--- # -------------------------------- # Deploy index files # -------------------------------- - name: -- Add PHP file -- ansible.builtin.copy: dest: "{{ nginx_root }}/{{ item }}/public/index.php" content: " item.template is defined and (item.template == '_php' or item.template == '_php_index' or item.template == '_php_index2') failed_when: p.content.find('PHP Version') == -1 - name: -- VERIFY INDEX2 -- ansible.builtin.uri: url: "http://test-php-index2.local/lorem.php?ipsum=sit&dolor=amet" return_content: true register: p2 failed_when: p2.content.find('PHP Version') == -1 # -------------------------------- # Basic Auth # -------------------------------- - name: -- VERIFY AUTH BASIC NONE -- ansible.builtin.uri: url: "http://test-htpasswd.local/hello/" status_code: 401 - name: -- VERIFY AUTH BASIC FAIL -- ansible.builtin.uri: url: "http://test-htpasswd.local/hello/" status_code: 401 user: "fail" password: "fail" force_basic_auth: true - name: -- VERIFY AUTH BASIC OK -- ansible.builtin.uri: url: "http://test-htpasswd.local/hello/" user: "hanx" password: "qwerty" force_basic_auth: true - name: -- VERIFY AUTH BASIC FAIL GLOBAL -- ansible.builtin.uri: url: "http://test-htpasswd-all.local/" status_code: 401 user: "fail" password: "fail" force_basic_auth: true - name: -- VERIFY AUTH BASIC OK GLOBAL -- ansible.builtin.uri: url: "http://test-htpasswd-all.local/" user: "hanx" password: "qwerty" force_basic_auth: true # -------------------------------- # SSL # -------------------------------- - name: -- VERIFY SSL -- ansible.builtin.uri: url: "https://{{ item }}/" return_content: true validate_certs: false register: sslok failed_when: sslok.content.find('Index HTML test OK') == -1 loop: - 'test-ssl-predeployed.local' - 'test-ssl-selfsigned.local' - 'test-ssl.local' - '{{ ngrok.stdout }}' - name: -- VERIFY SSL REDIRECT -- ansible.builtin.uri: url: "http://{{ item.name }}/" validate_certs: false status_code: 301 return_content: true follow_redirects: none register: sslredirok failed_when: '"https://%s%s" % (item.name, ":" + item.port if item.port is defined else "") not in sslredirok.location' loop: - name: 'test-ssl-redirect.local' - name: 'test-ssl-redirect-many.local' port: '8443' - name: 'test-ssl-redirect-many2.local' port: '8443' # -------------------------------- # Default sites # -------------------------------- - name: -- VERIFY DEFAULT SITE -- ansible.builtin.uri: url: 'http://127.0.0.1/' return_content: true register: vdefault failed_when: > vdefault.content.find('Index HTML test OK') == -1 or vdefault.x_ansible_default is not defined - name: -- VERIFY DEFAULT SITE + STUB STATUS-- ansible.builtin.uri: url: 'http://127.0.0.1/status' return_content: true register: vdefault_status failed_when: > vdefault_status.content.find('Active connections') == -1 or vdefault_status.x_ansible_default is not defined - name: -- VERIFY DEFAULT SSL SITE -- ansible.builtin.uri: url: 'https://127.0.0.1/' return_content: true validate_certs: false register: vdefault failed_when: > vdefault.content.find('Index HTML test OK') == -1 or vdefault.x_ansible_default is not defined - name: -- VERIFY NOT DEFAULT SITE -- ansible.builtin.uri: url: 'http://test-php.local/' return_content: true register: vphp failed_when: vphp.x_ansible_default is defined - name: -- VERIFY NOT DEFAULT SSL SITE -- ansible.builtin.uri: url: 'https://test-ssl.local/' return_content: true validate_certs: false register: notdefaultssl failed_when: notdefaultssl.x_ansible_default is defined # -------------------------------- # Check Proxy protocol # -------------------------------- - name: BLOCK - Check proxy protocol when: not (ansible_distribution == 'Ubuntu' and ansible_distribution_major_version | int == 18) block: - name: SHELL | Check HTTP proxy protocol ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol http://test-ssl-proxy-protocol.local:20080 | grep -qi 'X-Proxy-Protocol' args: executable: /bin/bash changed_when: false - name: SHELL | Check HTTPS proxy protocol ansible.builtin.shell: set -o pipefail && curl -I --haproxy-protocol -k https://test-ssl-proxy-protocol.local:20443 | grep -qi 'X-Proxy-Protocol' args: executable: /bin/bash changed_when: false # -------------------------------- # Check HTTP2 # -------------------------------- - name: SHELL | Check HTTP2 ansible.builtin.shell: set -o pipefail && nghttp -nv https://localhost 2> /dev/null | grep -q h2 args: executable: /bin/bash changed_when: false