when: ansible_virtualization_type == 'docker'
- name: Restart nginx freebsd
ansible.builtin.service:
name: nginx
state: restarted
when: ansible_distribution == "FreeBSD"
- name: Setup
ansible.builtin.setup:

1
meta/main.yml
View File

@ -13,6 +13,7 @@ galaxy_info:
versions:
- buster
- bullseye
- bookworm
- name: FreeBSD
versions:
- '11.0'

19
molecule/_shared/Dockerfile.j2 100644
View File

@ -0,0 +1,19 @@
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
{% if item.env is defined %}
{% for var, value in item.env.items() %}
{% if value %}
ENV {{ var }} {{ value }}
{% endif %}
{% endfor %}
{% endif %}
RUN apt-get update && \
apt-get install -y python3 sudo bash ca-certificates iproute2 python-apt-common \
&& apt-get clean

39
molecule/_shared/base.yml 100644
View File

@ -0,0 +1,39 @@
---
scenario:
test_sequence:
- dependency
- syntax
- create
- prepare
- converge
- idempotence
- verify
- destroy
dependency:
name: galaxy
options:
requirements-file: ./molecule/_shared/requirements.yml
role-file: ./molecule/_shared/requirements.yml
driver:
name: docker
role_name_check: 1
provisioner:
name: ansible
env:
ANSIBLE_FILTER_PLUGINS: "../../filter_plugins"
config_options:
defaults:
deprecation_warnings: false
callback_whitelist: timer,profile_tasks
fact_caching: jsonfile
fact_caching_connection: ./cache
forks: 100
connection:
pipelining: true
playbooks:
converge: ../_shared/converge.yml
prepare: ../_shared/prepare.yml
verify: ../_shared/verify.yml
verifier:
name: ansible

20
molecule/_shared/converge.yml 100644
View File

@ -0,0 +1,20 @@
---
- name: Converge
hosts: all
gather_facts: true
vars_files:
- vars/misc.yml
vars:
nginx_debug_role: true
tasks:
- name: SHELL | Get ngrok public address
ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3
args:
executable: /bin/bash
register: ngrok
changed_when: false
- name: Include role
ansible.builtin.include_role:
name: "hanxhx.nginx"

19
molecule/_shared/file/test.crt 100644
View File

@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDHTCCAgWgAwIBAgIJAJzUwbFlhyxIMA0GCSqGSIb3DQEBCwUAMCUxIzAhBgNV
BAMMGnRlc3Qtc3NsLXByZWRlcGxveWVkLmxvY2FsMB4XDTE2MDExMjE2MDUxNVoX
DTI2MDEwOTE2MDUxNVowJTEjMCEGA1UEAwwadGVzdC1zc2wtcHJlZGVwbG95ZWQu
bG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm4q94vffiU89G
GO7rjDfr3C32tH9sM5sXqJT+7N5BLYLF0iSRIvy33MtwFu//TV3f+8nLlQuHYVVk
L6NEvaL8lh+nRexCQ/y+aXMh7lMhuwPXGgPR1LXsTqyDXbmV9c7k/Kwx5qHAcOb9
d9YzmcOSO4M9v3WMl/4Zw2J7zNYruypxNBgFEwFx3NJ3AztACMYoVOIR5mS8ARX6
xea4ddii1F41Vch+eiCGP9VZwDhEujhjy9PXvdBtYNwggM6d82Df9wwaFyIW5DU4
PhpgAngvE2keY0GLy/LaXa6LAW+TCfPMRT2RtDuvqWr+useWF+O3n81TZqM/G7LV
9iPxkkRNAgMBAAGjUDBOMB0GA1UdDgQWBBSzXW5UY02/S0xrrobZCVOhas6VeDAf
BgNVHSMEGDAWgBSzXW5UY02/S0xrrobZCVOhas6VeDAMBgNVHRMEBTADAQH/MA0G
CSqGSIb3DQEBCwUAA4IBAQC0+Tr0w9aG4f3LG3+WRGKfMopKICNEkA7JrPrvVUq8
7UgtdrpOUZAL5AKxVVo1rHDdoL/VpjdqHdhyPzaSUl8hppCFsWmdQh4wLKGoyvcN
AqSGpXTeLSoFJ357F2OIQpXm2lfT2fVGebwyCNFkwpp7klFnmOusSl2/v5Y5cz+A
WvWrDg3jsNglx3mNLVcjbOSnen2PsZSmcVo27D0el6oDju8jjstyJ+Dvu0WP+CDL
s/VolFdbei7d4r2dj86OZ/BCZurltyc0wI3NMOdUuA7q4f1MPTRu7qr/ua5ItK92
Avc+Gjn/Y/aIhzKpPicJQDK6FzxjfhCc8xtk0EjB4IpP
-----END CERTIFICATE-----

