Add new feature: nginx_fastcgi_fix_realpath

Vhost state

README.md

@@ -40,6 +40,7 @@ FreeBSD:
 - `nginx_resolver`: list of DNS resolver (default: OpenDNS)
 - `nginx_error_log_level`: default log level
 - `nginx_auto_config_httpv2`: boolean, auto configure HTTP2 where possible
+- `nginx_fastcgi_fix_realpath`: boolean, use realpath for fastcgi (fix problems with symlinks and PHP opcache)
 
 ### Nginx Configuration
 

defaults/main.yml

@@ -18,6 +18,7 @@ nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#er
 nginx_auto_config_httpv2: true
 nginx_default_vhost: null
 nginx_default_vhost_ssl: null
+nginx_fastcgi_fix_realpath: true
 
 #
 # Nginx directories

doc/vhost.md

@@ -11,8 +11,7 @@ Common
 - `name`: (M) Domain or list of domain used.
 - `template`: (D) template used to create vhost. Optional if you set `delete` to true or using `redirect_tor`.
 - `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword).
-- `enable`: (O) Enable the vhost (default is true)
+- `state`: (O) Vhost status. Can be "present" (default), "absent" and "disabled".
-- `delete`: (O) Delete the vhost (default is false)
 - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
 - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
 - `headers`: (O) Set additionals header as key/value list. You can append "always" to the value. Show [nginx doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html).

tasks/config.yml

@@ -19,3 +19,16 @@
     dest="{{ nginx_etc_dir }}/conf.d/custom.conf"
   notify: reload nginx
 
+- name: LINEINFILE | Fix path
+  lineinfile: >
+    regexp='{{ item.0.regexp }}'
+    line='{{ item.0.line }}'
+    dest='{{ item.1 }}'
+  with_nested:
+    -
+      - regexp: '^fastcgi_param  SCRIPT_FILENAME'
+        line: 'fastcgi_param  SCRIPT_FILENAME    $realpath_root$fastcgi_script_name;'
+      - regexp: '^fastcgi_param  DOCUMENT_ROOT'
+        line: 'fastcgi_param  DOCUMENT_ROOT      $realpath_root;'
+    - [ '/etc/nginx/fastcgi_params', '/etc/nginx/fastcgi.conf' ]
+  when: nginx_fastcgi_fix_realpath

tasks/upstream.yml

@@ -1,5 +1,10 @@
 ---
 
+- name: SET_FACT | Backward compatibility with old version of this role
+  set_fact: >
+    nginx_php56: true
+  when: nginx_php is defined and nginx_php
+
 - name: TEMPLATE | Deploy PHP upstream to Nginx
   template: >
     src=etc/nginx/upstream/php.conf.j2

tasks/vhost.yml

@@ -36,7 +36,7 @@
   when: >
     item.root is not defined and
     (item.template is defined and item.template not in nginx_templates_no_dir) and
-    (item.delete is not defined or not item.delete) and
+    (item.state is not defined or not item.state != 'absent') and
     item.redirect_to is not defined
 
 - name: TEMPLATE | Create vhosts
@@ -45,13 +45,13 @@
     dest={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }}
   with_items: "{{ nginx_vhosts }}"
   notify: ['reload nginx', 'restart nginx freebsd']
-  when: item.delete is not defined or not item.delete
+  when: item.state is not defined or item.state != 'absent'
 
 - name: FILE | Delete vhosts
   file: path={{ nginx_etc_dir }}/sites-available/{{ item.filename | default(item.name if item.name is string else item.name[0]) }} state=absent
   with_items: "{{ nginx_vhosts }}"
   notify: ['reload nginx', 'restart nginx freebsd']
-  when: item.delete is defined and item.delete
+  when: item.state is defined and item.state == 'absent'
 
 - name: FILE | Enable vhosts
   file: >
@@ -61,15 +61,13 @@
   with_items: "{{ nginx_vhosts }}"
   notify: ['reload nginx', 'restart nginx freebsd']
   when: >
-    ((item.enable is not defined) or
+    item.state is not defined or item.state == 'present'
-    (item.enable is defined and item.enable)) and
-    (item.delete is not defined or not item.delete)
 
 - name: FILE | Disable vhosts
   file: path={{ nginx_etc_dir}}/sites-enabled/{{ item.filename | default(item.name if item.name is string else item.name[0]) }} state=absent
   with_items: "{{ nginx_vhosts }}"
   notify: ['reload nginx', 'restart nginx freebsd']
-  when: (item.enable is defined and not item.enable) or (item.delete is defined and item.delete)
+  when: item.state is defined and item.state == 'disabled' 
 
 - name: FILE | Delete default vhost when explicitely defined
   file: >

templates/etc/nginx/sites-available/_php.j2

@@ -1,9 +1,9 @@
 {% extends "_base.j2" %}
 
 {% macro phpv(version) %}
-{% if version == 56 %}
+{% if version == 56 or version == "5.6" %}
 {{ nginx_upstream_php56 -}}
-{% elif version == 70 %}
+{% elif version == 70 or version == "7.0" %}
 {{ nginx_upstream_php70 -}}
 {% else %}
 {# Hack... define another upstream #}

tests/test.yml

@@ -165,7 +165,7 @@
         headers:
           'X-proxyfied': '1'
       - name: 'deleted.local'
-        delete: true
+        state: 'absent' 
       - name: 'redirect-to.local'
         redirect_to: 'http://test.local'
       - name: 'backuppc.local'
@@ -220,7 +220,7 @@
     - name: -- VERIFY VHOSTS --
       command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
       with_items: "{{ nginx_vhosts }}"
-      when: item.delete is undefined or not item.delete
+      when: item.state is undefined or item.state != "absent"
       changed_when: false
     - name: -- VERIFY FORBIDDEN --
       command: "curl -H 'Host: test-php-index.local' http://127.0.0.1/phpinfo.php"
@@ -230,7 +230,7 @@
     - name: -- VERIFY REDIRECT VHOSTS --
       command: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
       with_items: "{{ nginx_vhosts }}"
-      when: item.redirect_from is defined and (item.delete is undefined or not item.delete)
+      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent")
       changed_when: false
       register: r
       failed_when: r.stdout.find('301 Moved Permanently') == -1