Fix ansible lint

Merge branch 'master' into debian_11
Migrate to new TravisCI version
2026-02-28 09:22:10 +07:00 · 2021-09-03 12:19:32 +02:00 · 2021-09-03 12:08:30 +02:00 · 2021-09-01 12:05:07 +02:00 · 2021-09-01 11:58:39 +02:00 · 2021-09-01 11:45:44 +02:00
44 changed files with 795 additions and 552 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -0,0 +1,4 @@
 ---
 enable_list:
  - fqcn-builtins
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 *.swp
 *.retry
 *.pyc
 /tests/HanXHX.php
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,31 +1,35 @@
 ---
 env:
-  - PLATFORM='docker-debian-stretch'          ANSIBLE_VERSION='ansible>=2.6,<2.7'
+  global:
-  - PLATFORM='docker-debian-stretch-sury'     ANSIBLE_VERSION='ansible>=2.6,<2.7'
+    - VAGRANT_VERSION='2.2.18'
-  - PLATFORM='docker-debian-buster'           ANSIBLE_VERSION='ansible>=2.6,<2.7'
+  jobs:
-  - PLATFORM='docker-debian-stretch'          ANSIBLE_VERSION='ansible>=2.7,<2.8'
+    - PLATFORM='docker-debian-stretch'  ANSIBLE_VERSION='>=2.11,<2.12'
-  - PLATFORM='docker-debian-stretch-sury'     ANSIBLE_VERSION='ansible>=2.7,<2.8'
+    - PLATFORM='docker-debian-bullseye' ANSIBLE_VERSION='>=2.11,<2.12'
-  - PLATFORM='docker-debian-buster'           ANSIBLE_VERSION='ansible>=2.7,<2.8'
+    - PLATFORM='docker-debian-buster'   ANSIBLE_VERSION='>=2.11,<2.12'
-
+os:
-matrix:
+  - linux
-  fast_finish: true
+dist: focal
 sudo: required
 dist: trusty
 language: python
-python: 2.7
+python:
  - 3.8
 services:
  - docker
 before_install:
-  - wget https://releases.hashicorp.com/vagrant/2.0.1/vagrant_2.0.1_x86_64.deb
+  - sudo apt-get -q update
-  - sudo dpkg -i vagrant_2.0.1_x86_64.deb
+  - sudo apt-get install -y yamllint
  - sudo wget -nv https://releases.hashicorp.com/vagrant/${VAGRANT_VERSION}/vagrant_${VAGRANT_VERSION}_x86_64.deb
  - sudo dpkg -i vagrant_${VAGRANT_VERSION}_x86_64.deb
 install:
-  - pip install "$ANSIBLE_VERSION"
+  - sudo pip install "ansible-core$ANSIBLE_VERSION"
  - sudo pip install ansible-lint
  - ansible-galaxy collection install community.general
  - ansible-galaxy install -p ./tests HanXHX.php
 script:
  - VAGRANT_DEFAULT_PROVIDER=docker vagrant up $PLATFORM
@@ -35,6 +39,14 @@ script:
    && (echo 'Idempotence test: pass' && exit 0)
    || (echo 'Idempotence test: fail' && exit 1)
  - VAGRANT_DEFAULT_PROVIDER=docker vagrant status
  - >
    yamllint .
    && (echo 'YAML lint test: pass' && exit 0)
    || (echo 'YAML lint test: fail' && exit 1)
  - >
    ansible-lint -v tests/test.yml
    && (echo 'Ansible lint test: pass' && exit 0)
    || (echo 'Ansible lint test: fail' && exit 1)
 notifications:
  webhooks: https://galaxy.ansible.com/api/v1/notifications/
--- a/.yamllint.yml
+++ b/.yamllint.yml
@@ -0,0 +1,6 @@
 ---
 extends: default
 rules:
  line-length: disable
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 Nginx for Debian/FreeBSD Ansible role
 =====================================
-[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/HanXHX/nginx/) [![Build Status](https://travis-ci.org/HanXHX/ansible-nginx.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-nginx)
+[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/HanXHX/nginx/) [![Build Status](https://app.travis-ci.com/HanXHX/ansible-nginx.svg?branch=master)](https://app.travis-ci.com/HanXHX/ansible-nginx)
 Install and configure Nginx on Debian/FreeBSD.
@@ -20,18 +20,20 @@ Features:
 Supported OS:
-| OS                 | Working | Stable (active support) |
+| OS                   | Working | Stable (active support) |
-| ------------------ | ------- | ----------------------- |
+| -------------------- | ------- | ----------------------- |
-| Debian Jessie (8)  | Yes     | Check latest supported version ([1.5.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.5.0)) |
+| Debian Jessie (8)    | Yes     | Check latest supported version ([1.5.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.5.0)) |
-| Debian Stretch (9) | Yes     | Yes                     |
+| Debian Stretch (9)   | Yes     | Yes                     |
-| Debian Buster (10) | Yes     | No                      |
+| Debian Buster (10)   | Yes     | Yes                     |
-| FreeBSD 11         | Yes     | No                      |
+| Debian Bullseye (11) | Yes     | Yes                     |
-| FreeBSD 12         | Yes     | No                      |
+| FreeBSD 11           | Yes     | No                      |
 | FreeBSD 12           | Yes     | No                      |
 Requirements
 ------------
-Ansible 2.6+. If you set true to `nginx_backports`, you must install backports repository before lauching this role.
+- Ansible >=2.11
 - If you set true to `nginx_backports`, you must install backports repository before lauching this role.
 Role Variables
 --------------
@@ -55,6 +57,7 @@ FreeBSD:
 - `nginx_error_log_level`: default log level
 - `nginx_auto_config_httpv2`: boolean, auto configure HTTP2 where possible
 - `nginx_fastcgi_fix_realpath`: boolean, use realpath for fastcgi (fix problems with symlinks and PHP opcache)
 - `nginx_default_hsts`: string, default header sent for HSTS
 ### Nginx Configuration
@@ -98,13 +101,22 @@ Note
 - Active support for Debian.
 - FreeBSD support is experimental (no Travis). I only test (for the moment) 10.2 (but it can work on other versions).
 - I don't manage BackupPC for FreeBSD (PR welcome).
 Dependencies
 ------------
 None
 If you need to dev this role locally
 ------------------------------------
 Before use vagrant, run once:
 ```
 ansible-galaxy install -p ./tests/ HanXHX.php,master
 ```
 Example Playbook
 ----------------
--- a/28
+++ b/28
@@ -6,20 +6,20 @@
 Vagrant.configure("2") do |config|
  vms_debian = [
-    { :name => "debian-stretch", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.0"}] }},
+    { :name => "debian-stretch", :box => "debian/stretch64", :vars => {} },
-    { :name => "debian-stretch-sury", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }},
+    { :name => "debian-buster", :box => "debian/buster64", :vars => {} },
-    { :name => "debian-buster", :box => "debian/buster64", :vars => { "nginx_php": [{"version": "7.3"}] }}
+    { :name => "debian-bullseye", :box => "debian/bullseye64", :vars => {} }
  ]
  vms_freebsd = [
-    { :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE",  :vars => {} },
+    { :name => "freebsd-11", :box => "freebsd/FreeBSD-11.3-STABLE", :vars => {} },
-    { :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} }
+    { :name => "freebsd-12", :box => "freebsd/FreeBSD-12.1-STABLE", :vars => {} }
  ]
  conts = [
-    { :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.0"}] }},
+    { :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => {} },
-    { :name => "docker-debian-stretch-sury", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }},
+    { :name => "docker-debian-buster", :docker => "hanxhx/vagrant-ansible:debian10", :vars => {} },
-    { :name => "docker-debian-buster", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { "nginx_php": [{"version": "7.3"}] }},
+    { :name => "docker-debian-bullseye", :docker => "hanxhx/vagrant-ansible:debian11", :vars => {} },
  ]
  config.vm.network "private_network", type: "dhcp"
@@ -32,6 +32,11 @@ Vagrant.configure("2") do |config|
        d.remains_running = true
        d.has_ssh = true
      end
      if opts[:name].include? "bullseye"
        m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
      end
      m.vm.provision "ansible" do |ansible|
        ansible.playbook = "tests/test.yml"
        ansible.verbose = 'vv'
@@ -48,6 +53,11 @@ Vagrant.configure("2") do |config|
        v.cpus = 1
        v.memory = 256
      end
      if opts[:name].include? "bullseye"
        m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
      end
      m.vm.provision "ansible" do |ansible|
        ansible.playbook = "tests/test.yml"
        ansible.verbose = 'vv'
@@ -66,7 +76,7 @@ Vagrant.configure("2") do |config|
        v.cpus = 2
        v.memory = 512
      end
-      m.vm.provision "shell", inline: "pkg install -y python bash"
+      m.vm.provision "shell", inline: "[ -e /usr/local/bin/bash ] || pkg install -y python bash"
      m.vm.provision "ansible" do |ansible|
        ansible.playbook = "tests/test.yml"
        ansible.verbose = 'vv'
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -14,11 +14,12 @@ nginx_log_dir: '/var/log/nginx'
 nginx_resolver_hosts: ['8.8.8.8', '8.8.4.4']
 nginx_resolver_valid: '300s'
 nginx_resolver_timeout: '5s'
-nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
+nginx_error_log_level: 'warn'   # http://nginx.org/en/docs/ngx_core_module.html#error_log
 nginx_auto_config_httpv2: true
 nginx_default_site: null
 nginx_default_site_ssl: null
 nginx_fastcgi_fix_realpath: true
 nginx_default_hsts: 'max-age=63072000; includeSubDomains'
 #
 # Nginx directories
@@ -84,6 +85,18 @@ nginx_http_gzip_disable: '"msie6"'
 #
 nginx_custom_http: []
 #
 # Nginx default
 #
 nginx_default_listen:
  - '80'
  - '[::]:80'
 nginx_default_listen_ssl:
  - '443'
  - '[::]:443'
 nginx_default_listen_proxy_protocol: []
 nginx_default_listen_proxy_protocol_ssl: []
 #
 # Sites
 #
@@ -115,7 +128,7 @@ nginx_load_modules: []
 #
 nginx_dh: null
 nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
-nginx_dh_length: 4096
+nginx_dh_length: 2048
 #
 # acme.sh
--- a/doc/freebsd.md
+++ b/doc/freebsd.md
@@ -10,8 +10,3 @@ About modules
 -------------
 Dynamic modules must be set with full path (see `nginx_load_modules` path).
 Sites not tested
 ----------------
 - BackupPC
--- a/doc/php.md
+++ b/doc/php.md
@@ -2,8 +2,7 @@ PHP
 ===
 `nginx_php`:
-  - `version`: (M) PHP version
+  - `upstream_name` (M)
  - `upstream_name` (O)
  - `sockets`: (O) socket list
 If `sockets` is not provided, if uses local unix socket (based on PHP version).