28
molecule/_shared/file/test.key 100644
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDm4q94vffiU89G
GO7rjDfr3C32tH9sM5sXqJT+7N5BLYLF0iSRIvy33MtwFu//TV3f+8nLlQuHYVVk
L6NEvaL8lh+nRexCQ/y+aXMh7lMhuwPXGgPR1LXsTqyDXbmV9c7k/Kwx5qHAcOb9
d9YzmcOSO4M9v3WMl/4Zw2J7zNYruypxNBgFEwFx3NJ3AztACMYoVOIR5mS8ARX6
xea4ddii1F41Vch+eiCGP9VZwDhEujhjy9PXvdBtYNwggM6d82Df9wwaFyIW5DU4
PhpgAngvE2keY0GLy/LaXa6LAW+TCfPMRT2RtDuvqWr+useWF+O3n81TZqM/G7LV
9iPxkkRNAgMBAAECggEAEEeZkczrRpUcP1gQuKEZbFMJFqUhevKkk+V6JAN1pGje
GK65j1ZFNX2nBo9Hetvsq5doYidvOat+RuMpAvbQIDlBoBzJDN8YWiC7UoAocm9q
VOdrr4btEO13MogQRuefH/xE8/vMGfKcBvFFNDw6UvxJQ7hVRIWPECf7sLj/vPOC
OpMKghxcabQqidMPKyyHVPhQjuIvqW/SqBFpD+Ul0Ja1QGdx+p+/EwVmXnei6Kr8
/ypULreHqIlBLD6McfFehxDV0m5U7qXb5xK3zdUurIhZixKLjbdRrorNInfEvlOh
vDy+hsF5GSzvn9dRrMAy/QcRPpXU47VNYZ5BfdCBTQKBgQD8VCbdpG5siXSlIjZd
xypgK1ttp8udTPWC1trnAc+Ku9O+cGmvABxYJA1iR/GDpSfMxglB7OhSecywKrr+
S7Yjs9e/dyBmvF7U15JJaGp+db2Ct64z7MvqkwSJ5a0qrrZJRFetDdqdH9FPvURs
B147jbKsPiGcljjXbZlOBHJH9wKBgQDqPqoA3VqYOmvR7Ei8/skY2EOpFpOhSNko
ARFwUsDNHRk677URH97TCHq5UrwubfCeIcIptXHrMfaTsfq8vPLPykReIMRaknxf
DULJPHSoeBLrCAZmaWF1JVyYhrLhHNAzQ3u7a/kYIJm87FEZy3Ml6FSZmIGbRBqx
zqZYKoHs2wKBgQD469tbk7cLg556uYGAidYYAS20w29uwlkAtgxFD9g6OIjuud7I
MQfFO+uoJOjwwaC9ti+zxY56roVq1PybmP0Zw3T3AQIJ15KFzhQWLte/4U8PATzt
JJEV2+sCTn3COZDCPpVvttcPYjAOxdwV5j7j6Sl2GeT2oIt6mjg+asyCiQKBgQDk
LPxu8TBRfv8OMqs8Jrf/EpL9/7b48bxOwpOZJZMXelPcXCm1r6TfTrA1HAmg9Ijh
kKLQ/CUm5Ll7b3B+L1Qa4r2sLyD11SF/eaxn2BMPFD/hYCTT160ObsF+9h8DN4z7
kq3RiMDRJth69nuds9fLwj++ipcdhr62G0VgNq/u5wKBgCz/I5J3tPNjrU9YampR
0gNnUkUfJWbiVMsG9uwL9l0L/ZzQHvELJ523QXQ0v/e/szHCyoX319u8HEQlC0Jw
Twlj81HDZzruDUB/mcH6Ee3zHKOmmF6ma+CgoYJJElKW89MUttPdmkH2J1QqLz+7
EGREwqjr8/wm22DzKNiyDXJ0
-----END PRIVATE KEY-----

15
molecule/_shared/prepare.yml 100644
View File

@ -0,0 +1,15 @@
---
- name: Prepare
hosts: all
gather_facts: true
vars_files:
- vars/misc.yml
tasks:
- name: INCLUDE_TASKS | Pre tasks related to OS
ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_distribution }}.yml"
- name: INCLUDE_TASKS | Pre_tasks common
ansible.builtin.include_tasks: "../../tests/includes/pre_common.yml"

6
molecule/_shared/requirements.yml 100644
View File

@ -0,0 +1,6 @@
---
roles:
- name: hanxhx.php
collections: []

16
molecule/_shared/templates/custom_template.conf.j2 100644
View File

@ -0,0 +1,16 @@
# {{ ansible_managed }} - custom template
server {
listen 80;
listen 8888 http2;
listen 9999 http2 proxy_protocol;
server_name {{ item.name }};
index index.html index.htm;
root {{ item.root }};
location / {
try_files $uri $uri/ =404;
}
}

259
molecule/_shared/vars/misc.yml 100644
View File

@ -0,0 +1,259 @@
---
# Force SysVinit, since systemd won't work in a Docker container
ansible_service_mgr: "sysvinit"
# ----------------------------------------
# Copied from {role_dir}/tests/group_vars/all.yml
# ----------------------------------------
# Internal vars
int_ansible_ssl_dir: '/etc/ansible-ssl'
# Role vars
nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
nginx_apt_package: 'nginx-extras'
nginx_module_packages: ['libnginx-mod-http-headers-more-filter']
nginx_custom_core:
- 'worker_rlimit_nofile 4242;'
nginx_upstreams:
- name: 'test'
servers:
- path: '127.0.0.1:80'
max_conns: 150
weight: 10
down: false
- name: 'test-absent'
servers:
- path: '127.0.0.1:80'
max_conns: 150
weight: 10
down: false
state: 'absent'
nginx_htpasswd:
- name: 'hello'
description: 'Please login!'
users:
- name: 'hx'
password: 'asdfg'
state: 'absent'
- name: 'hanx'
password: 'qwerty'
- name: 'deleteme'
description: 'Please login!'
users: []
state: 'absent'
nginx_acmesh: true
nginx_acmesh_test: true
nginx_ssl_pairs:
- name: '{{ ngrok.stdout }}'
acme: true
- name: 'test-ssl-selfsigned.local'
self_signed: true
force: false
- name:
- 'test-ssl-predeployed.local'
- 'test-multiple-name.local' # Hack: tests for acme with multiple name, without using acme
dest_key: "{{ int_ansible_ssl_dir }}/test.key"
dest_cert: "{{ int_ansible_ssl_dir }}/test.crt"
- name: 'test-ssl.local'
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvavrJWFp3Al2VwRgKx+4Y2mbRRvoxvyd2pyN0xMJ/tCJscaG
8s60v6WZ9FcCOeMkSI2DXsk4z7pbQdQn0h2GDr/5MOJkPAVWSWEN46tpaLZ3v0zp
88ZIbnEk1G0PsdFuW/pnLsakPlAMrl1VArFsV6YsatLt30UIYYcRO97StkoOehCx
A5w+XqtfHZeQZ0/DS81633gwYUcMuSTUFZ60r7ge1/m77DTSKg3rTVk5sebP8cjS
+aWHvxP/GyvvDsT+3gjRJx2/5O3JkfH0zaOsaU2Avj0PR0c5rhynrNO/l1k+GJJB
cbBrM+yA8Ofzp4oXUrCfaIq3RuL3Pd+khcKsiwIDAQABAoIBAQCPpAMQ7BUfbosQ
m1+5SOx7XR8Z12kSSX3CcY12rJSFRakB2TeZ6rE38lIFmV82N67iw0kaH4nGx3sU
