Compare commits
6 Commits
664ac52a61
...
fee435537c
Author | SHA1 | Date |
---|---|---|
Emilien Mantel | fee435537c | |
Emilien Mantel | 9ebc2214b5 | |
Emilien Mantel | 4344fad8cf | |
Emilien Mantel | 37bcd5c7bc | |
Emilien Mantel | 3cb56d4275 | |
Emilien Mantel | f3944c83d5 |
|
@ -18,9 +18,12 @@ jobs:
|
|||
- debian-10
|
||||
- debian-11
|
||||
- debian-12
|
||||
- ubuntu-18.04
|
||||
- ubuntu-20.04
|
||||
- ubuntu-22.04
|
||||
allowed-to-fail:
|
||||
- false
|
||||
include:
|
||||
- scenario: ubuntu-20.04
|
||||
allowed-to-fail: true
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
|
@ -34,3 +37,7 @@ jobs:
|
|||
molecule_options: --base-config molecule/_shared/base.yml
|
||||
molecule_args: --scenario-name ${{ matrix.scenario }}
|
||||
molecule_working_dir: "HanXHX/ansible-nginx"
|
||||
continue-on-error: ${{ matrix.allowed-to-fail }}
|
||||
|
||||
- name: Fake command
|
||||
run: echo "End of job"
|
||||
|
|
25
README.md
25
README.md
|
@ -26,9 +26,11 @@ Supported OS:
|
|||
| Debian Stretch (9) | Yes | Check latest supported version ([1.9.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.9.0)) |
|
||||
| Debian Buster (10) | Yes | Yes |
|
||||
| Debian Bullseye (11) | Yes | Yes |
|
||||
| Debian Bookworm (12) | Yes | No |
|
||||
| Debian Bookworm (12) | Yes | Not yet :) |
|
||||
| FreeBSD 11 | NA | No |
|
||||
| FreeBSD 12 | NA | No |
|
||||
| Ubuntu 20.04 | Yes | Yes |
|
||||
| Ubuntu 22.04 | Yes | Yes |
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
@ -101,24 +103,35 @@ Fine configuration
|
|||
Note
|
||||
----
|
||||
|
||||
- Active support for Debian.
|
||||
- Active support for Debian/Ubuntu.
|
||||
- FreeBSD support is experimental. I only test (for the moment) 10.2 (but it can work on other versions).
|
||||
|
||||
Dependencies
|
||||
------------
|
||||
|
||||
None
|
||||
See: [requirements.yml](requirements.yml).
|
||||
|
||||
|
||||
If you need to dev this role locally
|
||||
------------------------------------
|
||||
If you need to dev this role locally on Vagrant
|
||||
------------------------------------------------
|
||||
|
||||
Before use vagrant, run once:
|
||||
|
||||
```
|
||||
```commandline
|
||||
ansible-galaxy install -p ./tests/ HanXHX.php,master
|
||||
```
|
||||
|
||||
If you need to dev this role locally with molecule
|
||||
--------------------------------------------------
|
||||
|
||||
Check available scenarios in [molecule](molecule) directory.
|
||||
|
||||
With `debian-12` scenario:
|
||||
|
||||
```commandline
|
||||
molecule -v -c molecule/_shared/base.yml verify -s debian-12
|
||||
```
|
||||
|
||||
Example Playbook
|
||||
----------------
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@ Variables
|
|||
|
||||
- `nginx_dh`: DH content
|
||||
- `nginx_dh_length`: DH key length (default is 2048)
|
||||
- `nginx_dh_path`: file localation
|
||||
- `nginx_dh_path`: file location
|
||||
- `nginx_ssl_dir`: directory where you install your SSL/TLS keys
|
||||
- `nginx_ssl_pairs`
|
||||
|
||||
|
@ -20,7 +20,7 @@ Note: `name` is used to deploy key/cert. With defaults values dans `name` = "foo
|
|||
|
||||
### Content mode
|
||||
|
||||
Key/Cert content is stored in variable. Usefull with vault.
|
||||
Key/Cert content is stored in variable. Useful with vault.
|
||||
|
||||
- `key`: content of the private key
|
||||
- `cert`: content of the public key
|
||||
|
@ -36,7 +36,7 @@ You can use these variables if you use another task/role to manages your certifi
|
|||
|
||||
Create a self-signed pair and deploy it. Do not use this feature in production.
|
||||
|
||||
- `self_signed`: set true to use this featrure
|
||||
- `self_signed`: set true to use this feature
|
||||
- `force`: optional feature (default: false), force regen pair (not idempotent)
|
||||
|
||||
### Acme
|
||||
|
@ -45,7 +45,7 @@ Uses acme.sh to create free certificates. It uses HTTP-01 challenge. Use this fe
|
|||
|
||||
- `acme`: set true to use this feature. It uses `name` (can be a string or string list).
|
||||
|
||||
Have a look to [acme configuratuion](acme.md configuration).
|
||||
Have a look to [acme configuration](acme.md configuration).
|
||||
|
||||
Tips
|
||||
----
|
||||
|
|
|
@ -14,6 +14,10 @@ galaxy_info:
|
|||
- buster
|
||||
- bullseye
|
||||
- bookworm
|
||||
- name: Ubuntu
|
||||
versions:
|
||||
- focal
|
||||
- jammy
|
||||
- name: FreeBSD
|
||||
versions:
|
||||
- '11.0'
|
||||
|
|
|
@ -9,7 +9,7 @@
|
|||
tasks:
|
||||
|
||||
- name: INCLUDE_TASKS | Pre tasks related to OS
|
||||
ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_distribution }}.yml"
|
||||
ansible.builtin.include_tasks: "../../tests/includes/pre_{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: INCLUDE_TASKS | Pre_tasks common
|
||||
ansible.builtin.include_tasks: "../../tests/includes/pre_common.yml"
|
||||
|
|
|
@ -111,7 +111,7 @@ nginx_ssl_pairs:
|
|||
|
||||
nginx_custom_http:
|
||||
- 'add_header X-ansible 1;'
|
||||
- 'geoip_country {% if ansible_distribution == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
|
||||
- 'geoip_country {% if ansible_os_family == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
|
||||
- 'map $geoip_country_code $allowed_country {'
|
||||
- ' default yes;'
|
||||
- ' MA no;'
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
---
|
||||
|
||||
platforms:
|
||||
- name: ubuntu-18.04
|
||||
image: dokken/ubuntu-18.04
|
||||
command: /lib/systemd/systemd
|
||||
dockerfile: ../_shared/Dockerfile.j2
|
||||
capabilities:
|
||||
- SYS_ADMIN
|
||||
cgroupns_mode: host
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||
privileged: true
|
|
@ -11,3 +11,10 @@ platforms:
|
|||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||
privileged: true
|
||||
|
||||
# Segfault on Ubuntu 20.04 with `nginx-extras` package...
|
||||
provisioner:
|
||||
inventory:
|
||||
host_vars:
|
||||
ubuntu-20.04:
|
||||
nginx_apt_package: 'nginx-full'
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
- name: APT | Install nginx and dependencies
|
||||
ansible.builtin.apt:
|
||||
pkg: "{{ nginx_apt_package }}"
|
||||
default_release: "{{ ansible_distribution_release + '-backports' if nginx_backports else ansible_distribution_release }}"
|
||||
default_release: "{{ ansible_distribution_release + '-backports' if (nginx_backports and ansible_distribution == 'Debian') else ansible_distribution_release }}"
|
||||
|
||||
- name: APT | Install nginx modules
|
||||
ansible.builtin.apt:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
|
||||
- name: INCLUDE_TASKS | Install
|
||||
ansible.builtin.include_tasks: "{{ ansible_distribution }}.yml"
|
||||
ansible.builtin.include_tasks: "{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: IMPORT_TASKS | acme
|
||||
ansible.builtin.import_tasks: "acme.yml"
|
||||
|
|
|
@ -104,7 +104,7 @@ nginx_ssl_pairs:
|
|||
|
||||
nginx_custom_http:
|
||||
- 'add_header X-ansible 1;'
|
||||
- 'geoip_country {% if ansible_distribution == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
|
||||
- 'geoip_country {% if ansible_os_family == "Debian" %}/usr/share/GeoIP/GeoIP.dat{% else %}/usr/local/share/GeoIP/GeoIP.dat{% endif %};'
|
||||
- 'map $geoip_country_code $allowed_country {'
|
||||
- ' default yes;'
|
||||
- ' MA no;'
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
hosts: all
|
||||
pre_tasks:
|
||||
- name: INCLUDE_TASKS | Pre_tasks related to OS version
|
||||
ansible.builtin.include_tasks: "includes/pre_{{ ansible_distribution }}.yml"
|
||||
ansible.builtin.include_tasks: "includes/pre_{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: IMPORT_TASKS | Pre_tasks common
|
||||
ansible.builtin.import_tasks: "includes/pre_common.yml"
|
||||
|
@ -14,7 +14,7 @@
|
|||
|
||||
post_tasks:
|
||||
- name: INCLUDE_TASKS | Post_tasks related to OS version
|
||||
ansible.builtin.include_tasks: "includes/post_{{ ansible_distribution }}.yml"
|
||||
ansible.builtin.include_tasks: "includes/post_{{ ansible_os_family }}.yml"
|
||||
|
||||
- name: IMPORT_TASKS | Post_tasks common
|
||||
ansible.builtin.import_tasks: "includes/post_common.yml"
|
||||
|
|
Loading…
Reference in New Issue