129 lines
4.5 KiB
YAML
129 lines
4.5 KiB
YAML
---
|
|
|
|
- hosts: all
|
|
pre_tasks:
|
|
- apt: pkg={{ item }} update_cache=yes cache_valid_time=3600 state=present
|
|
with_items:
|
|
- php5-fpm
|
|
- curl
|
|
vars:
|
|
nginx_php: true
|
|
nginx_upstreams:
|
|
- name: 'test'
|
|
servers:
|
|
- path: '127.0.0.1:80'
|
|
max_conns: 150
|
|
weight: 10
|
|
down: false
|
|
nginx_htpasswd:
|
|
- name: 'hello'
|
|
description: 'Please login!'
|
|
users:
|
|
- name: 'hx'
|
|
password: 'asdfg'
|
|
state: 'absent'
|
|
- name: 'hanx'
|
|
password: 'qwerty'
|
|
- name: 'deleteme'
|
|
description: 'Please login!'
|
|
users: []
|
|
state: 'absent'
|
|
nginx_vhosts:
|
|
- name:
|
|
- 'test.local'
|
|
- 'test-alias.local'
|
|
- 'test2-alias.local'
|
|
template: '_base'
|
|
override_try_files: '$uri $uri index.htm index.html'
|
|
manage_local_content: false
|
|
more:
|
|
- 'autoindex off;'
|
|
location:
|
|
'/test':
|
|
- 'return 403;'
|
|
'/gunther':
|
|
- 'return 404;'
|
|
- name: 'test-htpasswd.local'
|
|
template: '_base'
|
|
location:
|
|
'/hello':
|
|
- htpasswd: 'hello'
|
|
- 'default_type "text/html; charset=UTF-8";'
|
|
- 'echo hello;'
|
|
- name: 'test-htpasswd-all.local'
|
|
template: '_base'
|
|
htpasswd: 'hello'
|
|
- name: 'test-location.local'
|
|
template: '_base'
|
|
location:
|
|
'/':
|
|
- 'alias /var/tmp;'
|
|
- name: 'test-php.local'
|
|
upstream_params:
|
|
- 'fastcgi_param FOO bar;'
|
|
redirect_from:
|
|
- 'www.test-php.local'
|
|
template: '_php'
|
|
- name: 'test-php-index.local'
|
|
template: '_php_index'
|
|
- name: 'test-proxy.local'
|
|
listen:
|
|
- 8080
|
|
template: '_proxy'
|
|
upstream_name: 'test'
|
|
- name: 'deleted.local'
|
|
delete: true
|
|
- name: 'redirect-to.local'
|
|
redirect_to: 'http://test.local'
|
|
roles:
|
|
- ../../
|
|
post_tasks:
|
|
- name: -- Add PHP file --
|
|
copy: dest="{{ nginx_root }}/{{ item }}/public/index.php" content="<?php phpinfo();"
|
|
with_items: ['test-php.local', 'test-php-index.local']
|
|
- name: -- Add HTML file --
|
|
copy: dest="{{ item }}/index.html" content="Index HTML test OK\n"
|
|
with_items: ['{{ nginx_root }}/test.local/public', '/var/tmp', '{{ nginx_root }}/test-htpasswd-all.local/public']
|
|
- name: -- VERIFY VHOSTS --
|
|
command: "curl -H 'Host: {{ item.name if item.name is string else item.name[0] }}' http://127.0.0.1{% if item.listen is defined %}:{{ item.listen[0] }}{% endif %}/"
|
|
with_items: nginx_vhosts
|
|
when: item.delete is undefined or not item.delete
|
|
changed_when: false
|
|
- name: -- VERIFY FORBIDDEN --
|
|
command: "curl -H 'Host: test-php-index.local' http://127.0.0.1/phpinfo.php"
|
|
register: f
|
|
failed_when: f.stdout.find('403 Forbidden') == -1
|
|
changed_when: false
|
|
- name: -- VERIFY REDIRECT VHOSTS --
|
|
command: "curl -H 'Host: {{ item.redirect_from[0] }}' http://127.0.0.1/"
|
|
with_items: nginx_vhosts
|
|
when: item.redirect_from is defined and (item.delete is undefined or not item.delete)
|
|
changed_when: false
|
|
register: r
|
|
failed_when: r.stdout.find('301 Moved Permanently') == -1
|
|
- name: -- VERIFY AUTH BASIC NONE --
|
|
command: "curl -H 'Host: test-htpasswd.local' http://127.0.0.1/hello"
|
|
changed_when: false
|
|
register: authnone
|
|
failed_when: authnone.stdout.find('401 Authorization Required') == -1
|
|
- name: -- VERIFY AUTH BASIC FAIL --
|
|
command: "curl -u fail:fail -H 'Host: test-htpasswd.local' http://127.0.0.1/hello"
|
|
changed_when: false
|
|
register: authfail
|
|
failed_when: authfail.stdout.find('401 Authorization Required') == -1
|
|
- name: -- VERIFY AUTH BASIC OK --
|
|
command: "curl -u hanx:qwerty -H 'Host: test-htpasswd.local' http://127.0.0.1/hello"
|
|
changed_when: false
|
|
register: authok
|
|
failed_when: authok.stdout.find('hello') == -1
|
|
- name: -- VERIFY AUTH BASIC FAIL GLOBAL --
|
|
command: "curl -u fail:fail -H 'Host: test-htpasswd-all.local' http://127.0.0.1/"
|
|
changed_when: false
|
|
register: authgfail
|
|
failed_when: authgfail.stdout.find('401 Authorization Required') == -1
|
|
- name: -- VERIFY AUTH BASIC OK --
|
|
command: "curl -u hanx:qwerty -H 'Host: test-htpasswd-all.local' http://127.0.0.1/"
|
|
changed_when: false
|
|
register: authgok
|
|
failed_when: authgok.stdout.find('401 Authorization Required') != -1
|