ISTI-ansible-roles
/
ansible-roles
4
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity

library/roles/nginx: Add tasks that configure the basic authentication. Fix the generic virtualhost template.

This commit is contained in:
Andrea Dell'Amico 2017-02-01 17:12:54 +01:00
parent 9332818c68
commit cf33f2a586
4 changed files with 43 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nginx/defaults/main.yml
View File

@ -66,6 +66,9 @@ nginx_use_ldap_pam_auth: False
nginx_pam_svc_name: nginx nginx_pam_svc_name: nginx
nginx_ldap_uri: "ldap://ldap.example.org" nginx_ldap_uri: "ldap://ldap.example.org"
nginx_ldap_base_dn: "dc=example,dc=org" nginx_ldap_base_dn: "dc=example,dc=org"
nginx_basic_auth: False
nginx_basic_auth_users:
- { name: 'test', pwd: 'hide inside a vault file', file: '/etc/nginx/htpasswd' }
# nginx_ldap_login_attribute: uid # nginx_ldap_login_attribute: uid
# nginx_ldap_pam_groupdn: # nginx_ldap_pam_groupdn:
nginx_letsencrypt_managed: True nginx_letsencrypt_managed: True

12
nginx/tasks/basic-auth.yml Normal file
View File

@ -0,0 +1,12 @@
---
- block:
- name: Install the python passlib library
apt: pkg=python-passlib state=present update_cache=yes cache_valid_time=3600
- name: Create the htpasswd file needed by the basic auth
htpasswd: path={{ item.file | default ('/etc/nginx/htpasswd') }} name={{ item.name }} password={{ item.pwd }} state={{ item.state | default('present') }} crypt_scheme={{ item.crypt | default('sha256_crypt') }}
with_items: '{{ nginx_basic_auth_users }}'
when: nginx_basic_auth
tags: nginx

1
nginx/tasks/main.yml
View File

@ -5,6 +5,7 @@
when: nginx_use_common_virthost when: nginx_use_common_virthost
- include: nginx-letsencrypt.yml - include: nginx-letsencrypt.yml
when: letsencrypt_acme_install is defined and letsencrypt_acme_install when: letsencrypt_acme_install is defined and letsencrypt_acme_install
- include: basic-auth.yml
- include: pam-ldap.yml - include: pam-ldap.yml
- name: Ensure that the webserver is running and enabled at boot time - name: Ensure that the webserver is running and enabled at boot time

41
nginx/templates/nginx-virthost.j2
View File

@ -1,5 +1,5 @@
server { server {
listen {{ item.http_port }}; listen {{ item.http_port | default (80) }};
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
{% if letsencrypt_acme_install %} {% if letsencrypt_acme_install %}
include /etc/nginx/snippets/letsencrypt-proxy.conf; include /etc/nginx/snippets/letsencrypt-proxy.conf;
@ -17,7 +17,7 @@ server {
server_tokens {{ item.server_tokens | default('off') }}; server_tokens {{ item.server_tokens | default('off') }};
{% if item.ssl_enabled and item.ssl_only %} {% if item.ssl_enabled and item.ssl_only %}
location / { location / {
return 301 https://{{ ansible_fqdn }}$request_uri; return 301 https://{{ item.server_name }}$request_uri;
} }
{% else %} {% else %}
# This is the default for nginx on Ubuntu 14.04 # This is the default for nginx on Ubuntu 14.04
@ -27,7 +27,6 @@ server {
location = /50x.html { location = /50x.html {
root /usr/share/nginx/html; root /usr/share/nginx/html;
} }
{% endif %}
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -54,7 +53,6 @@ server {
{% else %} {% else %}
client_body_timeout {{ nginx_client_body_timeout }}; client_body_timeout {{ nginx_client_body_timeout }};
{% endif %} {% endif %}
server_tokens {{ item.server_tokens | default('off') }};
{% if item.websockets is defined and item.websockets %} {% if item.websockets is defined and item.websockets %}
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
@ -68,23 +66,31 @@ server {
{{ popt }} {{ popt }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if item.proxies is defined %} {% if item.locations is defined %}
{% for proxy in item.proxies %} {% for location in item.locations %}
location {{ proxy.location }} { location {{ location.location }} {
proxy_pass {{ proxy.target }}; {% if location.target is defined %}
proxy_pass {{ location.target }};
{% endif %}
{% if location.other_opts is defined %}
{% for opt in location.other_opts %}
{{ opt }};
{% endfor %}
{% endif %}
} }
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if item.extra_parameters is defined %} {% if item.extra_parameters is defined %}
{{ item.extra_parameters }} {{ item.extra_parameters }}
{% endif %}
{% endif %} {% endif %}
} }
{% if item.ssl_enabled and item.ssl_only %} {% if item.ssl_enabled and item.ssl_only %}
server { server {
listen {{ https_port }} ssl; listen {{ https_port | default(443) }} ssl;
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
{% if item.access_log is defined %} {% if item.access_log is defined %}
access_log {{ item.access_log }}; access_log {{ item.access_log }};
@ -102,7 +108,6 @@ server {
location = /50x.html { location = /50x.html {
root /usr/share/nginx/html; root /usr/share/nginx/html;
} }
{% endif %}
location = /favicon.ico { location = /favicon.ico {
log_not_found off; log_not_found off;
access_log off; access_log off;
@ -145,16 +150,24 @@ server {
{{ popt }} {{ popt }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% if item.proxies is defined %} {% if item.locations is defined %}
{% for proxy in item.proxies %} {% for location in item.locations %}
location {{ proxy.location }} { location {{ location.location }} {
proxy_pass {{ proxy.target }}; {% if location.target is defined %}
proxy_pass {{ location.target }};
{% endif %}
{% if location.other_opts is defined %}
{% for opt in location.other_opts %}
{{ opt }};
{% endfor %}
{% endif %}
} }
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endif %} {% endif %}
{% if item.extra_parameters is defined %} {% if item.extra_parameters is defined %}
{{ item.extra_parameters }} {{ item.extra_parameters }}
{% endif %}
} }
{% endif %} {% endif %}