Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: nginxinc/ansible-role-nginx-config
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 0.6.0
Choose a base ref
...
head repository: nginxinc/ansible-role-nginx-config
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 0.7.0
Choose a head ref
  • 19 commits
  • 25 files changed
  • 4 contributors

Commits on Feb 9, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    733916f View commit details

Commits on Mar 15, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    dc34dbc View commit details
  2. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    e192c85 View commit details

Commits on Mar 28, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    c843ab4 View commit details
  2. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    0e7c274 View commit details

Commits on Apr 4, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    ca2b1b0 View commit details

Commits on Apr 6, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    1cffbf6 View commit details

Commits on Apr 10, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    b59bbe6 View commit details

Commits on Apr 17, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    6988307 View commit details

Commits on Apr 28, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    5f7f8eb View commit details

Commits on May 2, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    f5611fa View commit details

Commits on Jun 12, 2023

  1. Fix CI/CD pipeline (#324)

    alessfg authored Jun 12, 2023

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    47f57e8 View commit details

Commits on Jun 20, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    b060d8a View commit details

Commits on Jun 21, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    d36338c View commit details

Commits on Jun 26, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    19f937b View commit details
  2. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    cad347d View commit details
  3. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    d4ece3c View commit details

Commits on Jul 5, 2023

  1. Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    Copy the full SHA
    7ee4830 View commit details

Commits on Jul 6, 2023

  1. Prepare 0.7.0 release

    alessfg committed Jul 6, 2023

    Verified

    This commit was signed with the committer’s verified signature.
    alessfg Alessandro Fael Garcia
    Copy the full SHA
    92e9436 View commit details
3 changes: 3 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
---
offline: true
exclude_paths:
- .github/
skip_list:
- schema[meta]
- yaml[line-length]
1 change: 1 addition & 0 deletions .github/release-drafter.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
name-template: "$RESOLVED_VERSION"
tag-template: "$RESOLVED_VERSION"
include-pre-releases: true
categories:
- title: "💣 Breaking Changes"
labels:
26 changes: 24 additions & 2 deletions .github/workflows/molecule.yml
Original file line number Diff line number Diff line change
@@ -13,6 +13,27 @@ on:
- cron: "0 0 1 * *"
workflow_dispatch:
jobs:
ansible-lint:
name: Ansible Lint
runs-on: ubuntu-22.04
steps:
- name: Check out the codebase
uses: actions/checkout@v3

- name: Set up Python 3
uses: actions/setup-python@v4
with:
python-version: 3.x

- name: Install Ansible Lint
run: pip3 install -r .github/workflows/requirements/requirements_ansible_lint.txt

- name: Install Ansible collection dependencies
run: ansible-galaxy install -r .github/workflows/requirements/requirements_ansible.yml

- name: Run Ansible Lint
run: ansible-lint --force-color

molecule:
name: Molecule
runs-on: ubuntu-22.04
@@ -26,7 +47,8 @@ jobs:
- cleanup_module
- default
- plus
- stable_push
- push
needs: ansible-lint
steps:
- name: Check out the codebase
if: ${{ !(contains(matrix.scenario, 'plus')) || (env.NGINX_CRT != 0 && env.NGINX_KEY != 0) }}
@@ -42,7 +64,7 @@ jobs:
if: ${{ !(contains(matrix.scenario, 'plus')) || (env.NGINX_CRT != 0 && env.NGINX_KEY != 0) }}
run: pip3 install -r .github/workflows/requirements/requirements_molecule.txt

- name: Install Ansible core dependencies
- name: Install Ansible core collection dependencies
if: ${{ !(contains(matrix.scenario, 'plus')) || (env.NGINX_CRT != 0 && env.NGINX_KEY != 0) }}
run: ansible-galaxy install -r .github/workflows/requirements/requirements_ansible.yml

