forked from ISTI-ansible-roles/ansible-roles
library/roles/nginx: Manage the main configuration file.
library/roles/nginx: Provide parts of embeddable optional configurations inside /etc/nginx/snippets.
This commit is contained in:
parent
004fd2a863
commit
272c0eea0d
|
@ -6,6 +6,21 @@ nginx_package_state: installed
|
||||||
|
|
||||||
#nginx_virthosts: []
|
#nginx_virthosts: []
|
||||||
|
|
||||||
|
nginx_snippets_dir: /etc/nginx/snippets
|
||||||
|
|
||||||
|
nginx_conf_snippets:
|
||||||
|
- nginx-compression.conf
|
||||||
|
- nginx-websockets.conf
|
||||||
|
- nginx-browser-cache.conf
|
||||||
|
- letsencrypt-proxy.conf
|
||||||
|
- nginx-proxy-params.conf
|
||||||
|
|
||||||
|
nginx_workers: 4
|
||||||
|
nginx_worker_connections: 1024
|
||||||
|
nginx_multi_accept: 'off'
|
||||||
|
nginx_worker_rlimit_nofile: 2048
|
||||||
|
nginx_server_tokens: 'off'
|
||||||
|
|
||||||
nginx_enable_compression: True
|
nginx_enable_compression: True
|
||||||
nginx_gzip_vary: "on"
|
nginx_gzip_vary: "on"
|
||||||
nginx_gzip_proxied: any
|
nginx_gzip_proxied: any
|
||||||
|
@ -14,6 +29,15 @@ nginx_gzip_buffers: 16 8k
|
||||||
nginx_gzip_http_version: 1.1
|
nginx_gzip_http_version: 1.1
|
||||||
nginx_gzip_types: "text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript"
|
nginx_gzip_types: "text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript"
|
||||||
|
|
||||||
|
nginx_enable_browser_cache: True
|
||||||
|
nginx_cache_control: public
|
||||||
|
nginx_html_cache_expire: -1
|
||||||
|
nginx_feed_cache_expire_enabled: False
|
||||||
|
nginx_feed_cache_expire: 1h
|
||||||
|
nginx_media_cache_expire: 24h
|
||||||
|
nginx_css_js_cache_expire: -1
|
||||||
|
|
||||||
|
nginx_reverse_proxy: False
|
||||||
nginx_proxy_buffering: "on"
|
nginx_proxy_buffering: "on"
|
||||||
nginx_proxy_redirect: "off"
|
nginx_proxy_redirect: "off"
|
||||||
nginx_proxy_buffer_size: 128k
|
nginx_proxy_buffer_size: 128k
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
---
|
---
|
||||||
- include: nginx.yml
|
- include: nginx.yml
|
||||||
|
- include: nginx-config.yml
|
||||||
#- include: nginx-virtualhosts.yml
|
#- include: nginx-virtualhosts.yml
|
||||||
# when: nginx_virthosts|length > 0
|
# when: nginx_virthosts|length > 0
|
||||||
- include: nginx-letsencrypt.yml
|
- include: nginx-letsencrypt.yml
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- block:
|
||||||
|
- name: Create the snippets directory
|
||||||
|
file: dest={{ nginx_snippets_dir }} state=directory
|
||||||
|
|
||||||
|
- name: remove nginx default virtualhost
|
||||||
|
file: dest=/etc/nginx/sites-enabled/default state=absent
|
||||||
|
notify: Reload nginx
|
||||||
|
|
||||||
|
- name: Install the supported configuration snippets
|
||||||
|
template: src={{ item }}.j2 dest=/etc/nginx/snippets/{{ item }} owner=root group=root mode=0444
|
||||||
|
with_items: '{{ nginx_conf_snippets }}'
|
||||||
|
|
||||||
|
- name: Install the main nginx.conf
|
||||||
|
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=444
|
||||||
|
notify: Reload nginx
|
||||||
|
|
||||||
|
when: nginx_enabled
|
||||||
|
tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ]
|
|
@ -20,20 +20,3 @@
|
||||||
when: nginx_use_ldap_pam_auth
|
when: nginx_use_ldap_pam_auth
|
||||||
tags: nginx
|
tags: nginx
|
||||||
|
|
||||||
- name: remove nginx default config
|
|
||||||
file: dest=/etc/nginx/sites-enabled/default state=absent
|
|
||||||
notify: Reload nginx
|
|
||||||
tags: [ 'nginx', 'nginx_conf', 'nginx_virtualhost' ]
|
|
||||||
|
|
||||||
- name: Install the gzip compression configuration if enabled
|
|
||||||
template: src=nginx-compression.conf.j2 dest=/etc/nginx/conf.d/compression.conf owner=root group=root mode=0444
|
|
||||||
when: nginx_enable_compression
|
|
||||||
notify: Reload nginx
|
|
||||||
tags: [ 'nginx', 'nginx_conf' ]
|
|
||||||
|
|
||||||
- name: Install websockets configuration if enabled
|
|
||||||
template: src=nginx-websockets.conf.j2 dest=/etc/nginx/conf.d/websockets.conf owner=root group=root mode=0444
|
|
||||||
when: nginx_websockets_support
|
|
||||||
notify: Reload nginx
|
|
||||||
tags: [ 'nginx', 'nginx_conf' ]
|
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
server {
|
# Include this one inside a "server" directive listening on port 80, this way:
|
||||||
listen 80 default_server;
|
# include /etc/nginx/snippets/letsencrypt-proxy.conf
|
||||||
location ^~ /.well-known/acme-challenge {
|
location ^~ /.well-known/acme-challenge {
|
||||||
proxy_pass http://127.0.0.1:{{ letsencrypt_acme_standalone_port}}/.well-known/acme-challenge;
|
proxy_pass http://127.0.0.1:{{ letsencrypt_acme_standalone_port}}/.well-known/acme-challenge;
|
||||||
access_log /var/log/nginx/letsencrypt_acmetool_access.log;
|
access_log /var/log/nginx/letsencrypt_acmetool_access.log;
|
||||||
error_log /var/log/nginx/letsencrypt_acmetool_error.log;
|
error_log /var/log/nginx/letsencrypt_acmetool_error.log;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
# include inside a 'server' directive
|
||||||
|
#
|
||||||
|
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
|
||||||
|
expires {{ nginx_html_cache_expire }};
|
||||||
|
}
|
||||||
|
|
||||||
|
{% if nginx_feed_cache_expire_enabled %}
|
||||||
|
#
|
||||||
|
location ~* \.(?:rss|atom)$ {
|
||||||
|
expires {{ nginx_feed_cache_expire }};
|
||||||
|
add_header Cache-Control "{{ nginx_cache_control }}";
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
#
|
||||||
|
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
|
||||||
|
expires {{ nginx_media_cache_expire }};
|
||||||
|
access_log off;
|
||||||
|
add_header Cache-Control "{{ nginx_cache_control }}";
|
||||||
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
location ~* \.(?:css|js)$ {
|
||||||
|
expires {{ nginx_css_js_cache_expire }};
|
||||||
|
access_log off;
|
||||||
|
add_header Cache-Control "{{ nginx_cache_control }}";
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
# Proxy stuff
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_buffer_size {{ nginx_proxy_buffer_size }};
|
||||||
|
proxy_buffers {{ nginx_proxy_buffers }};
|
||||||
|
proxy_busy_buffers_size {{ nginx_proxy_busy_buffers_size }};
|
||||||
|
proxy_set_header X-Forwarded-Host $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_redirect {{ nginx_proxy_redirect }};
|
||||||
|
proxy_buffering {{ nginx_proxy_buffering }};
|
||||||
|
proxy_connect_timeout {{ nginx_proxy_connect_timeout }};
|
||||||
|
proxy_read_timeout {{ nginx_proxy_read_timeout }};
|
||||||
|
proxy_send_timeout {{ nginx_proxy_send_timeout }};
|
|
@ -0,0 +1,37 @@
|
||||||
|
user www-data;
|
||||||
|
worker_processes {{ nginx_workers }};
|
||||||
|
pid /run/nginx.pid;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections {{ nginx_worker_connections }};
|
||||||
|
multi_accept {{ nginx_multi_accept }};
|
||||||
|
}
|
||||||
|
worker_rlimit_nofile {{ nginx_worker_rlimit_nofile }};
|
||||||
|
|
||||||
|
http {
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
server_tokens {{ nginx_server_tokens }};
|
||||||
|
# server_names_hash_bucket_size 64;
|
||||||
|
# server_name_in_redirect off;
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
##
|
||||||
|
# Logging Settings
|
||||||
|
##
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
{% if nginx_enable_compression %}
|
||||||
|
include /etc/nginx/snippets/nginx-compression.conf;
|
||||||
|
{% endif %}
|
||||||
|
{% if nginx_websockets_support %}
|
||||||
|
include /etc/nginx/snippets/nginx-websockets.conf;
|
||||||
|
{% endif %}
|
||||||
|
include /etc/nginx/sites-enabled/*;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue