Fix and improve tests/vhosts + php_index vhost

README.md

@@ -5,7 +5,7 @@ Nginx for Debian Ansible role
 
 Install and configure Nginx on Debian.
 
-This role is not production ready. SSL management wille come later.
+SSL management will come later.
 
 Requirements
 ------------
@@ -53,7 +53,7 @@ You can see many examples in: [tests/test.yml](tests/test.yml).
 
 #### Common
 
-  - `name`: (M) List of domain used. The first occurence is the most important!
+  - `name`: (M) Domain or list of domain used.
   - `template`: (M) template used to create vhost
   - `enable`: (O) Enable the vhost (default is true)
   - `delete`: (O) Delete the vhost (default is false)
@@ -70,10 +70,12 @@ You can see many examples in: [tests/test.yml](tests/test.yml).
 #### Templates
 
   - `base`: static template
-  - `php`: PHP base template. Can work with many frameworks/tools.
-  - `wordpress`
   - `dokuwiki`
+  - `phalcon`: Phalcon PHP Framework
+  - `php`: PHP base template. Can work with many frameworks/tools
+  - `php_index`: Same as above. But you can only run index.php
   - `proxy`
+  - `wordpress`
 
 Templates works as parent-child.
 

tasks/vhost.yml

@@ -2,7 +2,7 @@
 
 - name: FILE | Create root folders (foreach nginx_vhosts)
   file: >
-    path={{ nginx_root }}/{{ item.name[0] }}/public
+    path={{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}/public
     state=directory
     owner={{ item.owner | default('www-data') }}
     group={{ item.group | default('www-data') }}
@@ -13,7 +13,7 @@
 - name: TEMPLATE | Create vhosts
   template: >
     src=etc/nginx/sites-available/{{ item.template }}.j2
-    dest=/etc/nginx/sites-available/{{ item.name[0] }}
+    dest=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }}
   with_items: nginx_vhosts
   notify: reload nginx
   when: item.delete is not defined or not item.delete
@@ -23,16 +23,16 @@
 #  with_fileglob: "web/*"
 
 - name: FILE | Delete vhosts
-  file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
+  file: dest=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }} state=absent
-  file: dest=/etc/nginx/sites-available/{{ item.name[0] }} state=absent
+  file: dest=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }} state=absent
   with_items: nginx_vhosts
   notify: reload nginx
   when: item.delete is defined and item.delete
 
 - name: FILE | Enable vhosts
   file: >
-    src=/etc/nginx/sites-available/{{ item.name[0] }}
+    src=/etc/nginx/sites-available/{{ item.name if item.name is string else item.name[0] }}
-    dest=/etc/nginx/sites-enabled/{{ item.name[0] }}
+    dest=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }}
     state=link
   with_items: nginx_vhosts
   notify: reload nginx
@@ -42,7 +42,7 @@
     (item.delete is not defined or not item.delete)
 
 - name: FILE | Disable vhosts
-  file: dest=/etc/nginx/sites-enabled/{{ item.name[0] }} state=absent
+  file: dest=/etc/nginx/sites-enabled/{{ item.name if item.name is string else item.name[0] }} state=absent
   with_items: nginx_vhosts
   notify: reload nginx
   when: item.enable is defined and not item.enable

templates/etc/nginx/sites-available/_base.j2

@@ -12,11 +12,11 @@ server {
 {% for port in __listen %}
 	listen {{ port }};
 {% endfor %}
-	server_name {{ item.name | join(' ') }};
+	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(' ') }}{% endif %};
 {% if item.root is defined %}
 	root {{ item.root }};
 {% else %}
-	root {{ nginx_root }}/{{ item.name[0] }}/public;
+	root {{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}/public;
 {% endif %}
 {% block template_index %}
 	index {{ item.index | default('index.html index.htm') }};

templates/etc/nginx/sites-available/_php_index.j2

@@ -0,0 +1,24 @@
+{% extends "_php.j2" %}
+
+{% block template_upstream_location %}
+	location = /index.php {
+		fastcgi_pass php;
+		fastcgi_index index.php;
+{% if item.upstream_params is defined and item.upstream_params is iterable %}
+{% for param in item.upstream_params %}
+		{{ param }}
+{% endfor %}
+{% endif %}
+{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
+		include fastcgi_params;
+{% else %}
+		include fastcgi.conf;
+{% endif %}
+	}
+{% endblock %}
+
+{% block template_custom_location %}
+	location ~ \.(php\d?|phtml)$ {
+		return 403;
+	}
+{% endblock %}

tests/test.yml

@@ -30,37 +30,44 @@
             - 'return 403;'
           '/gunther':
             - 'return 404;'
-      - name:
+      - name: 'test-php.local'
-          - 'test-php.local'
         upstream_params:
           - 'fastcgi_param FOO bar;'
         redirect_from:
           - 'www.test-php.local'
         template: '_php'
-      - name:
+      - name: 'test-php-index.local'
-          - 'test-proxy.local'
+        template: '_php_index'
+      - name: 'test-proxy.local'
         listen:
           - 8080
         template: '_proxy'
         upstream_name: 'test'
-      - name:
+      - name: 'deleted.local'
-          - 'deleted.local'
         template: '_base'
         delete: true
   roles:
     - ../../
   post_tasks:
     - name: -- Add PHP file --
-      copy: dest="{{ nginx_root }}/test-php.local/public/index.php" content="<?php phpinfo();"
+      copy: dest="{{ nginx_root }}/{{ item }}/public/index.php" content="<?php phpinfo();"
+      with_items: ['test-php.local', 'test-php-index.local']
     - name: -- Add HTML file --
       copy: dest="{{ nginx_root }}/test.local/public/index.html" content="Index HTML test OK\n"
     - name: -- VERIFY VHOSTS --
-      shell: "curl -H 'Host: {{ item.name[0] }}' http://127.0.0.1{% if item.listen is defined and item.listen is iterable %}:{{ item.listen[0] }}{% endif %}/"
+      shell: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
       with_items: nginx_vhosts
       when: item.delete is undefined or not item.delete
       changed_when: false
+    - name: -- VERIFY FORBIDDEN --
+      command: "curl -H 'Host: test-php-index.local' http://127.0.0.1/phpinfo.php"
+      register: f
+      failed_when: f.stdout.find('403 Forbidden') == -1
+      changed_when: false
     - name: -- VERIFY REDIRECT VHOSTS --
       shell: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
       with_items: nginx_vhosts
       when: item.redirect_from is defined and (item.delete is undefined or not item.delete)
       changed_when: false
+      register: r
+      failed_when: r.stdout.find('301 Moved Permanently') == -1