10 changes: 5 additions & 5 deletions .github/workflows/requirements/requirements_ansible.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
collections:
- name: ansible.posix
version: 1.4.0
version: 1.5.4
- name: community.general
version: 6.2.0
- name: community.crypto # Only required to test the NGINX Plus Molecule scenario
version: 2.10.0
version: 7.1.0
- name: community.crypto # Only required if you plan to to test the NGINX Plus Molecule scenario
version: 2.14.0
- name: community.docker # Only required if you plan to use Molecule
version: 3.4.0
version: 3.4.7
4 changes: 4 additions & 0 deletions .github/workflows/requirements/requirements_ansible_lint.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
ansible-core==2.15.1
# ansible-compat==3.0.2
yamllint==1.32.0
ansible-lint==6.17.2
2 changes: 1 addition & 1 deletion .github/workflows/requirements/requirements_galaxy.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
ansible-core==2.14.1
ansible-core==2.15.1
12 changes: 6 additions & 6 deletions .github/workflows/requirements/requirements_molecule.txt
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
ansible-core==2.14.1
Jinja2==3.1.2
ansible-lint==6.11.0
yamllint==1.29.0
molecule[docker]==4.0.4
docker==6.0.1
ansible-core==2.15.1
jinja2==3.1.2
# ansible-compat==3.0.2
molecule==5.1.0
molecule-plugins[docker]==23.4.1
docker==6.1.3
398 changes: 214 additions & 184 deletions CHANGELOG.md

Large diffs are not rendered by default.

88 changes: 7 additions & 81 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
[![Ansible Galaxy](https://img.shields.io/badge/galaxy-nginxinc.nginx__config-5bbdbf.svg)](https://galaxy.ansible.com/nginxinc/nginx_config)
[![Molecule CI/CD](https://github.com/nginxinc/ansible-role-nginx-config/workflows/Molecule%20CI/CD/badge.svg)](https://github.com/nginxinc/ansible-role-nginx-config/actions)
[![License](https://img.shields.io/badge/License-Apache--2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
[![Project Status: Active – The project has reached a stable, usable state and is being actively developed.](https://www.repostatus.org/badges/latest/active.svg)](https://www.repostatus.org/#active)

# 👾 *Help make the NGINX config Ansible role better by participating in our [survey](https://forms.office.com/Pages/ResponsePage.aspx?id=L_093Ttq0UCb4L-DJ9gcUKLQ7uTJaE1PitM_37KR881UM0NCWkY5UlE5MUYyWU1aTUcxV0NRUllJSC4u)!* 👾

@@ -21,11 +22,11 @@ This role configures NGINX Open Source and NGINX Plus on your target host.
---
collections:
- name: ansible.posix
version: 1.4.0
version: 1.5.4
- name: community.general
version: 6.2.0
version: 7.1.0
- name: community.docker # Only required if you plan to use Molecule (see below)
version: 3.4.0
version: 3.4.7
```
**Note:** You can alternatively install the Ansible community distribution (what is known as the "old" Ansible) if you don't want to manage individual collections.
@@ -76,84 +77,9 @@ git clone https://github.com/nginxinc/ansible-role-nginx-config.git

## Platforms

The NGINX config Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/):

### NGINX Open Source

```yaml
AlmaLinux:
- 8
- 9
Alpine:
- 3.14
- 3.15
- 3.16
- 3.17
Amazon Linux:
- 2
CentOS:
- 7.4+
Debian:
- bullseye (11)
Oracle Linux:
- 7
- 8
- 9
Red Hat:
- 7.4+
- 8
- 9
Rocky Linux:
- 8
- 9
SUSE/SLES:
- 12
- 15
Ubuntu:
- bionic (18.04)
- focal (20.04)
- impish (21.10)
- jammy (22.04)
```
The NGINX config Ansible role supports all platforms supported by [NGINX Open Source](https://nginx.org/en/linux_packages.html#mainline) and [NGINX Plus](https://www.nginx.com/products/technical-specs/).

### NGINX Plus