@@ -16,8 +15,8 @@ Each socket have:
 XOR
- `host`
+- `host` (M)
- `port`
+- `port` (M)
- `weight`
+- `weight` (O)
- `max_fails`
+- `max_fails` (O)
- `fail_timeout`
+- `fail_timeout` (O)
--- a/doc/site.md
+++ b/doc/site.md
@@ -9,14 +9,30 @@ Common
 ------
 - `name`: (M) Domain or list of domain used.
 - `template`: (D) template used to create site. Optional if you set `state`=`absent` or using `redirect_to`.
 - `filename`: (O) Specify filename in /etc/nginx/sites-*. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation.
 - `state`: (O) Site status. Can be "present" (default), "absent" and "disabled".
 - `filename`: (O) Specify filename in `/etc/nginx/sites-*`. Do NOT specify default (reserved keyword). It will be used for log filenames and directories creation.
 (O): Optional
 (M): Mandatory
 (D): Depends other keys...
 You can use 2 config (at the same time time):
 - pre-built: Some configuration are templated (Wordpress, Symfony...), auto create root dir, perform an "A+" on ssllabs for https... etc
 - custom: Push your own site config template. Usefull when you have a complex configuration.
 Pre-built site config
 ---------------------
 # Keys
 - `template`: (M) template used to create site. Optional if you set `state`=`absent` or using `redirect_to`.
 - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www
 - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme).
 - `headers`: (O) Set additionals header as key/value list. You can append "always" to the value. Show [nginx doc](http://nginx.org/en/docs/http/ngx_http_headers_module.html).
 - `redirect_to_code`: Redirect code (default: 302)
- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS. If "true", you _MUST_ set `proto` to ```['https']```.
+- `redirect_https`: (O) Boolean. Redirect HTTP to HTTPS. If "true", you _MUST_ set `proto` to `['https']`.
 - `location`: (O) Add new custom locations (it does not overwrite!)
 - `location_order`: (O) Due to non preditive `location` order, you can provide the good order (see test-location.local in [tests/test.yml](../tests/test.yml)).
 - `location_before`: (O) Add new custom locations before generated location by template
@@ -29,19 +45,13 @@ Common
 - `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support.
 - `ssl_name`: (D) name of the key used when using TLS/SSL. Optional when `proto` contains "https". If you don't set this value, it will search by `name`.
 - `ssl_template` (O) "strong" (default) or "legacy". You can disable SSL helpers and add your own directives by setting "false".
- `php_version` (O) Sepecify PHP version (5 or 7)
+- `listen_proxy_protocol` (O) Enable proxy protocol on http port.
- `http_proxy_protocol_port` (O) Enable proxy protocol on http port.
+- `listen_proxy_protocol_ssl` (O) Enable proxy protocol on https port.
- `https_proxy_protocol_port` (O) Enable proxy protocol on https port.
+- `hsts` (O) overwrite default header for hsts
-(O): Optional
+### Templates
 (M): Mandatory
 (D): Depends other keys...
 Templates
 ---------
 - `_base`: static template
 - `_backuppc`: access to [BackupPC](http://backuppc.sourceforge.net/) (be careful: you need to install [fcgiwrap](https://packages.debian.org/stretch/fcgiwrap))
 - `_dokuwiki`
 - `_redirect`: should not be called explicitly
 - `_phalcon`: Phalcon PHP Framework
@@ -52,8 +62,7 @@ Templates
 Templates works as parent-child.
-About proxy template
+### About proxy template
 --------------------
 Proxy template allow you to use Nginx as reverse proxy. Usefull when you have an application service such as Redmine, Jenkins...
@@ -64,10 +73,69 @@ You have many key added to site key:
 (O) : Optional
-Default sites
+### Default sites
 --------------
 You can manage default site by setting domain name to these variables.
 - `nginx_default_site`
 - `nginx_default_site_ssl`
 *IT WORKS ONLY WITH PRE-BUIT SITES*
 ### Example
 ```yaml
 - nginx_sites:
  - name: 'mywebsite.com'
    template: '_wordpress'
    headers:
      x-ansibled: '1'
    manage_local_content: false
 ```
 Custom site config 
 ------------------
 ### Keys
 - `custom_template`: (M) template path used 
 You can add some extra infos if needed.
 ### Example:
 ```yaml
 - nginx_sites:
  - name: 'mycustom-website.com'
    custom_template: 'my/template_dir/the-template.conf.j2'
    allow_admin: '192.168.0.0/24'
 ```
 In `my/template_dir/the-template.conf.j2`:
 ```
 #
 # {{ ansible_managed }} - {{ item.name }}
 #
 server {
 	listen 8080 http2 proxy_protocol;
    server_name {{ item.name }};
 	index index.html;
    root /var/www/{{ item.name }};
 	location / {
 		try_files $uri $uri/ =404;
 	}
 	location /admin {
 		allow {{ item.allow_admin }};
 		deny all;
 	}
 }
 ```
--- a/filter_plugins/nginx.py
+++ b/filter_plugins/nginx.py
@@ -1,5 +1,5 @@
 def nginx_site_filename(site):
-    if site.has_key('filename'):
+    if 'filename' in site:
        return site['filename']
    else:
        return nginx_site_name(site)
@@ -14,17 +14,45 @@ def nginx_ssl_dir(pair, ssl_dir):
    return ssl_dir + '/' + nginx_site_filename(pair)
 def nginx_key_path(pair, ssl_dir):
-    if pair.has_key('dest_key'):
+    if 'dest_key' in pair:
        return pair['dest_key']
    else:
        return nginx_ssl_dir(pair, ssl_dir) + '/' + nginx_site_filename(pair) + '.key'
 def nginx_cert_path(pair, ssl_dir):
-    if pair.has_key('dest_cert'):
+    if 'dest_cert' in pair:
        return pair['dest_cert']
    else:
        return nginx_ssl_dir(pair, ssl_dir) + '/' + nginx_site_filename(pair) + '.crt'
 def nginx_all_site_names(site):
    all_sites = []
    if isinstance(site['name'], list):
        all_sites = all_sites + site['name']
    else:
        all_sites.append(site['name'])
    if 'redirect_from' in site:
        if isinstance(site['redirect_from'], list):
             all_sites = all_sites + site['redirect_from']
        else:
            all_sites.append(site['redirect_from'])
    return all_sites
 def nginx_search_by_ssl_name(sites, ssl_name):
    if isinstance(ssl_name, list):
        comp_ssl_name = ssl_name[0]
    else:
        comp_ssl_name = ssl_name
    res = None
    for site in sites:
        if 'ssl_name' in site and site['ssl_name'] == comp_ssl_name:
            res = site
            break
    return res
 class FilterModule(object):
    ''' Nginx module '''
@@ -34,5 +62,7 @@ class FilterModule(object):
            'nginx_site_name': nginx_site_name,
            'nginx_ssl_dir': nginx_ssl_dir,
            'nginx_key_path': nginx_key_path,
-            'nginx_cert_path': nginx_cert_path
+            'nginx_cert_path': nginx_cert_path,
            'nginx_all_site_names': nginx_all_site_names,
            'nginx_search_by_ssl_name': nginx_search_by_ssl_name
        }
--- a/filter_plugins/php.py
+++ b/filter_plugins/php.py
@@ -1,19 +1,10 @@
 def php_default_upstream_socket(php_version):
    return '/run/php/php%s-fpm.sock' % php_version
 def php_default_upstream_name(php_version):
    return 'default_php_%s' % php_version
 def php_fpm_service(php_version):
    return 'php%s-fpm' % php_version
 class FilterModule(object):
    ''' PHP module '''
    def filters(self):
        return {
            'php_default_upstream_socket': php_default_upstream_socket,
            'php_default_upstream_name': php_default_upstream_name,
            'php_fpm_service': php_fpm_service,
            'php_fpm_package': php_fpm_service
        }
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,46 +1,46 @@
 ---
 - name: reload nginx
-  command: nginx -t
+  ansible.builtin.command: nginx -t
  notify:
    - real-reload nginx
    - docker reload nginx
 - name: restart nginx
-  command: nginx -t
+  ansible.builtin.command: nginx -t
  notify:
    - real-restart nginx
    - docker restart nginx
 - name: real-reload nginx
-  service:
+  ansible.builtin.service:
    name: nginx
    state: reloaded
  when: ansible_virtualization_type != 'docker'
 - name: real-restart nginx
-  service:
+  ansible.builtin.service:
    name: nginx
    state: restarted
  when: ansible_virtualization_type != 'docker'
 - name: docker reload nginx
-  command: service nginx reload
+  ansible.builtin.command: service nginx reload
  args:
    warn: false
  when: ansible_virtualization_type == 'docker'
 - name: docker restart nginx
-  command: service nginx restart
+  ansible.builtin.command: service nginx restart
  args:
    warn: false
  when: ansible_virtualization_type == 'docker'
 - name: restart nginx freebsd
-  service:
+  ansible.builtin.service:
    name: nginx
    state: restarted
  when: ansible_distribution == "FreeBSD"
 - name: setup
-  action: setup
+  ansible.builtin.setup:
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -1,28 +1,33 @@
 ---
 galaxy_info:
  author: Emilien Mantel
  namespace: hanxhx
  role_name: nginx
  description: Nginx for Debian / FreeBSD
  company:
  license: GPLv2
-  min_ansible_version: 2.6
+  min_ansible_version: 2.11
  platforms:
-  - name: Debian
+    - name: Debian
-    versions:
+      versions:
-    - stretch
+        - stretch
-    - buster
+        - buster
-  - name: FreeBSD
+        - bullseye
-    versions:
+    - name: FreeBSD
-    - 11.0
+      versions:
-    - 11.1
+        - 11.0
-    - 12.0
+        - 11.1
        - 12.0
  galaxy_tags:
-  - web
+    - web
-  - proxy
+    - debian
-  - http
+    - proxy
-  - http2
+    - http
-  - https
+    - http2
-  - ssl
+    - https
-  - tls
+    - ssl
-  - nginx
+    - tls
-  - cdn
+    - nginx
    - cdn
 dependencies: []
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -1,26 +1,35 @@
 ---
 - name: TEMPLATE | Deploy nginx.conf
-  template:
+  ansible.builtin.template:
    src: "etc/nginx/nginx.conf.j2"
    dest: "{{ nginx_etc_dir }}/nginx.conf"
    mode: 0644
    owner: root
    group: root
  notify: reload nginx
 - name: TEMPLATE | Deploy all helpers
-  template:
+  ansible.builtin.template:
    src: "{{ item }}"
    dest: "{{ nginx_helper_dir }}/{{ item | basename | regex_replace('.j2$','') }}"
    mode: 0644
    owner: root
    group: root
  with_fileglob: '../templates/etc/nginx/helper/*.j2'
  notify: reload nginx
 - name: TEMPLATE | Deploy custom http configuration
-  template:
+  ansible.builtin.template:
    src: "etc/nginx/conf.d/custom.conf.j2"
    dest: "{{ nginx_etc_dir }}/conf.d/custom.conf"
    mode: 0644
    owner: root
    group: root
  notify: reload nginx
 - name: LINEINFILE | Fix path
-  lineinfile:
+  ansible.builtin.lineinfile:
    regexp: '{{ item.0.regexp }}'
    line: '{{ item.0.line }}'
    dest: '{{ item.1 }}'
@@ -36,10 +45,13 @@
  when: nginx_fastcgi_fix_realpath
 - name: COPY | Add modules manually
-  copy:
+  ansible.builtin.copy:
    content: |
      {% for m in nginx_load_modules %}
