Add redirect_to_code in vhost

Add feature: override_try_files on vhost

README.md

@@ -1,11 +1,11 @@
 Nginx for Debian Ansible role
 =============================
 
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/list#/roles/4399) [![Build Status](https://travis-ci.org/HanXHX/ansible-nginx.svg)](https://travis-ci.org/HanXHX/ansible-nginx)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/list#/roles/4399) [![Build Status](https://travis-ci.org/HanXHX/ansible-nginx.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-nginx) 
 
 Install and configure Nginx on Debian.
 
-This role is not production ready. SSL management wille come later.
+SSL management will come later.
 
 Requirements
 ------------
@@ -44,6 +44,7 @@ Socket:
   - `nginx_worker_processes`
   - `nginx_events`: key/value in events block
   - `nginx_http`: key/value in http block
+  - `nginx_pid`: daemon pid file 
 
 ### Vhost management
 
@@ -53,25 +54,33 @@ You can see many examples in: [tests/test.yml](tests/test.yml).
 
 #### Common
 
-  - `name`: (M) List of domain used. The first occurence is the most important!
+  - `name`: (M) Domain or list of domain used.
-  - `template`: (M) template used to create vhost
+  - `template`: (D) template used to create vhost. Optional if you set `delete` to true or using `redirect_tor`.
   - `enable`: (O) Enable the vhost (default is true)
   - `delete`: (O) Delete the vhost (default is false)
   - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
+  - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
+  - `redirect_to_code`: Redirect code (default: 302)
   - `location`: (O) Add new custom locations (it does not overwrite!)
   - `more`: (O) Add more custom infos.
   - `upstream_params`: (O) Add upstream params (useful when you want to pass variables to PHP)
+  - `override_try_files`: (O) overrides default try\_files defined in template
+  - `manage_local_content`: (O) Boolean. Set to false if you don't want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature.
 
-(O) : Optional
+(O): Optional
-(M) : Mandatory
+(M): Mandatory
+(D): Depends other keys...
 
 #### Templates
 
-  - `base`: static template
+  - `_base`: static template
-  - `php`: PHP base template. Can work with many frameworks/tools.
+  - `_dokuwiki`
-  - `wordpress`
+  - `_redirect`: should not be called explicitly
-  - `dokuwiki`
+  - `_phalcon`: Phalcon PHP Framework
-  - `proxy`
+  - `_php`: PHP base template. Can work with many frameworks/tools
+  - `_php_index`: Same as above. But you can only run index.php
+  - `_proxy`
+  - `_wordpress`
 
 Templates works as parent-child.
 
@@ -87,7 +96,6 @@ You have many key added to vhost key:
 (O) : Optional
 (M) : Mandatory
 
-
 ### Upstream management
 
   - `nginx_upstreams`: List of dict. An upstream has few keys. See bellow.
@@ -107,8 +115,8 @@ You must set a `path`. For example: *192.168.0.50:8080* or *unix:/tmp/my.sock*.
 All this params are optional. You should see [Nginx upstream doc](http://nginx.org/en/docs/http/ngx_http_upstream_module.html).
 
   - `weight`
-  - `max`fails`
+  - `max_fails`
-  - `fail`timeout`
+  - `fail_timeout`
   - `backup`
   - `down`
   - `route`
@@ -122,9 +130,7 @@ None
 Example Playbook
 ----------------
 
-    - hosts: servers
+See [tests/test.yml](tests/test.yml).
-      roles:
-         - { role: HanXHX.nginx }
 
 License
 -------
@@ -134,6 +140,5 @@ GPLv2
 Author Information
 ------------------
 
-  - You can find many other roles in my GitHub "lab": https://github.com/HanXHX/my-ansible-playbooks
+- Twitter: [@hanxhx_](https://twitter.com/hanxhx_)
-  - All issues, pull-request are welcome :)
 

Vagrantfile

@@ -7,7 +7,8 @@ Vagrant.configure("2") do |config|
 
   vms = [
     [ "debian-wheezy", "deb/wheezy-amd64" , "192.168.33.27" ],
-    [ "debian-jessie", "deb/jessie-amd64", "192.168.33.28" ]
+    [ "debian-jessie", "deb/jessie-amd64", "192.168.33.28" ],
+    [ "debian-stretch", "sharlak/debian_stretch_64", "192.168.33.29" ]
   ]
 
   config.vm.provider "virtualbox" do |v|

defaults/main.yml

@@ -8,8 +8,9 @@ nginx_apt_package: nginx-full
 nginx_root: "/srv/www"
 nginx_log_dir: '/var/log/nginx'
 nginx_ssl_dir: '/etc/nginx/ssl'
+nginx_pid: '/run/nginx.pid'
 nginx_resolver:
-  hosts: ['208.67.222.222', '208.67.220.220'] # OpenDNS
+  hosts: ['8.8.8.8', '8.8.4.4']
   valid: '300'
   timeout: '5'
 nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
@@ -24,6 +25,7 @@ nginx_dh_length: 2048
 nginx_php: false
 nginx_php_sockets:
   - unix_socket: "/var/run/php5-fpm.sock"
+nginx_upstreams: []
 
 #
 # Nginx configuration
@@ -69,5 +71,7 @@ nginx_http:
   gzip_disable: '"msie6"'
 #  etag: 'off'
 
+#
+# Vhosts
+#
 nginx_vhosts: []
-nginx_upstreams: []

handlers/main.yml

@@ -1,6 +1,4 @@
 ---
-- name: restart nginx
-  action: service name=nginx state=restarted enabled=yes
 
 - name: reload nginx
   action: service name=nginx state=reloaded enabled=yes

meta/main.yml

@@ -4,7 +4,7 @@ galaxy_info:
   description: Nginx for Debian 
   company:
   license: GPLv2 
-  min_ansible_version: 1.2
+  min_ansible_version: 1.6
   platforms:
   - name: Debian
     versions:

tasks/main.yml

@@ -9,8 +9,10 @@
   changed_when: false
 
 - name: TEMPLATE | Deploy nginx.conf
-  template: src=etc/nginx/nginx.conf.j2 dest=/etc/nginx/nginx.conf validate= "nginx -t"
+  template: >
-  notify: restart nginx
+    src=etc/nginx/nginx.conf.j2
+    dest=/etc/nginx/nginx.conf
+  notify: reload nginx
 
 - name: FILE | Create /etc/nginx/helpers
   file: dest=/etc/nginx/helpers owner=root mode=0755 state=directory
@@ -24,7 +26,9 @@
 #    creates: "{{ nginx_dh_path }}"
 
 - name: TEMPLATE | Deploy all helpers
-  template: src={{ item }} dest=/etc/nginx/helpers/{{ item | basename | regex_replace('\.j2$','') }}
+  template: >
+    src={{ item }}
+    dest=/etc/nginx/helpers/{{ item | basename | regex_replace('\.j2$','') }}
   with_fileglob: '../templates/etc/nginx/helpers/*.j2'
   notify: reload nginx
 
@@ -35,6 +39,3 @@
 - name: INCLUDE | Vhosts configuration
   include: vhost.yml
 
-# TODO:
-# - Python
-# - Ruby (SHIT!)

tasks/upstream.yml

@@ -2,6 +2,7 @@
 
 - name: TEMPLATE | Deploy PHP upstream to Nginx
   template: src=etc/nginx/upstream/php.conf.j2 dest=/etc/nginx/conf.d/php.conf
+  when: nginx_php
   notify: reload nginx
 
 - name: TEMPLATE | Deploy other upstreams

tasks/vhost.yml

@@ -1,19 +1,42 @@
 ---
 
+- name: FILE | Create root directory
+  file: >
+    path={{ nginx_root }}
+    state=directory
+
 - name: FILE | Create root folders (foreach nginx_vhosts)
   file: >
-    path={{ nginx_root }}/{{ item.name[0] }}/public
+    path={{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}
     state=directory
     owner={{ item.owner | default('www-data') }}
     group={{ item.group | default('www-data') }}
     mode={{ item.mode | default('0755') }}
   with_items: nginx_vhosts
-  when: item.root is not defined and item.template != '_proxy'
+  when: >
+    item.root is not defined and
+    (item.template is defined and item.template != '_proxy') and
+    (item.delete is not defined or not item.delete) and
+    item.redirect_to is not defined
+
+- name: FILE | Create root public folders (foreach nginx_vhosts)
+  file: >
+    path={{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}/public
+    state=directory
+    owner={{ item.owner | default('www-data') }}
+    group={{ item.group | default('www-data') }}
+    mode={{ item.mode | default('0755') }}
+  with_items: nginx_vhosts
+  when: >
+    item.root is not defined and
+    (item.template is defined and item.template != '_proxy') and
+    (item.delete is not defined or not item.delete) and
+    item.redirect_to is not defined
 
 - name: TEMPLATE | Create vhosts
   template: >
-    src=etc/nginx/sites-available/{{ item.template }}.j2
+    src=etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2
-    dest=/etc/nginx/sites-available/{{ item.name[0] }}
+    dest=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }}
   with_items: nginx_vhosts
   notify: reload nginx
   when: item.delete is not defined or not item.delete
@@ -23,16 +46,15 @@
 #  with_fileglob: "web/*"
 
 - name: FILE | Delete vhosts
-  file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
+  file: path=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }} state=absent
-  file: dest=/etc/nginx/sites-available/{{ item.name[0] }} state=absent
   with_items: nginx_vhosts
   notify: reload nginx
   when: item.delete is defined and item.delete
 
 - name: FILE | Enable vhosts
   file: >
-    src=/etc/nginx/sites-available/{{ item.name[0] }}
+    src=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }}
-    dest=/etc/nginx/sites-enabled/{{ item.name[0] }}
+    dest=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }}
     state=link
   with_items: nginx_vhosts
   notify: reload nginx
@@ -42,10 +64,10 @@
     (item.delete is not defined or not item.delete)
 
 - name: FILE | Disable vhosts
-  file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
+  file: path=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }} state=absent
   with_items: nginx_vhosts
   notify: reload nginx
-  when: item.enable is defined and not item.enable
+  when: (item.enable is defined and not item.enable) or (item.delete is defined and item.delete)
 
 #- name: FILE | Create ssl dir per vhost (if needed)
 #  file: dest=/etc/nginx/ssl/{{ item.name }} owner=root mode=0750 state=directory

templates/etc/nginx/nginx.conf.j2

@@ -4,7 +4,7 @@
 
 user {{ nginx_user }};
 worker_processes {{ nginx_worker_processes }};
-pid /run/nginx.pid;
+pid {{ nginx_pid }};
 
 events {
 {% for key, value in nginx_events.iteritems() %}

templates/etc/nginx/sites-available/_base.j2

@@ -12,12 +12,14 @@ server {
 {% for port in __listen %}
 	listen {{ port }};
 {% endfor %}
-	server_name {{ item.name | join(' ') }};
+	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(' ') }}{% endif %};
+{% block root %}
 {% if item.root is defined %}
 	root {{ item.root }};
 {% else %}
-	root {{ nginx_root }}/{{ item.name[0] }}/public;
+	root {{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}/public;
 {% endif %}
+{% endblock %}
 {% block template_index %}
 	index {{ item.index | default('index.html index.htm') }};
 {% endblock %}
@@ -28,22 +30,25 @@ server {
 {% endfor %}
 {% endif %}
 
+{% if not __location.has_key('/') %}
 	location / {
 {% block template_try_files %}
-		try_files $uri $uri/ =404;
+		try_files {{ override_try_files | default('$uri $uri/ =404') }};
 {% endblock %}
 	}
+{% endif %}
 
 {% block template_upstream_location %}
 {% endblock %}
 {% block template_custom_location %}
 {% endblock %}
 
+{% block template_local_content %}
+{% if item.manage_local_content is not defined or item.manage_local_content %}
 	location ~ /\.ht {
 		deny all;
 	}
 
-{% block template_local_content %}
 	location = /favicon.ico {
 		expires 30d;
 		access_log off;
@@ -54,6 +59,7 @@ server {
 		expires 30d;
 		log_not_found off;
 	}
+{% endif %}
 {% endblock %}
 
 {% if __location is iterable and __location | length > 0 %}

templates/etc/nginx/sites-available/_php.j2

@@ -4,7 +4,7 @@
 {% endblock %}
 
 {% block template_try_files %}
-		try_files $uri $uri/ /index.php;
+		try_files {{ override_try_files | default('$uri $uri/ /index.php') }};
 {% endblock %}
 
 {% block template_upstream_location %}

templates/etc/nginx/sites-available/_php_index.j2

@@ -0,0 +1,24 @@
+{% extends "_php.j2" %}
+
+{% block template_upstream_location %}
+	location = /index.php {
+		fastcgi_pass php;
+		fastcgi_index index.php;
+{% if item.upstream_params is defined and item.upstream_params is iterable %}
+{% for param in item.upstream_params %}
+		{{ param }}
+{% endfor %}
+{% endif %}
+{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
+		include fastcgi_params;
+{% else %}
+		include fastcgi.conf;
+{% endif %}
+	}
+{% endblock %}
+
+{% block template_custom_location %}
+	location ~ \.(php\d?|phtml)$ {
+		return 403;
+	}
+{% endblock %}

templates/etc/nginx/sites-available/_redirect.j2

@@ -0,0 +1,14 @@
+{% extends "_base.j2" %}
+
+{% block root %}
+{% endblock %}
+
+{% block template_index %}
+{% endblock %}
+
+{% block template_try_files %}
+		return {{ item.redirect_to_code | default('302') }} {{ item.redirect_to }}$request_uri;
+{% endblock %}
+
+{% block template_local_content %}
+{% endblock %}

tests/debian-jessie.Dockerfile

@@ -2,5 +2,3 @@ FROM williamyeh/ansible:debian8-onbuild
 
 RUN apt-get update
 CMD ["sh", "tests/test.sh"]
-
-EXPOSE 6379

tests/debian-wheezy.Dockerfile

@@ -2,5 +2,3 @@ FROM williamyeh/ansible:debian7-onbuild
 
 RUN apt-get update
 CMD ["sh", "tests/test.sh"]
-
-EXPOSE 6379

tests/test.yml

@@ -21,6 +21,8 @@
           - 'test-alias.local'
           - 'test2-alias.local'
         template: '_base'
+        override_try_files: '$uri $uri index.htm index.html'
+        manage_local_content: false
         more:
           - 'autoindex off;'
         location:
@@ -28,37 +30,51 @@
             - 'return 403;'
           '/gunther':
             - 'return 404;'
-      - name:
+      - name: 'test-location.local'
-          - 'test-php.local'
+        template: '_base'
+        location:
+          '/':
+            - 'alias /var/tmp;'
+      - name: 'test-php.local'
         upstream_params:
           - 'fastcgi_param FOO bar;'
         redirect_from:
           - 'www.test-php.local'
         template: '_php'
-      - name:
+      - name: 'test-php-index.local'
-          - 'test-proxy.local'
+        template: '_php_index'
+      - name: 'test-proxy.local'
         listen:
           - 8080
         template: '_proxy'
         upstream_name: 'test'
-      - name:
+      - name: 'deleted.local'
-          - 'deleted.local'
-        template: '_base'
         delete: true
+      - name: 'redirect-to.local'
+        redirect_to: 'http://test.local'
   roles:
     - ../../
   post_tasks:
     - name: -- Add PHP file --
-      copy: dest="{{ nginx_root }}/test-php.local/public/index.php" content="<?php phpinfo();"
+      copy: dest="{{ nginx_root }}/{{ item }}/public/index.php" content="<?php phpinfo();"
+      with_items: ['test-php.local', 'test-php-index.local']
     - name: -- Add HTML file --
-      copy: dest="{{ nginx_root }}/test.local/public/index.html" content="Index HTML test OK\n"
+      copy: dest="{{ item }}/index.html" content="Index HTML test OK\n"
+      with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp']
     - name: -- VERIFY VHOSTS --
-      shell: "curl -H 'Host: {{ item.name[0] }}' http://127.0.0.1{% if item.listen is defined and item.listen is iterable %}:{{ item.listen[0] }}{% endif %}/"
+      command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
       with_items: nginx_vhosts
       when: item.delete is undefined or not item.delete
       changed_when: false
+    - name: -- VERIFY FORBIDDEN --
+      command: "curl -H 'Host: test-php-index.local' http://127.0.0.1/phpinfo.php"
+      register: f
+      failed_when: f.stdout.find('403 Forbidden') == -1
+      changed_when: false
     - name: -- VERIFY REDIRECT VHOSTS --
-      shell: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
+      command: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
       with_items: nginx_vhosts
       when: item.redirect_from is defined and (item.delete is undefined or not item.delete)
       changed_when: false
+      register: r
+      failed_when: r.stdout.find('301 Moved Permanently') == -1