```yaml
AlmaLinux:
- 8
- 9
Alpine:
- 3.13
- 3.14
- 3.15
- 3.16
- 3.17
Amazon Linux 2:
- any
CentOS:
- 7.4+
Debian:
- bullseye (11)
FreeBSD:
- 12.1+
- 13
Oracle Linux:
- 7.4+
Red Hat:
- 7.4+
- 8
- 9
Rocky Linux:
- 8
- 9
SUSE/SLES:
- 12
- 15
Ubuntu:
- bionic (18.04)
- focal (20.04)
- jammy (22.04)
```
***Note:** You should be able to use this role to configure any NGINX installation -- wherever/however it's been installed -- at your own risk. Any potential bugs with the role involving unsupported installation methods/platforms will be addressed in a best effort manner and might be outright dismissed.*

## Role Variables

@@ -175,7 +101,7 @@ Working functional playbook examples can be found in the **[`molecule/`](https:/
| **[`cleanup_module/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/cleanup_module/converge.yml)** | Cleanup an NGINX config and configure NGINX supported modules |
| **[`default/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/default/converge.yml)** | Use the NGINX config templating variables to create an NGINX config |
| **[`plus/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/plus/converge.yml)** | Use the NGINX config templating variables to create an NGINX Plus config |
| **[`stable_push/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/stable_push/converge.yml)** | Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance |
| **[`push/converge.yml`](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/stable_push/converge.yml)** | Push a preexisting config from your system to your NGINX instance |

Do note that if you install this repository via Ansible Galaxy, you will have to replace the role variable in the sample playbooks from `ansible-role-nginx-config` to `nginxinc.nginx_config`.

25 changes: 15 additions & 10 deletions defaults/main/template.yml
Original file line number Diff line number Diff line change
@@ -204,8 +204,6 @@ nginx_config_http_template:
port: 80
default_server: true # Boolean
ssl: false # Boolean
http2: false # Boolean
spdy: false # Boolean
proxy_protocol: false # Boolean
fastopen: 12 # Number
backlog: 511 # Number
@@ -273,6 +271,13 @@ nginx_config_http_template:
underscores_in_headers: false # Boolean -- Not available in the 'location' context
variables_hash_bucket_size: 64 # Available only in the 'http' context
variables_hash_max_size: 1024 # Available only in the 'http' context
http2: # Configure HTTP2
enable: false # Boolean -- Not available in the 'location' context
body_preread_size: 64k # Not available in the 'location' context
chunk_size: 8k
max_concurrent_streams: 128 # Number -- Not available in the 'location' context
recv_buffer_size: 256k # Only available in the 'http' context
recv_timeout: 20s # Not available in the 'location' context
ssl: # Configure SSL
buffer_size: 16k
certificate: /path/to/file # String or a list of strings
@@ -647,14 +652,14 @@ nginx_config_http_template:
map: # Configure maps -- Available only in the 'http' context
hash_bucket_size: 64
hash_max_size: 2048
mappings: # Dictionary or list of dictionaries
string: $remote_addr # Required
variable: $upstream # Required
hostnames: false # Boolean
volatile: false # Boolean
content: # Dictionary or list of dictionaries
- value: default
new_value: 0
mappings: # List of dictionaries
- string: $remote_addr # Required
variable: $upstream # Required
hostnames: false # Boolean
volatile: false # Boolean
content: # Dictionary or list of dictionaries
- value: default
new_value: 0
mirror: # Configure mirrors
request_body: true # Boolean
uri: false # String or a list of strings -- Can alternatively be set to 'false'
14 changes: 8 additions & 6 deletions meta/main.yml
Original file line number Diff line number Diff line change
@@ -7,21 +7,23 @@ galaxy_info:

license: Apache License, Version 2.0

min_ansible_version: "2.12"
min_ansible_version: '2.12'

platforms:
- name: Alpine
versions: [all]
- name: Amazon Linux 2
versions: [all]
- name: Amazon Linux
versions: ['2', '2023']
- name: Debian
versions: [bullseye]
versions: [bullseye, bookworm]
- name: EL
versions: ['7', '8', '9']
- name: FreeBSD
versions: ['12.1']
versions: ['12.1', '12.2', '12.3', '12.4', '13.0', '13.1', '13.2']
- name: OracleLinux
versions: ['7', '8', '9']
- name: Ubuntu
versions: [bionic, focal, impish, jammy]
versions: [focal, jammy, kinetic, lunar]
- name: SLES
versions: ['12', '15']

2 changes: 1 addition & 1 deletion molecule/cleanup_module/converge.yml
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
tasks:
- name: Configure NGINX
ansible.builtin.include_role:
name: ansible-role-nginx-config
name: nginxinc.nginx_config
vars:
nginx_config_debug_output: true

2 changes: 1 addition & 1 deletion molecule/cleanup_module/prepare.yml
Original file line number Diff line number Diff line change
@@ -13,4 +13,4 @@
ansible.builtin.file:
path: /etc/nginx/conf.d/mock.conf
state: touch
mode: 0644
mode: "0644"
16 changes: 13 additions & 3 deletions molecule/default/converge.yml
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
tasks:
- name: Configure NGINX
ansible.builtin.include_role:
name: ansible-role-nginx-config
name: nginxinc.nginx_config
vars:
nginx_config_debug_output: true

@@ -229,6 +229,13 @@
underscores_in_headers: false
variables_hash_bucket_size: 64
variables_hash_max_size: 1024
http2:
enable: true
body_preread_size: 128k
chunk_size: 8k
max_concurrent_streams: 31
recv_buffer_size: 128k
recv_timeout: 10s
ssl:
buffer_size: 16k
certificate: /etc/ssl/certs/molecule.crt
@@ -548,8 +555,6 @@
port: 80
default_server: true
ssl: false
http2: false
spdy: false
proxy_protocol: false
fastopen: 12
backlog: 511
@@ -577,6 +582,9 @@
try_files:
files: $uri
uri: /images/default.gif
http2:
enable: false
chunk_size: 8k
auth_basic:
realm: false
log:
@@ -653,6 +661,8 @@
core:
index: frontend_index.html
root: /usr/share/nginx/html
http2:
chunk_size: 10k
- location: /alias
core:
alias: /usr/share/nginx/html
2 changes: 1 addition & 1 deletion molecule/plus/converge.yml
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
tasks:
- name: Configure NGINX
ansible.builtin.include_role:
name: ansible-role-nginx-config
name: nginxinc.nginx_config
vars:
nginx_config_debug_output: true

4 changes: 2 additions & 2 deletions molecule/plus/prepare.yml
Original file line number Diff line number Diff line change
@@ -8,14 +8,14 @@
content: "{{ lookup('env', 'NGINX_CRT') | b64decode }}"
dest: ../common/files/license/nginx-repo.crt
force: false
mode: 0444
mode: "0444"

- name: Create ephemeral license key file from b64 decoded env var # noqa template-instead-of-copy
ansible.builtin.copy:
content: "{{ lookup('env', 'NGINX_KEY') | b64decode }}"
dest: ../common/files/license/nginx-repo.key
force: false
mode: 0444
mode: "0444"

- name: Install NGINX Plus
hosts: all
Original file line number Diff line number Diff line change
@@ -4,11 +4,10 @@
tasks:
- name: Configure NGINX
ansible.builtin.include_role:
name: ansible-role-nginx-config
name: nginxinc.nginx_config
vars:
nginx_config_debug_output: true

nginx_branch: stable
nginx_config_upload_enable: true
nginx_config_upload:
- src: ../common/files/snippets/location_snippet.conf
File renamed without changes.
File renamed without changes.
File renamed without changes.
24 changes: 12 additions & 12 deletions tasks/config/template-config.yml
Original file line number Diff line number Diff line change
@@ -3,7 +3,7 @@
ansible.builtin.file:
path: "{{ item['deployment_location'] | default('/usr/share/nginx/html') | dirname }}"
state: directory
mode: 0755
mode: "0755"
loop: "{{ nginx_config_html_demo_template }}"
when: nginx_config_html_demo_template_enable | bool

@@ -12,7 +12,7 @@
src: "{{ item['template_file'] | default('www/index.html.j2') }}"
dest: "{{ item['deployment_location'] | default('/usr/share/nginx/html/index.html') }}"
backup: "{{ item['backup'] | default(true) }}"
mode: 0644
mode: "0644"
loop: "{{ nginx_config_html_demo_template }}"
when: nginx_config_html_demo_template_enable | bool

@@ -31,15 +31,15 @@
ansible.builtin.file:
path: "{{ nginx_config_main_template['deployment_location'] | default('/etc/nginx') | dirname }}"
state: directory
mode: 0755
mode: "0755"
when: nginx_config_main_template_enable | bool

- name: Dynamically generate NGINX main configuration file
ansible.builtin.template:
src: "{{ nginx_config_main_template['template_file'] | default('nginx.conf.j2') }}"
dest: "{{ nginx_config_main_template['deployment_location'] | default('/etc/nginx/nginx.conf') }}"
backup: "{{ nginx_config_main_template['backup'] | default(true) }}"
mode: 0644
mode: "0644"
when: nginx_config_main_template_enable | bool
notify: (Handler - NGINX Config) Run NGINX

@@ -48,7 +48,7 @@
path: "{{ item['config']['core']['client_body_temp_path']['path'] }}"
state: directory
owner: "{{ nginx_config_main_template['config']['main']['user']['username'] | default('nginx') }}"
mode: 0755
mode: "0755"
loop: "{{ nginx_config_http_template }}"
loop_control:
label: "{{ item['config']['core']['client_body_temp_path']['path'] | default('config[''core''][''client_body_temp_path''][''path''] undefined') }}" # noqa jinja[spacing]
@@ -61,7 +61,7 @@
path: "{{ item[1]['path'] }}"
state: directory
owner: "{{ nginx_config_main_template['config']['main']['user']['username'] | default('nginx') }}"
mode: 0755
mode: "0755"
loop: "{{ nginx_config_http_template | subelements(['config', 'proxy', 'cache_path'], skip_missing=True) }}"
loop_control:
label: "{{ item[1]['path'] | default('config[''proxy''][''cache_path''][''path''] undefined') }}" # noqa jinja[spacing]
@@ -71,7 +71,7 @@
ansible.builtin.file:
path: "{{ item['deployment_location'] | default('/etc/nginx/conf.d/') | dirname }}"
state: directory
mode: 0755
mode: "0755"
loop: "{{ nginx_config_http_template }}"
loop_control:
label: "{{ item['deployment_location'] | default('/etc/nginx/conf.d/') | dirname }}"
@@ -82,7 +82,7 @@
src: "{{ item['template_file'] | default('http/default.conf.j2') }}"
dest: "{{ item['deployment_location'] | default('/etc/nginx/conf.d/default.conf') }}"
backup: "{{ item['backup'] | default(true) }}"
mode: 0644
mode: "0644"
loop: "{{ nginx_config_http_template }}"
loop_control:
label: "{{ item['deployment_location'] | default('/etc/nginx/conf.d/default.conf') }}"
@@ -94,7 +94,7 @@
src: "{{ nginx_config_status_template_file | default('http/status.conf.j2') }}"
dest: "{{ nginx_config_status_file_location | default('/etc/nginx/conf.d/status.conf') }}"
backup: "{{ nginx_config_status_backup | default(true) }}"
mode: 0644
mode: "0644"
notify: (Handler - NGINX Config) Run NGINX
when: nginx_config_status_enable | bool

@@ -103,15 +103,15 @@
src: "{{ nginx_config_rest_api_template_file | default('http/api.conf.j2') }}"
dest: "{{ nginx_config_rest_api_file_location | default('/etc/nginx/conf.d/api.conf') }}"
backup: "{{ nginx_config_rest_api_backup | default(true) }}"
mode: 0644
mode: "0644"
notify: (Handler - NGINX Config) Run NGINX
when: nginx_config_rest_api_enable | bool

- name: Ensure NGINX stream directory exists
ansible.builtin.file:
path: "{{ item['deployment_location'] | default('/etc/nginx/conf.d/') | dirname }}"
state: directory
mode: 0755
mode: "0755"
loop: "{{ nginx_config_stream_template }}"
loop_control:
label: "{{ item['deployment_location'] | default('/etc/nginx/conf.d/') | dirname }}"
@@ -122,7 +122,7 @@
src: "{{ item['template_file'] | default('stream/default.conf.j2') }}"
dest: "{{ item['deployment_location'] | default('/etc/nginx/conf.d/stream_default.conf') }}"
backup: true
mode: 0644
mode: "0644"
loop: "{{ nginx_config_stream_template }}"
loop_control:
label: "{{ item['deployment_location'] | default('/etc/nginx/conf.d/stream_default.conf') }}"
14 changes: 7 additions & 7 deletions tasks/config/upload-config.yml
Original file line number Diff line number Diff line change
@@ -6,15 +6,15 @@
ansible.builtin.file:
path: "{{ item['dest'] | dirname if item['dest'].endswith('.conf') else item['dest'] | default('/etc/nginx') }}"
state: directory
mode: 0755
mode: "0755"
loop: "{{ nginx_config_upload }}"

- name: Upload NGINX config snippet files
ansible.builtin.copy:
src: "{{ item['src'] }}"
dest: "{{ item['dest'] | default('/etc/nginx/') }}"
backup: "{{ item['backup'] | default(true) }}"
mode: 0644
mode: "0644"
loop: "{{ nginx_config_upload }}"
notify: (Handler - NGINX Config) Run NGINX

@@ -25,15 +25,15 @@
ansible.builtin.file:
path: "{{ item['dest'] | dirname if item['dest'].endswith('.html') else item['dest'] | default('/usr/share/nginx/html') }}"
state: directory
mode: 0755
mode: "0755"
loop: "{{ nginx_config_upload_html }}"

- name: Upload HTML files
ansible.builtin.copy:
src: "{{ item['src'] }}"
dest: "{{ item['dest'] | default('/usr/share/nginx/html') }}"
backup: "{{ item['backup'] | default(true) }}"
mode: 0644
mode: "0644"
loop: "{{ nginx_config_upload_html }}"
notify: (Handler - NGINX Config) Run NGINX

@@ -44,22 +44,22 @@
ansible.builtin.file:
path: "{{ item['dest'] }}"
state: directory
mode: 0755
mode: "0755"
loop: "{{ nginx_config_upload_ssl_crt + nginx_config_upload_ssl_key }}"

- name: Upload NGINX SSL certificates
ansible.builtin.copy:
src: "{{ item['src'] }}"
dest: "{{ item['dest'] | default('/etc/ssl/certs') }}"
backup: "{{ item['backup'] | default(true) }}"
mode: 0640
mode: "0640"
loop: "{{ nginx_config_upload_ssl_crt }}"

- name: Upload NGINX SSL keys
ansible.builtin.copy:
src: "{{ item['src'] }}"
dest: "{{ item['dest'] | default('/etc/ssl/private') }}"
backup: "{{ item['backup'] | default(true) }}"
mode: 0640
mode: "0640"
loop: "{{ nginx_config_upload_ssl_key }}"
no_log: true
1 change: 0 additions & 1 deletion templates/http/core.j2
Original file line number Diff line number Diff line change
@@ -141,7 +141,6 @@ lingering_timeout {{ core['lingering_timeout'] }};