      load_module {{ m }};
      {% endfor %}
    dest: "{{ nginx_etc_dir }}/modules-enabled/000-modules.conf"
    mode: 0644
    owner: root
    group: root
  notify: reload nginx
--- a/tasks/htpasswd.yml
+++ b/tasks/htpasswd.yml
@@ -1,18 +1,21 @@
 ---
 - name: FILE | Delete htpasswd file
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_htpasswd_dir }}/{{ item.name }}"
    state: absent
  loop: "{{ nginx_htpasswd }}"
  when: item.state is defined and item.state == 'absent'
-  no_log: not nginx_debug_role
+  no_log: "{{ not nginx_debug_role }}"
 - name: HTPASSWD | Manage files
-  htpasswd:
+  ansible.builtin.htpasswd:
    name: "{{ item.1.name }}"
    password: "{{ item.1.password }}"
    path: "{{ nginx_htpasswd_dir }}/{{ item.0.name }}"
    mode: 0644
    owner: root
    group: root
  loop: "{{ nginx_htpasswd | subelements('users') }}"
  when: item.0.state is not defined or item.0.state == 'present'
-  no_log: not nginx_debug_role
+  no_log: "{{ not nginx_debug_role }}"
--- a/tasks/install_Debian.yml
+++ b/tasks/install_Debian.yml
@@ -1,53 +1,53 @@
 ---
 - name: SET_FACT | Bypass https://github.com/ansible/ansible/issues/19874
-  set_fact:
+  ansible.builtin.set_fact:
    ansible_distribution_release: 'buster'
  when: ansible_facts.distribution_major_version == "buster/sid"
 - name: APT | Update cache
-  apt:
+  ansible.builtin.apt:
-    update_cache: yes
+    update_cache: true
    cache_valid_time: 3600
  changed_when: false
 - name: APT | Install nginx and dependencies
-  apt:
+  ansible.builtin.apt:
    pkg: "{{ nginx_apt_package }}"
    default_release: "{{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }}"
 - name: APT | Install nginx modules
-  apt:
+  ansible.builtin.apt:
    pkg: "{{ nginx_module_packages }}"
    state: present
 - name: APT | Install python-passlib
-  apt:
+  ansible.builtin.apt:
-    pkg: python-passlib
+    pkg: "python{% if ansible_python_version is version('3', '>=') %}3{% endif %}-passlib"
    state: present
 - name: STAT | Check acme.sh is installed
-  stat:
+  ansible.builtin.stat:
    path: "{{ nginx_acmesh_dir }}"
  register: acme
 - block:
-  - name: APT | Install git
+    - name: APT | Install git
-    apt:
+      ansible.builtin.apt:
-      pkg: git
+        pkg: git
-  - name: GIT | Get acme.sh
+    - name: GIT | Get acme.sh
-    git:
+      ansible.builtin.git:
-      repo: 'https://github.com/Neilpang/acme.sh.git'
+        repo: 'https://github.com/Neilpang/acme.sh.git'
-      dest: '{{ nginx_acmesh_git_dir }}'
+        dest: '{{ nginx_acmesh_git_dir }}'
-      update: no
+        update: false
-      version: master
+        version: master
-  - name: COMMAND | Install acme.sh
+    - name: COMMAND | Install acme.sh
-    command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
+      ansible.builtin.command: ./acme.sh --install --home "{{ nginx_acmesh_dir }}"
-    args:
+      args:
-      chdir: "{{ nginx_acmesh_git_dir }}"
+        chdir: "{{ nginx_acmesh_git_dir }}"
-      creates: "{{ nginx_acmesh_dir }}"
+        creates: "{{ nginx_acmesh_dir }}"
  when: not acme.stat.exists
--- a/tasks/install_FreeBSD.yml
+++ b/tasks/install_FreeBSD.yml
@@ -16,20 +16,20 @@
 - block:
    - name: COMMAND | Create /usr/local/etc/fdfs/http.conf
-      command: touch /usr/local/etc/fdfs/http.conf
+      ansible.builtin.command: touch /usr/local/etc/fdfs/http.conf
      args:
        creates: /usr/local/etc/fdfs/http.conf
      register: fd1
    - name: LINEINFILE | Tune fdfs
-      lineinfile:
+      ansible.builtin.lineinansible.builtin.file:
        regexp: ^load_fdfs_parameters_from_tracker
        line: load_fdfs_parameters_from_tracker=false
        path: /usr/local/etc/fdfs/mod_fastdfs.conf
      register: fd2
    - name: SERVICE | Restart nginx when fdfs is tuned
-      service:
+      ansible.builtin.service:
        name: nginx
        state: restarted
      when: fd1.changed or fd2.changed
@@ -37,16 +37,19 @@
  when: true
 - name: FILE | Create configuration dir (like Debian)
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_etc_dir }}/{{ item }}"
    state: directory
    mode: 0755
    owner: root
    group: root
  loop:
    - conf.d
    - sites-available
    - sites-enabled
 - name: FILE | Create log directory
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_log_dir }}"
    owner: "{{ nginx_user }}"
    group: wheel
@@ -54,6 +57,6 @@
    state: directory
 - name: SERVICE | Enable nginx
-  service:
+  ansible.builtin.service:
    name: nginx
-    enabled: yes
+    enabled: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,30 +1,30 @@
 ---
 - name: INCLUDE_VARS | Related to OS
-  include_vars: "{{ ansible_distribution }}.yml"
+  ansible.builtin.include_vars: "{{ ansible_distribution }}.yml"
  tags: ['nginx::site', 'nginx::ssl']
 - name: INCLUDE_TASKS | Install
-  include_tasks: "install_{{ ansible_distribution }}.yml"
+  ansible.builtin.include_tasks: "install_{{ ansible_distribution }}.yml"
  tags: ['nginx::site', 'nginx::ssl']
 - name: IMPORT_TASKS| Prepare
-  import_tasks: prepare.yml
+  ansible.builtin.import_tasks: prepare.yml
  tags: ['nginx::site', 'nginx::ssl']
 - name: IMPORT_TASKS| Install
-  import_tasks: config.yml
+  ansible.builtin.import_tasks: config.yml
 - name: IMPORT_TASKS| Upstream configuration
-  import_tasks: upstream.yml
+  ansible.builtin.import_tasks: upstream.yml
 - name: IMPORT_TASKS| htpasswd configuration
-  import_tasks: htpasswd.yml
+  ansible.builtin.import_tasks: htpasswd.yml
 - name: IMPORT_TASKS| SSL configuration
-  import_tasks: ssl/main.yml
+  ansible.builtin.import_tasks: ssl/main.yml
  tags: ['nginx::ssl']
 - name: IMPORT_TASKS| Sites configuration
-  import_tasks: site.yml
+  ansible.builtin.import_tasks: site.yml
  tags: ['nginx::site']
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@@ -1,17 +1,17 @@
 ---
 - name: SHELL | Get Nginx version
-  shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
+  ansible.builtin.shell: nginx -v 2>&1 | sed -r 's#.*/##;' | cut -d ' ' -f 1
  args:
    executable: /bin/sh
  register: nginx_version
  changed_when: false
-  check_mode: no
+  check_mode: false
  tags:
    - skip_ansible_lint
 - name: SHELL | Get module list
-  shell: |
+  ansible.builtin.shell: |
    nginx -V 2>&1 |
    tr -- - '\n' |
    grep -A 1 with |
@@ -22,16 +22,16 @@
    executable: /bin/sh
  register: shell_modules
  changed_when: false
-  check_mode: no
+  check_mode: false
  tags:
    - skip_ansible_lint
 - name: SET_FACT | Save modules
-  set_fact:
+  ansible.builtin.set_fact:
    nginx_modules: "{{ shell_modules.stdout_lines }}"
 - name: FILE | Create folders
-  file:
+  ansible.builtin.file:
    dest: "{{ item.dir }}"
    owner: "{{ item.owner }}"
    mode: "{{ item.mode }}"
@@ -39,6 +39,9 @@
  loop: "{{ nginx_dirs }}"
 - name: FILE | Create ansible facts dir
-  file:
+  ansible.builtin.file:
    path: /etc/ansible/facts.d
    state: directory
    mode: 0755
    owner: root
    group: root
--- a/tasks/site.yml
+++ b/tasks/site.yml
@@ -1,7 +1,7 @@
 ---
 - name: FAIL | Check filenames
-  fail:
+  ansible.builtin.fail:
    msg: "Forbidden keyword default on site {{ item | nginx_site_name }}"
  when: item.filename is defined and item.filename == 'default'
  loop: "{{ nginx_sites }}"
@@ -9,7 +9,7 @@
    label: "{{ item | nginx_site_name }}"
 - name: FAIL | Check HTTPS redir and proto
-  fail:
+  ansible.builtin.fail:
    msg: "You can't have HTTP proto and HTTPS redirection at the same time"
  when:
    ((item.proto is defined and 'http' in item.proto) or (item.proto is not defined)) and
@@ -19,12 +19,15 @@
    label: "{{ item | nginx_site_name }}"
 - name: FILE | Create root directory
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_root }}"
    state: directory
    mode: 0755
    owner: root
    group: root
 - name: FILE | Create root public folders (foreach nginx_sites)
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_root }}/{{ item | nginx_site_filename }}/public"
    state: directory
    owner: "{{ item.owner | default(nginx_user) }}"
@@ -40,17 +43,33 @@
    label: "{{ item | nginx_site_name }}"
 - name: TEMPLATE | Create sites
-  template:
+  ansible.builtin.template:
    src: "etc/nginx/sites-available/{{ item.template if item.redirect_to is not defined else '_redirect' }}.j2"
    dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
    mode: 0644
    owner: root
    group: root
  notify: ['reload nginx', 'restart nginx freebsd']
-  when: item.state is not defined or item.state != 'absent'
+  when: (item.state is not defined or item.state != 'absent') and item.custom_template is not defined
  loop: "{{ nginx_sites }}"
  loop_control:
    label: "{{ item | nginx_site_name }}"
 - name: TEMPLATE | Create sites with preconfigured template
  ansible.builtin.template:
    src: "{{ item.custom_template }}"
    dest: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
    mode: 0644
    owner: root
    group: root
  notify: ['reload nginx', 'restart nginx freebsd']
  when: (item.state is not defined or item.state != 'absent') and item.custom_template is defined
  loop: "{{ nginx_sites }}"
  loop_control:
    label: "{{ item | nginx_site_name }}"
 - name: FILE | Delete sites
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}"
    state: absent
  loop: "{{ nginx_sites | product(dirs) | list }}"
@@ -62,7 +81,7 @@
    label: "{{ nginx_etc_dir }}/{{ item.1 }}/{{ item.0 | nginx_site_filename }}"
 - name: FILE | Enable sites
-  file:
+  ansible.builtin.file:
    src: "{{ nginx_etc_dir }}/sites-available/{{ item | nginx_site_filename }}"
    dest: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}"
    state: link
@@ -74,7 +93,7 @@
    label: "{{ item | nginx_site_name }}"
 - name: FILE | Disable sites
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_filename }}"
    state: absent
  loop: "{{ nginx_sites }}"
@@ -84,14 +103,14 @@
    label: "{{ item | nginx_site_name }}"
 - name: FILE | Delete default site when explicitely defined
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_etc_dir }}/sites-enabled/default"
    state: absent
  notify: ['reload nginx', 'restart nginx freebsd']
  when: nginx_default_site is not none
 - name: FILE | Auto set default site
-  file:
+  ansible.builtin.file:
    src: "{{ nginx_etc_dir }}/sites-available/default"
    dest: "{{ nginx_etc_dir }}/sites-enabled/default"
    state: link
@@ -99,7 +118,7 @@
  when: nginx_default_site is none
 - name: TEMPLATE | Deploy facts
-  template:
+  ansible.builtin.template:
    src: etc/ansible/facts.d/nginx.fact.j2
    dest: /etc/ansible/facts.d/nginx.fact
    mode: 0644
--- a/tasks/ssl/acme.yml
+++ b/tasks/ssl/acme.yml
@@ -1,98 +1,101 @@
 ---
- name: SET_FACT | Assign default..
+- name: SET_FACT | Assign default...
-  set_fact:
+  ansible.builtin.set_fact:
    acme_create: []
 - name: STAT | Check if certificates are already installed
-  stat:
+  ansible.builtin.stat:
-    path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt"
+    path: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
  loop: "{{ nginx_ssl_pairs }}"
  when: item.acme is defined and item.acme
  register: acme_installed_certs
 - name: SET_FACT | Assign var with certificates to create
-  set_fact:
+  ansible.builtin.set_fact:
    acme_create: "{{ acme_create | default([]) + [ (item.item) ] }}"
  loop: "{{ acme_installed_certs.results }}"
-  when: item.skipped is not defined and not item.stat.exists
+  when: item.skipped is not defined and (not item.stat.exists or item.stat.size == 0)
 - name: BLOCK | Start acme
  block:
-  - name: TEMPLATE | Create fake site
+    - name: TEMPLATE | Create fake site
-    template:
+      ansible.builtin.template:
-      src: "etc/nginx/conf.d/FAKESITE.conf.j2"
+        src: "etc/nginx/conf.d/FAKESITE.conf.j2"
-      dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
+        dest: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
-    loop: "{{ acme_create }}"
+        mode: 0644
-    register: fake_site
+        owner: root
        group: root
      loop: "{{ acme_create }}"
      register: fake_site
-  - name: FILE | Delete current site if needed
+    - name: FILE | Delete current site if needed
-    file:
+      ansible.builtin.file:
-      path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
+        path: "{{ nginx_etc_dir }}/sites-enabled/{{ item | nginx_site_name }}"
-      state: absent
+        state: absent
-    loop: "{{ acme_create }}"
+      loop: "{{ acme_create }}"
-    when: fake_site.changed
+      when: fake_site.changed
-  - name: SERVICE | Restart nginx
+    - name: SERVICE | Restart nginx
-    service:
+      ansible.builtin.service:
-      name: nginx
+        name: nginx
-      state: restarted
+        state: restarted
-    when: fake_site.changed and ansible_virtualization_type != 'docker'
+      when: fake_site.changed and ansible_virtualization_type != 'docker'
-  - name: COMMAND | Restart nginx
+    - name: COMMAND | Restart nginx
-    command: service nginx restart
+      ansible.builtin.command: service nginx restart
-    args:
+      args:
-      warn: false
+        warn: false
-    when: fake_site.changed and ansible_virtualization_type == 'docker'
+      when: fake_site.changed and ansible_virtualization_type == 'docker'
-  - name: COMMAND | Get certificates
+    - name: COMMAND | Get certificates
-    command: |
+      ansible.builtin.command: |
-      {{ nginx_acmesh_bin }}
+        {{ nginx_acmesh_bin }}
-        --home {{ nginx_acmesh_dir }}
+          --home {{ nginx_acmesh_dir }}
-        --issue{% if item.name is string %} -d {{ item.name }}{% else %}{% for name in item.name %} -d {{ name }}{% endfor %}{% endif %}
+          --issue{% for s in nginx_sites | nginx_search_by_ssl_name(item.name) | nginx_all_site_names %} -d {{ s }}{% endfor %}
-        --nginx
+          --nginx
-        {% if nginx_acmesh_test %}--test{% endif %}
+          {% if nginx_acmesh_test %}--test --log{% endif %}
-    args:
+      args:
-      creates: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
+        creates: "{{ nginx_acmesh_dir }}/{{ item | nginx_site_name }}/fullchain.cer"
-    loop: "{{ acme_create }}"
+      loop: "{{ acme_create }}"
-    register: acme_get
+      register: acme_get
-    failed_when: acme_get.rc != 0 and acme_get.rc != 2
+      failed_when: acme_get.rc != 0 and acme_get.rc != 2
-    no_log: not nginx_debug_role
+      no_log: "{{ not nginx_debug_role }}"
-  - name: FILE | Create SSL dir per site
+    - name: FILE | Create SSL dir per site
-    file:
+      ansible.builtin.file:
-      path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
+        path: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}"
-    loop: "{{ acme_create }}"
+      loop: "{{ acme_create }}"
-  - name: COMMAND | Install certificates
+    - name: COMMAND | Install certificates
-    command: |
+      ansible.builtin.command: |
-      {{ nginx_acmesh_bin }}
+        {{ nginx_acmesh_bin }}
-        --home {{ nginx_acmesh_dir }}
+          --home {{ nginx_acmesh_dir }}
-        --install-cert -d {{ item | nginx_site_name }}
+          --install-cert -d {{ nginx_sites | nginx_search_by_ssl_name(item | nginx_site_name) | nginx_site_name }}
-        --fullchain-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.crt
+          --fullchain-file {{ item | nginx_cert_path(nginx_ssl_dir) }}
-        --key-file {{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key
+          --key-file {{ item | nginx_key_path(nginx_ssl_dir) }}
-        --reloadcmd "service nginx reload"
+          --reloadcmd "service nginx reload"
-    args:
+      args:
-      creates: "{{ nginx_ssl_dir }}/{{ item | nginx_site_name }}/{{ item | nginx_site_name }}.key"
+        creates: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
-    loop: "{{ nginx_ssl_pairs }}"
+      loop: "{{ nginx_ssl_pairs }}"
-    when: item.acme is defined and item.acme
+      when: item.acme is defined and item.acme
-    notify: restart nginx
+      notify: restart nginx
  rescue:
-  - name: FAIL | Explicit
+    - name: FAIL | Explicit
-    fail:
+      ansible.builtin.fail:
-      msg: "Something is bad... Auto crash!"
+        msg: "Something is bad... Auto crash!"
  always:
-  - name: FILE | Delete fake sites
+    - name: FILE | Delete fake sites
-    file:
+      ansible.builtin.file:
-      path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
+        path: "{{ nginx_etc_dir }}/conf.d/FAKESITE_{{ item | nginx_site_name }}.conf"
-      state: absent
+        state: absent
-    loop: "{{ acme_create }}"
+      loop: "{{ acme_create }}"
-    notify: restart nginx
+      notify: restart nginx
-  - name: META | Flush handlers
+    - name: META | Flush handlers
-    meta: flush_handlers
+      ansible.builtin.meta: flush_handlers
--- a/tasks/ssl/standard.yml
+++ b/tasks/ssl/standard.yml
@@ -2,62 +2,72 @@
 - block:
-  - name: STAT | Get info ajout DH file
+  - name: STAT | Get info about DH file
-    stat:
+    ansible.builtin.stat:
      path: "{{ nginx_dh_path }}"
-      get_checksum: no
+      get_checksum: false
    register: stat_dh_file
  - name: SHELL | Get info about DH file
-    shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
+    ansible.builtin.shell: openssl dhparam -in {{ nginx_dh_path }} -text -noout 2>&1 | awk '/DH Parameters/ { print substr($3, 2) }'
    changed_when: false
    register: dh_info
    when: stat_dh_file.stat.exists
  - name: COMMAND | Generate DH file
-    command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
+    ansible.builtin.command: openssl dhparam -out {{ nginx_dh_path }} {{ nginx_dh_length }}
    when: not stat_dh_file.stat.exists or (dh_info.stdout | int != nginx_dh_length | int)
    notify: restart nginx
  when: nginx_dh is not string
 - name: COPY | Deploy DH file from vars
-  copy:
+  ansible.builtin.copy:
    content: "{{ nginx_dh }}"
    dest: "{{ nginx_dh_path }}"
    owner: root
    group: root
    mode: 0640
  when: nginx_dh is string
  notify: restart nginx
 - name: FILE | Create SSL directories
-  file:
+  ansible.builtin.file:
    path: "{{ item | nginx_ssl_dir(nginx_ssl_dir) }}"
    state: directory
    owner: root
    group: root
    mode: 0750
  loop: "{{ nginx_ssl_pairs }}"
  when: item.dest_key is not defined or item.dest_cert is not defined
-  no_log: not nginx_debug_role
+  no_log: "{{ not nginx_debug_role }}"
 - name: COPY | Deploy SSL keys
-  copy:
+  ansible.builtin.copy:
    content: "{{ item.key }}"
    dest: "{{ item | nginx_key_path(nginx_ssl_dir) }}"
    owner: root
    group: root
    mode: 0640
  loop: "{{ nginx_ssl_pairs }}"
  when: item.key is defined
  notify: restart nginx
-  no_log: not nginx_debug_role
+  no_log: "{{ not nginx_debug_role }}"
 - name: COPY | Deploy SSL certs
-  copy:
+  ansible.builtin.copy:
    content: "{{ item.cert }}"
    dest: "{{ item | nginx_cert_path(nginx_ssl_dir) }}"
    owner: root
    group: root
    mode: 0644
  loop: "{{ nginx_ssl_pairs }}"
  when: item.cert is defined
  notify: restart nginx
-  no_log: not nginx_debug_role
+  no_log: "{{ not nginx_debug_role }}"
 - name: COMMAND | Create self-signed certificates
-  command: |
+  ansible.builtin.command: |
    openssl req
      -new -newkey rsa:2048 -sha256 -days 3650 -nodes -x509
      -subj '/CN={{ item | nginx_site_name }}'
@@ -69,4 +79,4 @@
  loop: "{{ nginx_ssl_pairs }}"
  when: item.self_signed is defined
  notify: restart nginx
-  no_log: not nginx_debug_role
+  no_log: "{{ not nginx_debug_role }}"
--- a/tasks/upstream.yml
+++ b/tasks/upstream.yml
@@ -1,28 +1,27 @@
 ---
 - name: TEMPLATE | Deploy PHP upstream to Nginx
-  template:
+  ansible.builtin.template:
    src: "etc/nginx/conf.d/php.conf.j2"
    dest: "{{ nginx_etc_dir }}/conf.d/php.conf"
-  when: nginx_php | length > 0
+    mode: 0644
    owner: root
    group: root
  notify: reload nginx
 - name: FILE | Delete PHP upstream
  file:
    path: "{{ nginx_etc_dir }}/conf.d/php.conf"
    state: absent
  when: nginx_php | length == 0
 - name: TEMPLATE | Deploy other upstreams
-  template:
+  ansible.builtin.template:
    src: "etc/nginx/conf.d/_upstream.conf.j2"
    dest: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf"
    mode: 0644
    owner: root
    group: root
  loop: "{{ nginx_upstreams }}"
  when: item.state is not defined or item.state == 'present'
  notify: reload nginx
 - name: FILE | Delete other upstreams
-  file:
+  ansible.builtin.file:
    path: "{{ nginx_etc_dir }}/conf.d/upstream-{{ item.name }}.conf"
    state: absent
  loop: "{{ nginx_upstreams }}"
--- a/templates/etc/nginx/conf.d/FAKESITE.conf.j2
+++ b/templates/etc/nginx/conf.d/FAKESITE.conf.j2
@@ -1,8 +1,16 @@
-server {
+{% set site = nginx_sites | nginx_search_by_ssl_name(item.name) %}
-	listen {{ item.acme_port | default('80') }};
+{% set __listen = item.listen | default(nginx_default_listen) %}
-	listen [::]:{{ item.acme_port | default('80') }};
+{% set __listen_proxy_protocol = item.listen_proxy_protocol | default(nginx_default_listen_proxy_protocol) %}
-	server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(" ") }}{% endif %}{% if item.redirect_from is defined %} {% if item.redirect_from is string %}{{ item.redirect_from }}{% else %}{{ item.redirect_from | join(" ") }}{% endif %}{% endif %};
+server {
 {% for port in __listen %}
 	listen {{ port }};
 {% endfor %}
 {% for port in __listen_proxy_protocol %}
 	listen {{ port }} proxy_protocol;
 {% endfor %}
 	server_name {{ site | nginx_all_site_names | join(" ") }};
 	location / {
 		return 503;
--- a/templates/etc/nginx/conf.d/php.conf.j2
+++ b/templates/etc/nginx/conf.d/php.conf.j2
@@ -3,18 +3,27 @@
 #
 {% for php in nginx_php %}
-upstream {{ php.upstream_name | default((php.version | php_default_upstream_name)) }} {
+upstream {{ php.upstream_name }} {
 {% for sock in php.sockets | default([]) %}
 {% if sock.host is defined %}
    server {{ sock.host }}:{{ sock.port }} weight={{ sock.weight | default('1') }} max_fails={{ sock.max_fails | default('5') }} fail_timeout={{ sock.fail_timeout | default('10s') }};
 {% else %}
-    server unix:{{ sock.unix | default((php.version | php_default_upstream_socket)) }} weight={{ sock.weight | default('1') }};
+    server unix:{{ sock.unix }} weight={{ sock.weight | default('1') }};
 {% endif %}
 {% else %}
    server unix:{{ php.version | php_default_upstream_socket }} weight=1;
 {% endfor %}
 }
 {% endfor %}
 {% if ansible_local.hanxhx_php.fpm_pool is defined%}
 # -------------------------------------------------------
 # Auto-detected PHP config for HanXHX.php ansible role
 # -------------------------------------------------------
 {% for php in ansible_local.hanxhx_php.fpm_pool %}
 upstream {{ php.name }} {
 	server {% if php.listen.startswith('/') %}unix:{{ php.listen }}{% else %}{{ php.listen }}{% endif %};
 }
 {% endfor %}
 {% endif %}
 # vim:filetype=nginx
--- a/templates/etc/nginx/helper/ssl-legacy.j2
+++ b/templates/etc/nginx/helper/ssl-legacy.j2
@@ -9,7 +9,6 @@ ssl_session_cache shared:SSL:10m;
 ssl_session_tickets off;
 ssl_stapling on;
 ssl_stapling_verify on;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
 resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
 resolver_timeout {{ nginx_resolver_timeout }};
 ssl_dhparam {{ nginx_dh_path }};
--- a/templates/etc/nginx/helper/ssl-strong.j2
+++ b/templates/etc/nginx/helper/ssl-strong.j2
@@ -11,7 +11,6 @@ ssl_session_cache shared:SSL:10m;
 ssl_session_tickets off;
 ssl_stapling on;
 ssl_stapling_verify on;
 add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
 resolver {{ nginx_resolver_hosts | join(' ') }} valid={{ nginx_resolver_valid }};
 resolver_timeout {{ nginx_resolver_timeout }};
 ssl_dhparam {{ nginx_dh_path }};
--- a/templates/etc/nginx/sites-available/_backuppc.j2
+++ b/templates/etc/nginx/sites-available/_backuppc.j2
@@ -1,33 +0,0 @@
 {% extends "_base.j2" %}
 {% block root %}
 	root /usr/share/backuppc/cgi-bin;
 {% endblock %}
 {% block template_try_files %}
 {% endblock %}
 {% block template_index %}
 	index index.cgi;
 {% endblock %}
 {% block template_local_content %}
 	location ~ /\.ht {
 		deny all;
 	}
 	location /backuppc/image {
 		alias /usr/share/backuppc/image;
 		expires 60d;
 	}
 {% endblock %}
 {% block template_upstream_location %}
 	location ~ \.cgi$ {
 		gzip off;
 		include fastcgi.conf;
 		fastcgi_pass unix:/var/run/fcgiwrap.socket;
 		fastcgi_index BackupPC_Admin;
 		fastcgi_param SCRIPT_FILENAME /usr/share/backuppc/cgi-bin$fastcgi_script_name;
 	}
 {% endblock %}
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -1,15 +1,18 @@
 {% set __proto = item.proto | default(['http']) %}
-{% set __main_name =  item | nginx_site_filename %}
+{% set __main_name =  item | nginx_site_name %}
-{% set __listen = item.listen | default(['80', '[::]:80']) %}
+{% set __listen = item.listen | default(nginx_default_listen) %}
-{% set __listen_ssl = item.listen_ssl | default(['443', '[::]:443']) %}
+{% set __listen_ssl = item.listen_ssl | default(nginx_default_listen_ssl) %}
-{% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %}
+{% set __listen_proxy_protocol = item.listen_proxy_protocol | default(nginx_default_listen_proxy_protocol) %}
-{% set __https_proxy_protocol_port = item.https_proxy_protocol_port | default([]) %}
+{% set __listen_proxy_protocol_ssl = item.listen_proxy_protocol_ssl | default(nginx_default_listen_proxy_protocol_ssl) %}
 {% set __location = item.location | default({}) %}
 {% set __location_before = item.location_before | default({}) %}
 {% set __headers = item.headers | default(nginx_servers_default_headers) %}
-{% set __ssl_name = item.ssl_name | default(item.name if item.name is string else item.name[0]) %}
+{% set __ssl_name = item.ssl_name | default(__main_name) %}
 {% set __location_order = item.location_order | default(__location.keys()) %}
 {% set __location_order_before = item.location_order_before | default(__location_before.keys()) %}
 {% set __http2 = nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %}
 {% macro listen_http() %}
 {% endmacro %}
 {% macro server_name(name) %}
 {% if name is string %}{{ name }}{% else %}{{ name | join(" ") }}{% endif %}
 {% endmacro %}
@@ -40,7 +43,7 @@
 {%- endif %}
 {%- endmacro %}
 {% macro ssl(ssl_name) %}
-{% for sn in nginx_ssl_pairs if ((sn.name is string and sn.name == ssl_name) or (sn.name.0 == ssl_name)) %}
+{% for sn in nginx_ssl_pairs if (sn.name is defined and (sn | nginx_site_name) == ssl_name) %}
 	ssl_certificate {{ sn | nginx_cert_path(nginx_ssl_dir) }};
 	ssl_certificate_key {{ sn | nginx_key_path(nginx_ssl_dir) }};
 {% endfor %}
@@ -48,7 +51,10 @@
 {% macro httpsredirect(name) %}
 server {
 {% for port in __listen %}
-	listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+	listen {{ port }};
 {% endfor %}
 {% for port in __listen_proxy_protocol %}
 	listen {{ port }} proxy_protocol;
 {% endfor %}
 	server_name {{ server_name(name) }};
 	location / {
@@ -67,16 +73,23 @@ server {
 server {
 {% if 'http' in __proto %}
 {% for port in __listen %}
-	listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+	listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %};
 {% endfor %}
 {% for port in __listen_proxy_protocol %}
 	listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %} proxy_protocol;
 {% endfor %}
 {% endif %}
 {% if 'https' in __proto %}
 {% for port in __listen_ssl %}
-	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %};
+	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %};
 {% endfor %}
 {% for port in __listen_proxy_protocol_ssl %}
 	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol;
 {% endfor %}
 {{ ssl(__ssl_name) }}
 {% if item.ssl_template is not defined or item.ssl_template != false %}
 	include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
 	add_header Strict-Transport-Security "{{ item.hsts | default(nginx_default_hsts) }}" always;
 {% endif %}
 {% endif %}
 	server_name {{ server_name(item.name) }};
@@ -84,7 +97,7 @@ server {
 {% if item.root is defined %}
 	root {{ item.root }};
 {% else %}
-	root {{ nginx_root }}/{{ __main_name }}/public;
+	root {{ nginx_root }}/{{ item | nginx_site_filename }}/public;
 {% endif %}
 {% endblock %}
 {% block template_index %}
@@ -105,7 +118,7 @@ server {
 {% block template_headers %}
 	# --> Custom headers
-{% for key, value in __headers.iteritems() %}
+{% for key, value in __headers.items() %}
 	add_header {{ key }} "{{ value | regex_replace('\s+always$', '') }}"{% if value | regex_search('\s+always$') %} always{% endif %};
 {% endfor %}
 	# <-- Custom headers
@@ -113,7 +126,7 @@ server {
 {{ locations(__location_before, __location_order_before) }}
-{% if not __location.has_key('/') %}
+{% if not '/' in  __location %}
 	location / {
 {% block template_try_files %}
 		try_files {{ item.override_try_files | default('$uri $uri/ =404') }};
@@ -182,26 +195,34 @@ server {
 #
 server {
 {% for port in __listen %}
-	listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
+	listen {{ port }};
 {% endfor %}
 {% for port in __listen_proxy_protocol %}
 	listen {{ port }} proxy_protocol;
 {% endfor %}
 	server_name {{ server_name(item.redirect_from) }};
 	location / {
-		return 301 $scheme://{{ item.name if item.name is string else item.name[0] }}$request_uri;
+		return 301 $scheme://{{ __main_name }}$request_uri;
 	}
 }
 {% if 'https' in __proto %}
 server {
 {% for port in __listen_ssl %}
-	listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %};
+	listen {{ port }} ssl{% if __http2 %} http2{% endif %};
 {% endfor %}
 {% for port in __listen_proxy_protocol_ssl %}
 	listen {{ port }} ssl{% if __http2 %} http2{% endif %} proxy_protocol;
 {% endfor %}
 {{ ssl(__ssl_name) }}
 {% if item.ssl_template is not defined or item.ssl_template != false %}
 	include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
 	add_header Strict-Transport-Security "{{ item.hsts | default(nginx_default_hsts) }}" always;
 {% endif %}
 	server_name {{ server_name(item.redirect_from) }};
 	location / {
-		return 301 https://{{ item.name if item.name is string else item.name[0] }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
+		return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
 	}
 }
 {% endif %}
--- a/templates/etc/nginx/sites-available/_php.j2
+++ b/templates/etc/nginx/sites-available/_php.j2
@@ -1,16 +1,5 @@
 {% extends "_base.j2" %}
 {% if item.php_version is defined %}
 {% set php_info = 'Explicit PHP version on site' %}
 {% set php_upstream = (nginx_php|selectattr('version', 'equalto', item.php_version)|first).upstream_name | default(item.php_version | php_default_upstream_name) %}
 {% elif item.php_upstream is defined %}
 {% set php_info = 'Explicit Nginx/PHP upstream on site' %}
 {% set php_upstream = item.php_upstream %}
 {% else %}
 {% set php_info = 'Warning: using first PHP version on config' %}
 {% set php_upstream = nginx_php.0.upstream_name | default(nginx_php.0.version | php_default_upstream_name) %}
 {% endif %}
 {% block template_index %}
 	index {{ item.index | default('index.html index.htm index.php') }};
 {% endblock %}
@@ -21,8 +10,7 @@
 {% block template_upstream_location %}
 	location ~ \.php$ {
-		# {{ php_info }}
+		fastcgi_pass {{ item.php_upstream }};
 		fastcgi_pass {{ php_upstream }};
 		fastcgi_index index.php;
 {% if item.upstream_params is defined and item.upstream_params is iterable %}
 {% for param in item.upstream_params %}
--- a/templates/etc/nginx/sites-available/_php_index.j2
+++ b/templates/etc/nginx/sites-available/_php_index.j2
@@ -2,8 +2,7 @@
 {% block template_upstream_location %}
 	location = /index.php {
-		# {{ php_info }}
+		fastcgi_pass {{ item.php_upstream }};
 		fastcgi_pass {{ php_upstream }};
 		fastcgi_index index.php;
 {% if item.upstream_params is defined and item.upstream_params is iterable %}
 {% for param in item.upstream_params %}
--- a/templates/etc/nginx/sites-available/_php_index2.j2
+++ b/templates/etc/nginx/sites-available/_php_index2.j2
@@ -6,8 +6,7 @@
 {% block template_upstream_location %}
 	location = /index.php {
-		# {{ php_info }}
+		fastcgi_pass {{ item.php_upstream }};
 		fastcgi_pass {{ php_upstream }};
 		fastcgi_index index.php;
 {% if item.upstream_params is defined and item.upstream_params is iterable %}
 {% for param in item.upstream_params %}
--- a/templates/etc/nginx/sites-available/_symfony.j2
+++ b/templates/etc/nginx/sites-available/_symfony.j2
@@ -0,0 +1,27 @@
 {% extends "_php.j2" %}
 {% block template_try_files %}
 		 try_files $uri /index.php$is_args$args;
 {% endblock %}
 {% block template_upstream_location %}
 	location /bundles {
 		try_files $uri =404;
 	}
 	location ~ ^/index\.php(/|$) {
 		fastcgi_pass {{ item.php_upstream }};
 		fastcgi_index index.php;
 {% if item.upstream_params is defined and item.upstream_params is iterable %}
 {% for param in item.upstream_params %}
 		{{ param }}
 {% endfor %}
 {% endif %}
 		include fastcgi.conf;
 		internal;
 	}
 	location ~ \.php$ {
 		return 404;
 	}
 {% endblock %}
--- a/tests/includes/post_Debian.yml
+++ b/tests/includes/post_Debian.yml
@@ -1,19 +1 @@
 ---
 - name: APT | Install webapps and related tools
  apt:
    pkg: "{{ packages }}"
    state: present
    install_recommends: no
  vars:
    packages:
      - backuppc
      - samba-common-bin
      - smbclient
 - name: SERVICE | Ensure backuppc is started
  service:
    name: backuppc
    state: started
  register: b
  failed_when: b.failed and 'Another BackupPC is running' not in b.msg
--- a/tests/includes/post_FreeBSD.yml
+++ b/tests/includes/post_FreeBSD.yml
@@ -1,23 +1 @@
 ---
 #- name: APT | Install web apps
 #  pkgng:
 #    name: "backuppc"
 #    state: present
 #
 #- name: COMMAND | Activate backuppc config
 #  command: >
 #    cp /usr/local/etc/backuppc/config.pl.sample /usr/local/etc/backuppc/config.pl
 #    creates=/usr/local/etc/backuppc/config.pl
 #
 #- name: FILE | Fix backuppc permissions
 #  file:
 #    path: /usr/local/etc/backuppc/config.pl
 #    owner: backuppc
 #    group: backuppc
 #
 #
 # We don't manage BackupPC on FreeBSD... too dirty. :/
 #
 #- name: SERVICE | Ensure backuppc is started
 #  service: name=backuppc state=started enabled=yes
--- a/tests/includes/pre_Debian.yml
+++ b/tests/includes/pre_Debian.yml
@@ -6,28 +6,10 @@
    state: present
  when: nginx_backports
 - block:
  - name: APT | Install apt-transport-https
    apt:
      pkg: apt-transport-https
      update_cache: yes
      cache_valid_time: 3600
  - name: APT_KEY | Install GPG key
    apt_key:
      url: 'https://packages.sury.org/php/apt.gpg'
  - name: APT_REPOSITORY | Add APT repository
    apt_repository:
      repo: 'deb https://packages.sury.org/php {{ ansible_distribution_release }} main'
  when: sury | default(false)
 - name: APT | Install needed packages
  apt:
    pkg: "{{ packages }}"
-    update_cache: yes
+    update_cache: true
    cache_valid_time: 3600
    state: present
  vars:
@@ -35,7 +17,6 @@
      - cron
      - curl
      - daemonize
      - fcgiwrap
      - jq
      - nghttp2
      - strace
@@ -44,25 +25,26 @@
 - name: APT | Install PHP
  apt:
-    pkg: "{{ item.version | php_fpm_package }}"
+    pkg: "{{ pkgs }}"
-    update_cache: yes
+    update_cache: true
    cache_valid_time: 3600
    state: present
-  loop: "{{ nginx_php }}"
+  vars:
-  register: apt_php
+    pkgs:
      - php-cli
      - php-fpm
- name: SERVICE | Force start fcgiwrap
+- name: SHELL | Get current PHP version
-  service:
+  shell: php --version | awk '/^PHP/ { print $2 }' | grep -o -E '^.{3}'
-    name: "fcgiwrap"
+  changed_when: false
-    state: started
+  register: cur_php_version
 # Bypasses Ansible+Docker issue. With service module... php is not really started!
 - name: COMMAND | Force start PHP
-  command: "service {{ item.version | php_fpm_service }} start"
+  command: "service php{{ cur_php_version.stdout }}-fpm start"
  args:
-    creates: "{{ item.version | php_default_upstream_socket }}"
+    creates: "/run/php/php{{ cur_php_version.stdout }}-fpm.pid"
    warn: false
  loop: "{{ nginx_php }}"
 - name: GET_URL | Download ngrok
  get_url:
@@ -73,8 +55,29 @@
  unarchive:
    src: "/tmp/ngrok.zip"
    dest: "/tmp"
-    remote_src: yes
+    remote_src: true
 - name: SET_FACT | ngrok_path
  set_fact:
    ngrok_path: '/tmp/ngrok'
 - name: USER | Create PHP User foo
  user:
    name: foo
    system: true
 - name: INCLUDE_ROLE | HanXHX.php
  include_role:
    name: "{{ playbook_dir }}/HanXHX.php"
  vars:
    php_version: "{{ cur_php_version.stdout }}"
    php_autoremove_default_pool: false
    php_fpm_poold:
      - name: 'hx_unix'
        user: 'foo'
        php_value:
          display_errors: 'Off'
        php_admin_value:
          memory_limit: '98M'
      - name: 'hx_ip'
        listen: '127.0.0.1:9636'
--- a/tests/includes/pre_FreeBSD.yml
+++ b/tests/includes/pre_FreeBSD.yml
@@ -5,12 +5,18 @@
    nginx_pkgng_package: 'nginx-full'
    nginx_user: 'www'
    nginx_php:
-      - version: '7.2'
+      - upstream_name: 'manual'
        sockets:
          - host: '127.0.0.1'
            port: 9000
      - upstream_name: 'hx_unix'
        sockets:
          - host: '127.0.0.1'
            port: 9000
      - upstream_name: 'hx_ip'
        sockets:
          - host: '127.0.0.1'
            port: 9000
    nginx_load_modules:
      - /usr/local/libexec/nginx/ngx_http_geoip_module.so
    ngrok_path: '/usr/local/bin/ngrok'
 - name: PKGNG | Install needed packages
@@ -19,29 +25,23 @@
    state: present
  vars:
    packages:
      - bash
      - curl
      - daemonize
      - fcgiwrap
      - GeoIP
      - jq
      - nghttp2
-      - php72
+      - php74
      - vim
 - name: COMMAND | Get geoip database
  command: geoipupdate.sh
  args:
    creates: /usr/local/share/GeoIP/GeoIP.dat
 - name: SERVICE | Force start services
  service:
    name: "{{ item }}"
    state: started
-    enabled: yes
+    enabled: true
  register: sf
  loop:
    - php-fpm
    - fcgiwrap
 - name: STAT | Check ports
  stat:
--- a/tests/includes/pre_common.yml
+++ b/tests/includes/pre_common.yml
@@ -1,7 +1,7 @@
 ---
 - name: SHELL | Start ngrok
-  shell: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 8888 -bind-tls=false
+  shell: daemonize -l /tmp/ngrok.lock {{ ngrok_path }} http 80 -bind-tls=false
  failed_when: false
  changed_when: ngrok.stderr.find("Can't lock the lock file") == -1
  register: ngrok
@@ -13,8 +13,9 @@
  when: ngrok.changed
 - name: SHELL | Get ngrok public address
-  shell: curl 'http://127.0.0.1:4040/api/tunnels/command_line' | jq '.public_url' | grep -oE '[[:alnum:]]+\.ngrok\.io'
+  shell: set -o pipefail && curl 'http://127.0.0.1:4040/api/tunnels/command_line' 2> /dev/null | jq -r '.public_url' | cut -d '/' -f 3
  args:
    executable: /bin/bash
    warn: false
  register: ngrok
  changed_when: false
@@ -23,7 +24,7 @@
  lineinfile:
    line: "set mouse="
    dest: "{{ item }}/.vimrc"
-    create: yes
+    create: true
  loop:
    - /root
    - /home/vagrant
--- a/tests/templates/custom_template.conf.j2
+++ b/tests/templates/custom_template.conf.j2
@@ -0,0 +1,16 @@
 # {{ ansible_managed }} - custom template
 server {
 	listen 80;
 	listen 8888 http2;
 	listen 9999 http2 proxy_protocol;
 	server_name {{ item.name }};
 	index index.html index.htm;
 	root {{ item.root }};
 	location / {
 		try_files $uri $uri/ =404;
 	}
 }
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -2,29 +2,39 @@
 - hosts: all
  pre_tasks:
    - name: INCLUDE_TASKS | Pre_tasks related to OS version
-      include_tasks: "includes/pre_{{ ansible_distribution }}.yml"
+      ansible.builtin.include_tasks: "includes/pre_{{ ansible_distribution }}.yml"
    - name: IMPORT_TASKS | Pre_tasks common
-      import_tasks: "includes/pre_common.yml"
+      ansible.builtin.import_tasks: "includes/pre_common.yml"
    - name: FILE | Create an internal SSL dir
-      file:
+      ansible.builtin.file:
        path: "{{ int_ansible_ssl_dir }}"
        state: directory
        mode: 0750
        owner: root
        group: root
    - name: COPY | Deploy test certificate
-      copy:
+      ansible.builtin.copy:
        src: "file/test.crt"
        dest: "{{ int_ansible_ssl_dir }}/test.crt"
        mode: 0640
        owner: root
        group: root
    - name: COPY | Deploy test key
-      copy:
+      ansible.builtin.copy:
        src: "file/test.key"
        dest: "{{ int_ansible_ssl_dir }}/test.key"
        mode: 0640
        owner: root
        group: root
    - name: COPY | Add all hosts in /etc/hosts
-      copy:
+      ansible.builtin.copy:
        content: |
          127.0.0.1 localhost
          {% for s in nginx_sites %}
@@ -38,13 +48,16 @@
          {% endif %}
          {% endfor %}
        dest: "/etc/hosts"
-        unsafe_writes: yes
+        mode: 0644
        owner: root
        group: root
        unsafe_writes: true
  vars:
-# Internal vars
+    # Internal vars
    int_ansible_ssl_dir: '/etc/ansible-ssl'
-# Role vars
+    # Role vars
-    nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
+    nginx_worker_processes: 1    # Ansible+FreeBSD can't detect CPU number
    nginx_apt_package: 'nginx-extras'
    nginx_module_packages: ['libnginx-mod-http-headers-more-filter']
    nginx_upstreams:
@@ -77,14 +90,14 @@
    nginx_acmesh: true
    nginx_acmesh_test: true
    nginx_ssl_pairs:
-      - name:
+      - name: '{{ ngrok.stdout }}'
          - '{{ ngrok.stdout }}'
        acme: true
        acme_port: 8888
      - name: 'test-ssl-selfsigned.local'
        self_signed: true
        force: false
-      - name: 'test-ssl-predeployed.local'
+      - name:
          - 'test-ssl-predeployed.local'
          - 'test-multiple-name.local'    # Hack: tests for acme with multiple name, without using acme
        dest_key: "{{ int_ansible_ssl_dir }}/test.key"
        dest_cert: "{{ int_ansible_ssl_dir }}/test.crt"
      - name: 'test-ssl.local'
@@ -145,7 +158,7 @@
      - '    DZ no;'
      - '    TN no;'
      - '}'
-    nginx_default_site: 'first-test'
+    nginx_default_site: 'test.local'
    nginx_default_site_ssl: 'test-ssl-predeployed.local'
    nginx_sites:
      - name:
@@ -153,8 +166,8 @@
          - 'test-alias.local'
          - 'test2-alias.local'
        template: '_base'
-        filename : 'first-test'
+        filename: 'first-test'
-        override_try_files: '$uri $uri /index.htm /index.html'
+        override_try_files: '$uri/ $uri =404'
        headers:
          'X-Frame-Options': 'deny always'
          'X-ansible-default': '1'
@@ -203,7 +216,7 @@
          - '/'
          - '/a'
      - name: 'test-php.local'
-        php_version: "{{ nginx_php.1.version if nginx_php.1 is defined else nginx_php.0.version }}"
+        php_upstream: "manual"
        upstream_params:
          - 'fastcgi_param FOO bar;'
        redirect_from:
@@ -213,8 +226,10 @@
        use_access_log: true
      - name: 'test-php-index.local'
        template: '_php_index'
        php_upstream: 'hx_unix'
      - name: 'test-php-index2.local'
        template: '_php_index2'
        php_upstream: 'hx_ip'
      - name: 'test-proxy.local'
        listen:
          - 8080
@@ -226,15 +241,15 @@
        state: 'absent'
      - name: 'redirect-to.local'
        redirect_to: 'http://test.local'
      - name: 'backuppc.local'
        template: '_backuppc'
        htpasswd: 'hello'
      - name: 'test-ssl.local'
        proto: ['http', 'https']
        template: '_base'
-      - name: 'test-ssl-selfsigned.local'
+      - name:
          - 'test-ssl-selfsigned.local'
          - 'www.test-ssl-selfsigned.local'
        proto: ['http', 'https']
        template: '_base'
        hsts: 'max-age=1664;'
      - name: 'test-ssl-predeployed.local'
        proto: ['http', 'https']
        template: '_base'
@@ -260,44 +275,66 @@
          - 'www.test-ssl-redirect-many2.local'
      - name: 'test-ssl-proxy-protocol.local'
        proto: ['http', 'https']
-        listen: [80, 20080]
+        listen_proxy_protocol: [20080]
-        listen_ssl: [443, 20443]
+        listen_proxy_protocol_ssl: [20443]
        http_proxy_protocol_port: [20080]
        https_proxy_protocol_port: [20443]
        template: '_base'
        ssl_name: 'test-ssl.local'
        headers:
          'X-Proxy-Protocol': '1'
      - name: '{{ ngrok.stdout }}'
        proto: ['http', 'https']
        listen_proxy_protocol: [21080]
        listen_proxy_protocol_ssl: [21443]
        template: '_base'
        ssl_name: '{{ ngrok.stdout }}'
        headers:
          'X-acme': '1'
      - name: 'test-custom-template.local'
        custom_template: 'templates/custom_template.conf.j2'
        root: '/tmp/custom-template'
    nginx_php: "{{ [{'upstream_name': 'manual', 'sockets': [{'host': '127.0.0.1', 'port': '9636' }] }] }}"
    nginx_dh_length: 1024
  roles:
    - ../../
  post_tasks:
-# --------------------------------
+    # --------------------------------
-# Apps
+    # Apps
-# --------------------------------
+    # --------------------------------
    - name: INCLUDE_TASKS | Post_tasks related to OS version
-      include_tasks: "includes/post_{{ ansible_distribution }}.yml"
+      ansible.builtin.include_tasks: "includes/post_{{ ansible_distribution }}.yml"
-# --------------------------------
+    # --------------------------------
-# Deploy index files
+    # Deploy index files
-# --------------------------------
+    # --------------------------------
    - name: -- Add PHP file --
-      copy:
+      ansible.builtin.copy:
        dest: "{{ nginx_root }}/{{ item }}/public/index.php"
        content: "<?php phpinfo();"
        mode: 0644
        owner: root
        group: root
      loop:
        - 'test-php.local'
        - 'test-php-index.local'
        - 'test-php-index2.local'
    - name: -- Add Directories --
      ansible.builtin.file:
        path: "{{ item }}"
        state: directory
        mode: 0755
      loop:
        - "{{ nginx_root }}/test-htpasswd.local/public/hello"
        - "/tmp/custom-template"
    - name: -- Add HTML file --
-      copy:
+      ansible.builtin.copy:
        dest: "{{ item }}/index.html"
        content: "Index HTML test OK\n"
        mode: 0644
        owner: root
        group: root
      loop:
        - '{{ nginx_root }}/first-test/public'
        - '/var/tmp'
@@ -309,26 +346,33 @@
        - '{{ nginx_root }}/{{ ngrok.stdout }}/public'
    - name: -- Create directory --
-      file:
+      ansible.builtin.file:
        path: "{{ nginx_root }}/test-htpasswd.local/public/hello"
        state: directory
        mode: 0755
        owner: root
        group: root
    - name: -- Add HTML file hello --
-      copy:
+      ansible.builtin.copy:
        dest: "{{ nginx_root }}/test-htpasswd.local/public/hello/index.html"
        content: "hello\n"
        mode: 0644
        owner: root
        group: root
-# --------------------------------
+    # --------------------------------
-# Test custom facts
+    # Test custom facts
-# --------------------------------
+    # --------------------------------
    - name: -- CHECK FACTS --
-      assert:
+      ansible.builtin.assert:
        that: "'{{ ansible_local.nginx.fact_nginx_sites[0].name[0] }}' == 'test.local'"
-# --------------------------------
+
-# Simple sites tests
+    # --------------------------------
-# --------------------------------
+    # Simple sites tests
    # --------------------------------
    - name: -- VERIFY SITES --
-      uri:
+      ansible.builtin.uri:
        url: "http://{{ item | nginx_site_name }}{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
        status_code: '200,301,302,401,403'
        follow_redirects: none
@@ -337,12 +381,12 @@
      changed_when: false
    - name: -- VERIFY FORBIDDEN --
-      uri:
+      ansible.builtin.uri:
        url: "http://test-php-index.local/phpinfo.php"
        status_code: 403
    - name: -- VERIFY REDIRECT SITES --
-      uri:
+      ansible.builtin.uri:
        url: "http://{{ item.redirect_from[0] }}/"
        status_code: 301
        follow_redirects: none
@@ -351,96 +395,82 @@
      changed_when: false
    - name: -- VERIFY REDIRECT HTTPS SITES --
-      uri:
+      ansible.builtin.uri:
        url: "https://{{ item.redirect_from[0] }}:{{ item.listen_ssl[0] | default(443) }}/"
        status_code: 301
        follow_redirects: none
-        validate_certs: no
+        validate_certs: false
      loop: "{{ nginx_sites }}"
      when: item.redirect_from is defined and (item.state is undefined or item.state != "absent") and item.proto is defined and 'https' in item.proto
      changed_when: false
-# --------------------------------
+    # --------------------------------
-# PHP
+    # PHP
-# --------------------------------
+    # --------------------------------
    - name: -- VERIFY PHP SITES --
-      uri:
+      ansible.builtin.uri:
        url: "http://{{ item.name }}/"
-        return_content: yes
+        return_content: true
      register: p
      loop: "{{ nginx_sites }}"
      when: >
        item.template is defined and
        (item.template == '_php' or item.template == '_php_index' or item.template == '_php_index2')
-      failed_when: p.content.find('PHP Version ' + item.php_version if 'php_version' in item else nginx_php.0.version) == -1
+      failed_when: p.content.find('PHP Version') == -1
    - name: -- VERIFY INDEX2 --
-      uri:
+      ansible.builtin.uri:
        url: "http://test-php-index2.local/lorem.php?ipsum=sit&dolor=amet"
-        return_content: yes
+        return_content: true
      register: p2
      failed_when: p2.content.find('PHP Version') == -1
-# --------------------------------
+    # --------------------------------
-# Basic Auth
+    # Basic Auth
-# --------------------------------
+    # --------------------------------
    - name: -- VERIFY AUTH BASIC NONE --
-      uri:
+      ansible.builtin.uri:
        url: "http://test-htpasswd.local/hello/"
        status_code: 401
    - name: -- VERIFY AUTH BASIC FAIL --
-      uri:
+      ansible.builtin.uri:
        url: "http://test-htpasswd.local/hello/"
        status_code: 401
        user: "fail"
        password: "fail"
-        force_basic_auth: yes
+        force_basic_auth: true
    - name: -- VERIFY AUTH BASIC OK --
-      uri:
+      ansible.builtin.uri:
        url: "http://test-htpasswd.local/hello/"
        user: "hanx"
        password: "qwerty"
-        force_basic_auth: yes
+        force_basic_auth: true
    - name: -- VERIFY AUTH BASIC FAIL GLOBAL --
-      uri:
+      ansible.builtin.uri:
        url: "http://test-htpasswd-all.local/"
        status_code: 401
        user: "fail"
        password: "fail"
-        force_basic_auth: yes
+        force_basic_auth: true
    - name: -- VERIFY AUTH BASIC OK GLOBAL --
-      uri:
+      ansible.builtin.uri:
        url: "http://test-htpasswd-all.local/"
        user: "hanx"
        password: "qwerty"
-        force_basic_auth: yes
+        force_basic_auth: true
-# --------------------------------
+    # --------------------------------
-# BackupPC
+    # SSL
-# --------------------------------
+    # --------------------------------
    - name: -- VERIFY BACKUPPC --
      uri:
        url: "http://backuppc.local/"
        user: "hanx"
        password: "qwerty"
        force_basic_auth: yes
        return_content: yes
      register: authbpc
      when: ansible_distribution != 'FreeBSD'
      failed_when: authbpc.content.find('BackupPC Server Status') == -1
 # --------------------------------
 # SSL
 # --------------------------------
    - name: -- VERIFY SSL --
-      uri:
+      ansible.builtin.uri:
        url: "https://{{ item }}/"
-        return_content: yes
+        return_content: true
-        validate_certs: no
+        validate_certs: false
      register: sslok
      failed_when: sslok.content.find('Index HTML test OK') == -1
      loop:
@@ -450,11 +480,11 @@
        - '{{ ngrok.stdout }}'
    - name: -- VERIFY SSL REDIRECT --
-      uri:
+      ansible.builtin.uri:
        url: "http://{{ item.name }}/"
-        validate_certs: no
+        validate_certs: false
        status_code: 301
-        return_content: yes
+        return_content: true
        follow_redirects: none
      register: sslredirok
      failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location'
@@ -465,60 +495,80 @@
        - name: 'test-ssl-redirect-many2.local'
          port: '8443'
-# --------------------------------
+    # --------------------------------
-# Default sites
+    # Default sites
-# --------------------------------
+    # --------------------------------
    - name: -- VERIFY DEFAULT SITE --
-      uri:
+      ansible.builtin.uri:
        url: 'http://127.0.0.1/'
-        return_content: yes
+        return_content: true
      register: vdefault
      failed_when: >
        vdefault.content.find('Index HTML test OK') == -1 or
        vdefault.x_ansible_default is not defined
    - name: -- VERIFY DEFAULT SITE + STUB STATUS--
-      uri:
+      ansible.builtin.uri:
        url: 'http://127.0.0.1/status'
-        return_content: yes
+        return_content: true
      register: vdefault_status
      failed_when: >
        vdefault_status.content.find('Active connections') == -1 or
        vdefault_status.x_ansible_default is not defined
    - name: -- VERIFY DEFAULT SSL SITE --
-      uri:
+      ansible.builtin.uri:
        url: 'https://127.0.0.1/'
-        return_content: yes
+        return_content: true
-        validate_certs: no
+        validate_certs: false
      register: vdefault
      failed_when: >
        vdefault.content.find('Index HTML test OK') == -1 or
        vdefault.x_ansible_default is not defined
    - name: -- VERIFY NOT DEFAULT SITE --
-      uri:
+      ansible.builtin.uri:
        url: 'http://test-php.local/'
-        return_content: yes
+        return_content: true
      register: vphp
      failed_when: vphp.x_ansible_default is defined
    - name: -- VERIFY NOT DEFAULT SSL SITE --
-      uri:
+      ansible.builtin.uri:
        url: 'https://test-ssl.local/'
-        return_content: yes
+        return_content: true
-        validate_certs: no
+        validate_certs: false
      register: notdefaultssl
      failed_when: notdefaultssl.x_ansible_default is defined
-# --------------------------------
+    # --------------------------------
-# Check HTTP2
+    # Check Proxy protocol
-# --------------------------------
+    # Note: Debian Stretch doesn't any version of curl with "--haproxy-protocol" argument
    # --------------------------------
    - block:
        - name: SHELL | Check HTTP proxy protocol
          ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol'
          args:
            executable: /bin/bash
            warn: false
          changed_when: false
        - name: SHELL | Check HTTPS proxy protocol
          ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol'
          args:
            executable: /bin/bash
            warn: false
          changed_when: false
      when: not (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('9', 'eq'))
    # --------------------------------
    # Check HTTP2
    # --------------------------------
    - name: SHELL | Check HTTP2
-      shell: nghttp -nv https://localhost 2> /dev/null | grep -q h2
+      ansible.builtin.shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2
      args:
-        executable: /bin/sh
+        executable: /bin/bash
      changed_when: false
      when: nginx_auto_config_httpv2 and 'http_v2' in nginx_modules
      tags:
        - skip_ansible_lint
--- a/vars/Debian.yml
+++ b/vars/Debian.yml
@@ -1,6 +1,5 @@
 ---
 nginx_events_use: 'epoll'
 nginx_pid: '/run/nginx.pid'
 nginx_etc_dir: '/etc/nginx'
 # Specific sites
 nginx_fcgiwrap_sock: '/var/run/fcgiwrap.socket'
--- a/vars/FreeBSD.yml
+++ b/vars/FreeBSD.yml
@@ -1,8 +1,7 @@
 ---
 nginx_events_use: 'kqueue'
 nginx_pid: '/var/run/nginx.pid'
 nginx_etc_dir: '/usr/local/etc/nginx'
 # Specific sites
 nginx_fcgiwrap_sock: '/var/run/fcgiwrap/fcgiwrap.sock'
 nginx_acmesh_bin: '/usr/local/sbin/acme.sh'
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,3 +1,5 @@
 ---
 nginx_upstream_server_params:
  - key: 'weight'
    default: 1
@@ -40,7 +42,6 @@ nginx_dirs:
    owner: "root"
 nginx_templates_no_dir:
  - '_backuppc'
  - '_proxy'
 nginx_servers_default_headers:
Author	SHA1	Message	Date
Emilien Mantel	297dc1f669	Fix ansible lint	2021-09-03 12:19:32 +02:00
Emilien Mantel	5e2f988beb	Merge branch 'master' into debian_11	2021-09-03 12:08:30 +02:00
Emilien Mantel	6aea2bcb5f	Migrate to new TravisCI version	2021-09-01 12:05:07 +02:00
Emilien Mantel	8c6c4dc813	Fix Ansible Lint	2021-09-01 11:58:39 +02:00
Emilien Mantel	a2780d3d95	Fix Ansible Lint	2021-09-01 11:45:44 +02:00
Emilien Mantel	6c7e0c2a47	Fix yaml lint	2021-09-01 11:21:12 +02:00
Emilien Mantel	bdddb06fcc	Add Debian Bullseye (11) support	2021-09-01 11:07:54 +02:00
Emilien Mantel	6e5fce00e7	Drop Backuppc support	2021-09-01 11:06:02 +02:00
Emilien Mantel	8268eb266a	Fix no_log call crashes on Ansible 2.11	2021-09-01 11:02:45 +02:00
Emilien Mantel	8b73a835c6	Fix ngrok task to get hostname	2021-09-01 11:02:12 +02:00
Emilien Mantel	40ebe61c57	Add doc for custom site templates	2020-08-24 09:08:57 +02:00
Emilien Mantel	0f8688f290	Travis: don't install ansible buggy versions	2020-08-24 09:08:57 +02:00
Emilien Mantel	204e95725e	Manage custom templates for sites Issue #12 related	2020-08-24 09:08:57 +02:00
Emilien Mantel	da08953a27	Drop Backuppc support	2020-08-24 09:08:57 +02:00
Emilien Mantel	4c63efa588	Compat python3	2020-05-18 16:10:42 +02:00
Emilien Mantel	3e228d0812	Typofix	2020-02-04 13:08:48 +01:00
Emilien Mantel	1e7a0fc855	Change HSTS header per site or globally	2020-02-04 13:06:26 +01:00
Emilien Mantel	93b90c748f	Fix redirect_ssl cannot be a default_site	2020-02-04 11:31:21 +01:00
Emilien Mantel	d8f6088362	Fix SSL with multiple names	2020-02-04 11:07:21 +01:00
Emilien Mantel	8c3b1c7f13	Compat with python3	2020-01-01 22:56:08 +01:00
Emilien Mantel	5cdd1a8b37	Skip tests on proxy protocol on Debian Stretch	2019-12-31 13:16:42 +01:00
Emilien Mantel	0363a37e06	Changeis for proxy_protocol and apply default values	2019-12-31 13:07:13 +01:00
Emilien Mantel	a1e76453cf	DH length 4096 -> 2048	2019-12-31 12:46:02 +01:00
Emilien Mantel	729173c46c	Better SSL management - Use filter plugins - Acme: can use proxy protocol - Acme: uses all sites name - Acme: add more tests while crashing	2019-12-31 12:43:43 +01:00
Emilien Mantel	2f8ce00067	Add tests on proxy protocol	2019-12-30 17:43:18 +01:00
Emilien Mantel	9b286f9b96	Fix some issues: - "main_name" is name/name[0] not filename - improve some tests - better proxy protocol handling (not necessary to declare ports twice)	2019-12-30 17:28:34 +01:00
Emilien Mantel	4a2478a4fb	[WIP] Working on FreeBSD tests Replace ngrok by serveo.net?	2019-12-29 18:18:24 +01:00
Emilien Mantel	a9a72dd25f	Drop PHP version support (useless) + fix some bugs	2019-12-29 16:29:18 +01:00
Emilien Mantel	2a612a55b9	Ajout symfony template	2019-12-26 17:55:07 +01:00
Emilien Mantel	1280a441ee	Fix tests on Sury	2019-12-26 17:35:00 +01:00
Emilien Mantel	21edb6b584	Fix install role	2019-12-26 17:23:36 +01:00
Emilien Mantel	c524b97b0f	Use upstream config from HanXHX.php role	2019-12-26 17:16:13 +01:00