/3aoyXMc+IXfX5RJYEFYkQfTw5ywkH9fgQAsfZ2dBlK+DVo1cEYDoj9CTW1VQ4pX
Ape+0l8agd5hiBxdWgpe0ctbbARnx584viLiA/iPBDNxKi9zEYw+WP7hSj5QWahr
a09tubcC4L6tjvv8CoZTRSKfCW64vWRDvE6vmA+zJN9Arc1WTYzF1KO1Gybwf8h7
stJb191smAgGDFhKo0j58ncyAnrS1k4mapm86QQhlfIA6DKvvC0qm3KdQns5b7HM
PyzW0hwBAoGBAO2mTVTOsziom9vtBwM0nRMMEgynR2X3EKMJz2mjcCf66f1F+aQ5
DvQFM2V8S2s1nGnPh8NKKZ8DxW1NKuR4qx82zeAXpUs9ibHxOnw4YRC485zqc2Wt
fSO1OEDYeKyzWP1nGGtCntYUXzJnWn/wz0mBGKzLKTuLwyFIKx1b7bybAoGBAMxR
N+lT57rX6d4GUqcgNOuWMZ/D8egnE5+hsoiFnHOisRLOgUgBBSy4rwAZx+rdHYT+
RO11L1PLYEzyvnO0f13R+N7aqKwNXDSzZGA+jb4pjkVidIC2smG/JYKJH5Z+kakw
mwMKP0wdRZJsCaMgScHmWJS8d6Ox/XJJoWrTWTbRAoGAWJlEgVaiaIArwz1F/QLz
gHNik0cWDkSi9jWlFxwwpycbbypUXM5M7dq2g6JoN6sACk6trbgLdlYgl5RKZm06
VuPGs0H9hOSHXkix5jfasDJT2G9r4D9ixRo9w6cwriobBjYWW3612tgzeYYgrkwn
655uhZUkZSfA8rqGIGbyZfsCgYAf5WH8G+wmIATTc1s92epJCOZwUY+XNVp75itP
4sPczX4lOHW4PuiG5cH0GxI5mRE9rNAn3c5on2xGNvMCbyAfDmNyruH8Eg3d8E9w
MvO/xw79x/P2EA9i8QszCKMUxGeK6RqZ6+SbxkoRJKqQe77n9UTI228179hoGhSH
77ySsQKBgQC8SSZn6a8PpSIIFXB9WCFMwfGFYbUz0wvpaeZP8GKx3BEzMeJqSUaJ
hrQgpwQXkueeamlCQcvV3AUCoBRWTYRLDrWiUIXuIgikDWBFp6TBvTnVRI7iktly
fNED7jXOSjJqnFmdkZlAI5V8dM++mVYVykJD6jcaVRQvxqFLrhSaRg==
-----END RSA PRIVATE KEY-----
cert: |
-----BEGIN CERTIFICATE-----
MIIDBTCCAe2gAwIBAgIJALKJfbk5vuieMA0GCSqGSIb3DQEBBQUAMBkxFzAVBgNV
BAMMDnRlc3Qtc3NsLmxvY2FsMB4XDTE2MDExMTE2NDI0NFoXDTI2MDEwODE2NDI0
NFowGTEXMBUGA1UEAwwOdGVzdC1zc2wubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC9q+slYWncCXZXBGArH7hjaZtFG+jG/J3anI3TEwn+0Imx
xobyzrS/pZn0VwI54yRIjYNeyTjPultB1CfSHYYOv/kw4mQ8BVZJYQ3jq2lotne/
TOnzxkhucSTUbQ+x0W5b+mcuxqQ+UAyuXVUCsWxXpixq0u3fRQhhhxE73tK2Sg56
ELEDnD5eq18dl5BnT8NLzXrfeDBhRwy5JNQVnrSvuB7X+bvsNNIqDetNWTmx5s/x
yNL5pYe/E/8bK+8OxP7eCNEnHb/k7cmR8fTNo6xpTYC+PQ9HRzmuHKes07+XWT4Y
kkFxsGsz7IDw5/OnihdSsJ9oirdG4vc936SFwqyLAgMBAAGjUDBOMB0GA1UdDgQW
BBRaSF1L+ivPhmIVGQjtviBqZWDS9DAfBgNVHSMEGDAWgBRaSF1L+ivPhmIVGQjt
viBqZWDS9DAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCjrgB9+Zuq
Rx7T2mRUl4jf75dLabuBQD0ePALTtvNyBSghhzSr90mE7GlFOYAv0JsmEa3R1LVF
wLPIdrIhNHpt7hN0PkhUlfgmxBnRSCfhpiq4xxsDVFM7ehtDz4+dv1LUDMXo07+E
f24g9aqmypiFzHisUQrYIhtQmHxRpKyGp6kDAW9qNxg6k/Um00aHdYfuD9ER4ksR
f8Hto7f+vssKxCRY2OZXqq13PxEwC5+hgAUkTdrycA/moXFuHJi3lCnCND7sSzvG
tXBggOusyFZFC4bs2m+V+Z+RN+tK2c/c0nq5HR8MV5HwIm4Z8GoT2/0BfJ00cgWL
lVz0gDBfdH8f
-----END CERTIFICATE-----
nginx_custom_http:
- 'add_header X-ansible 1;'
- 'geoip_country {% if ansible_distribution == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
- 'map $geoip_country_code $allowed_country {'
- ' default yes;'
- ' MA no;'
- ' DZ no;'
- ' TN no;'
- '}'
nginx_default_site: 'test.local'
nginx_default_site_ssl: 'test-ssl-predeployed.local'
nginx_sites:
- name:
- 'test.local'
- 'test-alias.local'
- 'test2-alias.local'
template: '_base'
filename: 'first-test'
override_try_files: '$uri/ $uri =404'
headers:
'X-Frame-Options': 'deny always'
'X-ansible-default': '1'
manage_local_content: false
use_error_log: true
more:
- 'autoindex off;'
location:
'/test':
- 'return 403;'
'/gunther':
- 'return 404;'
'/status':
- 'stub_status on;'
- 'access_log off;'
- 'allow 127.0.0.1;'
- 'deny all;'
- name: 'test-htpasswd.local'
template: '_base'
location_before:
'/hello':
- htpasswd: 'hello'
location:
'/public':
- htpasswd: false
use_error_log: true
- name: 'test-htpasswd-all.local'
template: '_base'
htpasswd: 'hello'
- name: 'test-location.local'
template: '_base'
location_before:
'/b':
- 'alias /var/tmp;'
'/c':
- 'alias /var/tmp;'
location:
'/':
- 'alias /var/tmp;'
'/a':
- 'alias /var/tmp;'
location_order_before:
- '/b'
- '/c'
location_order:
- '/'
- '/a'
- name: 'test-php.local'
php_upstream: "manual"
upstream_params:
- 'fastcgi_param FOO bar;'
redirect_from:
- 'www.test-php.local'
template: '_php'
use_error_log: true
use_access_log: true
- name: 'test-php-index.local'
template: '_php_index'
php_upstream: 'hx_unix'
- name: 'test-php-index2.local'
template: '_php_index2'
php_upstream: 'hx_ip'
- name: 'test-proxy.local'
listen:
- 8080
template: '_proxy'
upstream_name: 'test'
headers:
'X-proxyfied': '1'
- name: 'deleted.local'
state: 'absent'
- name: 'redirect-to.local'
redirect_to: 'http://test.local'
- name: 'test-ssl.local'
proto: ['http', 'https']
template: '_base'
- name:
- 'test-ssl-selfsigned.local'
- 'www.test-ssl-selfsigned.local'
proto: ['http', 'https']
template: '_base'
hsts: 'max-age=1664;'
- name: 'test-ssl-predeployed.local'
proto: ['http', 'https']
template: '_base'
ssl_name: 'test-ssl-predeployed.local'
headers:
'X-ansible-default': '1'
ssl_template: false
- name: 'test-ssl-redirect.local'
proto: ['https']
template: '_base'
ssl_name: 'test-ssl.local'
redirect_https: true
- name:
- 'test-ssl-redirect-many.local'
- 'test-ssl-redirect-many2.local'
listen_ssl: [8443]
proto: ['https']
template: '_base'
ssl_name: 'test-ssl.local'
redirect_https: true
redirect_from:
- 'www.test-ssl-redirect-many.local'
- 'www.test-ssl-redirect-many2.local'
- name: 'test-ssl-proxy-protocol.local'
proto: ['http', 'https']
listen_proxy_protocol: [20080]
listen_proxy_protocol_ssl: [20443]
template: '_base'
ssl_name: 'test-ssl.local'
headers:
'X-Proxy-Protocol': '1'
- name: '{{ ngrok.stdout }}'
proto: ['http', 'https']
listen_proxy_protocol: [21080]
listen_proxy_protocol_ssl: [21443]
template: '_base'
ssl_name: '{{ ngrok.stdout }}'
headers:
'X-acme': '1'
- name: 'test-custom-template.local'
custom_template: 'templates/custom_template.conf.j2'
root: '/tmp/custom-template'
nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636'}]}] }}"
nginx_dh_length: 1024

19
molecule/_shared/verify.yml 100644
View File

@ -0,0 +1,19 @@
---
- name: Verify
hosts: all
gather_facts: true
vars_files:
- vars/misc.yml
vars:
nginx_root: "/srv/www"
tasks:
- name: SHELL | Get ngrok public address
ansible.builtin.shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3
args:
executable: /bin/bash
register: ngrok
changed_when: false
- name: INCLUDE_TASKS | Post_tasks common
ansible.builtin.include_tasks: "../../tests/includes/post_common.yml"

13
molecule/debian-10/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: debian-10
image: dokken/debian-10
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/debian-11/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: debian-11
image: dokken/debian-11
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/debian-12/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: debian-12
image: dokken/debian-12
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

0
molecule/default/.gitkeep 100644
View File

13
molecule/ubuntu-18.04/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-18.04
image: dokken/ubuntu-18.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/ubuntu-20.04/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-20.04
image: dokken/ubuntu-20.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

13
molecule/ubuntu-22.04/molecule.yml 100644
View File

@ -0,0 +1,13 @@
---
platforms:
- name: ubuntu-22.04
image: dokken/ubuntu-22.04
command: /lib/systemd/systemd
dockerfile: ../_shared/Dockerfile.j2
capabilities:
- SYS_ADMIN
cgroupns_mode: host
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:rw
privileged: true

14
tasks/site.yml
View File

@ -49,7 +49,7 @@
mode: 0644
owner: root
group: root
notify: ['Reload nginx', 'Restart nginx freebsd']
notify: 'Reload nginx'
when: (item.state is not defined or item.state != 'absent') and item.custom_template is not defined
loop: "{{ nginx_sites }}"
loop_control:
@ -62,7 +62,7 @@
mode: 0644
owner: root
group: root
notify: ['Reload nginx', 'Restart nginx freebsd']
notify: 'Reload nginx'
when: (item.state is not defined or item.state != 'absent') and item.custom_template is defined
loop: "{{ nginx_sites }}"
loop_control:
@ -73,7 +73,7 @@
path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}"
state: absent
loop: "{{ nginx_sites | product(dirs) | list }}"
notify: ['Reload nginx', 'Restart nginx freebsd']
notify: 'Reload nginx'
when: item.0.state is defined and item.0.state == 'absent'
vars:
dirs: ['sites-available', 'sites-enabled']
@ -86,7 +86,7 @@
dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}"
state: link
loop: "{{ nginx_sites }}"
notify: ['Reload nginx', 'Restart nginx freebsd']
notify: 'Reload nginx'
when: >
item.state is not defined or item.state == 'present'
loop_control:
@ -97,7 +97,7 @@
path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}"
state: absent
loop: "{{ nginx_sites }}"
notify: ['Reload nginx', 'Restart nginx freebsd']
notify: 'Reload nginx'
when: item.state is defined and item.state == 'disabled'
loop_control:
label: "{{ item | nginx_site_name }}"
@ -106,7 +106,7 @@
ansible.builtin.file:
path: "{{ nginx_etc_dir }}/sites-enabled/default"
state: absent
notify: ['Reload nginx', 'Restart nginx freebsd']
notify: 'Reload nginx'
when: nginx_default_site is not none
- name: FILE | Auto set default site
@ -114,7 +114,7 @@
src: "{{ nginx_etc_dir }}/sites-available/default"
dest: "{{ nginx_etc_dir }}/sites-enabled/default"
state: link
notify: ['Reload nginx', 'Restart nginx freebsd']
notify: 'Reload nginx'
when: nginx_default_site is none
- name: TEMPLATE | Deploy facts

1
tests/includes/post_common.yml
View File

@ -260,4 +260,3 @@
args:
executable: /bin/bash
changed_when: false
when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules

6
tests/includes/pre_Debian.yml
View File

@ -4,7 +4,7 @@
ansible.builtin.apt_repository:
repo: 'deb http://httpredir.debian.org/debian {{ ansible_distribution_release }}-backports main'
state: present
when: nginx_backports
when: nginx_backports is defined and nginx_backports
- name: APT | Install needed packages
ansible.builtin.apt:
@ -65,9 +65,9 @@
name: foo
system: true
- name: INCLUDE_ROLE | hanxhx.php
- name: INCLUDE_ROLE | hanxhx.php # TODO: repair vagrant
ansible.builtin.include_role:
name: "{{ playbook_dir }}/hanxhx.php"
name: "hanxhx.php"
vars:
php_version: "{{ cur_php_version.stdout }}"
php_autoremove_default_pool: false

34
tests/includes/pre_common.yml
View File

@ -1,12 +1,12 @@
---
- name: SHELL | Start ngrok
ansible.builtin.shell: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 --scheme http
- name: COMMAND | Start ngrok
ansible.builtin.command: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 --scheme http
failed_when: false
changed_when: ngrok.stderr.find("Can't lock the lock file") == -1
register: ngrok
- name: WAIT_FOR | ngrok started
- name: WAIT_FOR | ngrok started # noqa: no-handler
ansible.builtin.wait_for:
delay: 2
port: 4040
@ -22,11 +22,16 @@
- name: LINEINFILE | Tune vimrc
ansible.builtin.lineinfile:
line: "set mouse="
dest: "{{ item }}/.vimrc"
dest: "{{ item.path }}/.vimrc"
create: true
owner: "{{ item.owner }}"
group: "{{ item.owner }}"
mode: 0644
loop:
- /root
- /home/vagrant
- path: /root
owner: root
- path: /home/vagrant
owner: vagrant
- name: FILE | Create an internal SSL dir
ansible.builtin.file:
@ -36,21 +41,16 @@
owner: root
group: root
- name: COPY | Deploy test certificate
- name: COPY | Deploy test cert/key
ansible.builtin.copy:
src: "file/test.crt"
dest: "{{ int_ansible_ssl_dir }}/test.crt"
mode: 0640
owner: root
group: root
- name: COPY | Deploy test key
ansible.builtin.copy:
src: "file/test.key"
dest: "{{ int_ansible_ssl_dir }}/test.key"
src: "file/{{ item }}"
dest: "{{ int_ansible_ssl_dir }}/{{ item }}"
mode: 0640
owner: root
group: root
loop:
- 'test.key'
- 'test.crt'
- name: COPY | Add all hosts in /etc/hosts
ansible.builtin.copy: