README improvement pour vhost.filename

Vhost state

README.md

@@ -40,6 +40,7 @@ FreeBSD:
 - `nginx_resolver`: list of DNS resolver (default: OpenDNS)
 - `nginx_error_log_level`: default log level
 - `nginx_auto_config_httpv2`: boolean, auto configure HTTP2 where possible
+- `nginx_fastcgi_fix_realpath`: boolean, use realpath for fastcgi (fix problems with symlinks and PHP opcache)
 
 ### Nginx Configuration
 

defaults/main.yml

@@ -18,6 +18,7 @@ nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#er
 nginx_auto_config_httpv2: true
 nginx_default_vhost: null
 nginx_default_vhost_ssl: null
+nginx_fastcgi_fix_realpath: true
 
 #
 # Nginx directories

doc/vhost.md

@@ -10,9 +10,8 @@ Common
 
 - `name`: (M) Domain or list of domain used.
 - `template`: (D) template used to create vhost. Optional if you set `delete` to true or using `redirect_tor`.
-- `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword).
-- `enable`: (O) Enable the vhost (default is true)
-- `delete`: (O) Delete the vhost (default is false)
+- `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation.
+- `state`: (O) Vhost status. Can be "present" (default), "absent" and "disabled".
 - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
 - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
 - `headers`: (O) Set additionals header as key/value list. You can append "always" to the value. Show [nginx doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html).

tasks/config.yml

@@ -19,3 +19,16 @@
     dest="{{ nginx_etc_dir }}/conf.d/custom.conf"
   notify: reload nginx
 
+- name: LINEINFILE | Fix path
+  lineinfile: >
+    regexp='{{ item.0.regexp }}'
+    line='{{ item.0.line }}'
+    dest='{{ item.1 }}'
+  with_nested:
+    -
+      - regexp: '^fastcgi_param  SCRIPT_FILENAME'
+        line: 'fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;'
+      - regexp: '^fastcgi_param  DOCUMENT_ROOT'
+        line: 'fastcgi_param  DOCUMENT_ROOT      $realpath_root;'
+    - [ '/etc/nginx/fastcgi_params', '/etc/nginx/fastcgi.conf' ]
+  when: nginx_fastcgi_fix_realpath

tasks/upstream.yml

@@ -1,5 +1,10 @@
 ---
 
+- name: SET_FACT | Backward compatibility with old version of this role
+  set_fact: >
+    nginx_php56: true
+  when: nginx_php is defined and nginx_php
+
 - name: TEMPLATE | Deploy PHP upstream to Nginx
   template: >
     src=etc/nginx/upstream/php.conf.j2

tasks/vhost.yml

@@ -27,7 +27,7 @@
 
 - name: FILE | Create root public folders (foreach nginx_vhosts)
   file: >
-    path={{ nginx_root }}/{{ item.name if item.name is string else item.name[0] }}/public
+    path={{ nginx_root }}/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}/public
     state=directory
     owner={{ item.owner | default(nginx_user) }}
     group={{ item.group | default(nginx_user) }}
@@ -36,7 +36,7 @@
   when: >
     item.root is not defined and
     (item.template is defined and item.template not in nginx_templates_no_dir) and
-    (item.delete is not defined or not item.delete) and
+    (item.state is not defined or not item.state != 'absent') and
     item.redirect_to is not defined
 
 - name: TEMPLATE | Create vhosts
@@ -45,13 +45,13 @@
     dest={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
   with_items: "{{ nginx_vhosts }}"
   notify: ['reload nginx', 'restart nginx freebsd']
-  when: item.delete is not defined or not item.delete
+  when: item.state is not defined or item.state != 'absent'
 
 - name: FILE | Delete vhosts
   file: path={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }} state=absent
   with_items: "{{ nginx_vhosts }}"
   notify: ['reload nginx', 'restart nginx freebsd']
-  when: item.delete is defined and item.delete
+  when: item.state is defined and item.state == 'absent'
 
 - name: FILE | Enable vhosts
   file: >
@@ -61,15 +61,13 @@
   with_items: "{{ nginx_vhosts }}"
   notify: ['reload nginx', 'restart nginx freebsd']
   when: >
-    ((item.enable is not defined) or
-    (item.enable is defined and item.enable)) and
-    (item.delete is not defined or not item.delete)
+    item.state is not defined or item.state == 'present'
 
 - name: FILE | Disable vhosts
   file: path={{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }} state=absent
   with_items: "{{ nginx_vhosts }}"
   notify: ['reload nginx', 'restart nginx freebsd']
-  when: (item.enable is defined and not item.enable) or (item.delete is defined and item.delete)
+  when: item.state is defined and item.state == 'disabled' 
 
 - name: FILE | Delete default vhost when explicitely defined
   file: >

templates/etc/nginx/sites-available/_base.j2

@@ -1,5 +1,5 @@
 {% set __proto = item.proto | default(['http']) %}
-{% set __main_name =  item.name if item.name is string else item.name[0] %}
+{% set __main_name =  item.filename | default(item.name if item.name is string else item.name[0]) %}
 {% set __listen = item.listen | default(['80']) %}
 {% set __listen_ssl = item.listen_ssl | default(['443']) %}
 {% set __location = item.location | default({}) %}
@@ -38,7 +38,7 @@ server {
 	include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
 {% endif %}
 {% endif %}
-	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(' ') }}{% endif %};
+	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ "\n\t\t"  }}{{ item.name | join("\n\t\t") }}{% endif %};
 {% block root %}
 {% if item.root is defined %}
 	root {{ item.root }};

templates/etc/nginx/sites-available/_php.j2

@@ -1,9 +1,9 @@
 {% extends "_base.j2" %}
 
 {% macro phpv(version) %}
-{% if version == 56 %}
+{% if version == 56 or version == "5.6" %}
 {{ nginx_upstream_php56 -}}
-{% elif version == 70 %}
+{% elif version == 70 or version == "7.0" %}
 {{ nginx_upstream_php70 -}}
 {% else %}
 {# Hack... define another upstream #}

templates/etc/nginx/sites-available/_wordpress.j2

@@ -3,3 +3,9 @@
 {% block template_try_files %}
 	try_files $uri $uri/ /index.php?$args;
 {% endblock %}
+
+{% block template_custom_location %}
+	location ~* /(?:uploads|files)/.*\.php$ {
+		deny all;
+	}
+{% endblock %}

tests/test.yml

@@ -106,7 +106,7 @@
           -----END CERTIFICATE-----
     nginx_custom_http:
       - 'add_header X-ansible 1;'
-    nginx_default_vhost: 'test.local'
+    nginx_default_vhost: 'first-test'
     nginx_default_vhost_ssl: 'test-ssl-predeployed.local'
     nginx_vhosts:
       - name:
@@ -120,7 +120,7 @@
           'X-Frame-Options': 'deny always'
           'X-ansible-default': '1'
         manage_local_content: false
-        use_error_log: false
+        use_error_log: true
         more:
           - 'autoindex off;'
         location:
@@ -165,7 +165,7 @@
         headers:
           'X-proxyfied': '1'
       - name: 'deleted.local'
-        delete: true
+        state: 'absent' 
       - name: 'redirect-to.local'
         redirect_to: 'http://test.local'
       - name: 'backuppc.local'
@@ -209,7 +209,7 @@
       with_items: ['test-php.local', 'test-php-index.local']
     - name: -- Add HTML file --
       copy: dest="{{ item }}/index.html" content="Index HTML test OK\n"
-      with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp', '{{ nginx_root }}/test-htpasswd-all.local/public', '{{ nginx_root }}/test-ssl.local/public', '{{ nginx_root }}/test-ssl-predeployed.local/public']
+      with_items: ['{{ nginx_root }}/first-test/public', '/var/tmp', '{{ nginx_root }}/test-htpasswd-all.local/public', '{{ nginx_root }}/test-ssl.local/public', '{{ nginx_root }}/test-ssl-predeployed.local/public']
     - name: -- Create directory --
       file: path={{ nginx_root }}/test-htpasswd.local/public/hello state=directory
     - name: -- Add HTML file hello --
@@ -220,7 +220,7 @@
     - name: -- VERIFY VHOSTS --
       command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
       with_items: "{{ nginx_vhosts }}"
-      when: item.delete is undefined or not item.delete
+      when: item.state is undefined or item.state != "absent"
       changed_when: false
     - name: -- VERIFY FORBIDDEN --
       command: "curl -H 'Host: test-php-index.local' http://127.0.0.1/phpinfo.php"
@@ -230,7 +230,7 @@
     - name: -- VERIFY REDIRECT VHOSTS --
       command: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
       with_items: "{{ nginx_vhosts }}"
-      when: item.redirect_from is defined and (item.delete is undefined or not item.delete)
+      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent")
       changed_when: false
       register: r
       failed_when: r.stdout.find('301 Moved Permanently') == -1