listen {{ listen['address'] if listen['address'] is defined }}{{ ':' if listen['address'] is defined and listen['port'] is defined }}{{ listen['port'] if listen['port'] is defined -}}
{{- ' default_server' if listen['default_server'] is defined and listen['default_server'] is boolean and listen['default_server'] | bool -}}
{{- ' ssl' if listen['ssl'] is defined and listen['ssl'] is boolean and listen['ssl'] | bool -}}
{{- ' http2' if listen['http2'] is defined and listen['http2'] is boolean and listen['http2'] | bool else ' spdy' if listen['spdy'] is defined and listen['spdy'] is boolean and listen['spdy'] | bool -}}
{{- ' proxy_protocol' if listen['proxy_protocol'] is defined and listen['proxy_protocol'] is boolean and listen['proxy_protocol'] | bool -}}
{{- (' setfib=' + listen['setfib'] | string) if listen['setfib'] is defined -}}
{{- (' fastopen=' + listen['fastopen'] | string) if listen['fastopen'] is defined and listen['fastopen'] is number -}}
16 changes: 16 additions & 0 deletions templates/http/default.conf.j2
Original file line number Diff line number Diff line change
@@ -8,6 +8,10 @@
{% from 'http/core.j2' import core with context %}
{{ core(item['config']['core']) }}
{%- endif %}
{% if item['config']['http2'] is defined %}
{% from 'http/modules.j2' import http2 with context %}
{{ http2(item['config']['http2'], 'http') }}
{%- endif %}
{% if item['config']['ssl'] is defined %}
{% from 'http/ssl.j2' import ssl with context %}
{{ ssl(item['config']['ssl']) }}
@@ -124,6 +128,12 @@ server {
{{ core(server['core']) }}
{%- endfilter %}
{% endif %}
{% if server['http2'] is defined %}
{% from 'http/modules.j2' import http2 with context %}
{% filter indent(4) %}
{{ http2(server['http2'], 'server') }}
{%- endfilter %}
{% endif %}
{% if server['ssl'] is defined %}
{% from 'http/ssl.j2' import ssl with context %}
{% filter indent(4) %}
@@ -278,6 +288,12 @@ server {
{{ core(location['core']) }}
{%- endfilter %}
{% endif %}
{% if location['http2'] is defined %}
{% from 'http/modules.j2' import http2 with context %}
{% filter indent(8) %}
{{ http2(location['http2'], 'location') }}
{%- endfilter %}
{% endif %}
{% if location['app_protect_waf'] is defined %}
{% from 'http/app_protect.j2' import app_protect_waf with context %}
{% filter indent(8) %}
22 changes: 22 additions & 0 deletions templates/http/modules.j2
Original file line number Diff line number Diff line change
@@ -330,3 +330,25 @@ sub_filter_types {{ sub_filter['types'] if sub_filter['types'] is string else su
{% endif %}

{% endmacro %}

{# NGINX HTTP v2 -- ngx_http_v2_module #}
{% macro http2(http2, scope='http') %}
{% if scope != 'location' %}{# The following scoped directives are not available in the 'location' context #}
{% if http2['enabled'] is defined and http2['enabled'] is boolean %}
http2 {{ http2['enabled'] | ternary('on', 'off') }};
{% endif %}
{% if http2['body_preread_size'] is defined %}
http2_body_preread_size {{ http2['body_preread_size'] }};
{% endif %}
{% if http2['max_concurrent_streams'] is defined and http2['max_concurrent_streams'] is number %}
http2_max_concurrent_streams {{ http2['max_concurrent_streams'] }};
{% endif %}
{% endif %}
{% if scope == 'http' and http2['recv_buffer_size'] is defined %}{# 'recv_buffer_size' directive is only available in the 'http' context #}
http2_recv_buffer_size {{ http2['recv_buffer_size'] }};
{% endif %}
{% if http2['chunk_size'] is defined %}
http2_chunk_size {{ http2['chunk_size'] }};
{% endif %}

{% endmacro %}