Compare commits
56 Commits
Author | SHA1 | Date |
---|---|---|
Jeff Geerling | dbd7d57194 | |
jon4hz | 016415bdaf | |
Jeff Geerling | 01381ec321 | |
Jeff Geerling | 3e4db55e8e | |
Jeff Geerling | db216a2076 | |
Jeff Geerling | a2e99e7053 | |
Jeff Geerling | 13b29b765d | |
Jeff Geerling | bb6ee693ab | |
Jeff Geerling | 029d62ee83 | |
Jeff Geerling | f2690e01fc | |
Andrii Podanenko | cd0a5f5a90 | |
Andrii Podanenko | 75c34686a7 | |
Perriguey Thomas | fe4dfd9ed7 | |
Jeff Geerling | 500c28789b | |
Damien TOURDE | d05e5024d7 | |
Jeff Geerling | e4a2b6300a | |
Jeff Geerling | efe506da2b | |
XaTTa6bl4 | ecd9d2e697 | |
Jeff Geerling | e1269f9a16 | |
Jeff Geerling | 4387e27a08 | |
Jeff Geerling | 179f26a45f | |
Stefan Hornburg (Racke) | 2c430d34ac | |
Jeff Geerling | 552382318b | |
Jeff Geerling | ce3d3357b0 | |
glaszig | cbf2aea6fe | |
glaszig | 9f1b7e9ce7 | |
glaszig | cee3ac6eed | |
Jeff Geerling | 48633acdae | |
Jeff Geerling | 1820e90b4c | |
Jeff Geerling | e533fbab36 | |
Robert O'Connor | 2aa9dd5f06 | |
Jeff Geerling | d3baaf9908 | |
Jeff Geerling | f91f3dc631 | |
Jeff Geerling | 3e0b830f84 | |
Jeff Geerling | 28c3d9458d | |
Jeff Geerling | 73b0585715 | |
Jeff Geerling | 2e07c1cae4 | |
Jeff Geerling | 227d1326ca | |
Jeff Geerling | 78c46c4972 | |
Jeff Geerling | 485cc835f1 | |
Michael Lynch | 2fde446202 | |
Jeff Geerling | 9ae8584281 | |
Jeff Geerling | c5d73ace87 | |
Jeff Geerling | 14bda8108e | |
Jeff Geerling | 606592e05e | |
Jeff Geerling | 87ecb1127f | |
Jeff Geerling | fc5451b2aa | |
Jeff Geerling | 9fd6f2973b | |
Jeff Geerling | 790e82457a | |
Jeff Geerling | 762500858b | |
Jeff Geerling | 8fd368cea5 | |
Jeff Geerling | f44af7cd88 | |
Jeff Geerling | 4400af5065 | |
Danilo G. Baio (dbaio) | cac5b664b6 | |
Danilo G. Baio (dbaio) | 4e3911c8ea | |
Danilo G. Baio (dbaio) | 654229e203 |
|
@ -0,0 +1,3 @@
|
|||
skip_list:
|
||||
- 'yaml'
|
||||
- 'role-name'
|
|
@ -0,0 +1,4 @@
|
|||
# These are supported funding model platforms
|
||||
---
|
||||
github: geerlingguy
|
||||
patreon: geerlingguy
|
|
@ -0,0 +1,68 @@
|
|||
---
|
||||
name: CI
|
||||
'on':
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
schedule:
|
||||
- cron: "0 6 * * 3"
|
||||
|
||||
defaults:
|
||||
run:
|
||||
working-directory: 'geerlingguy.nginx'
|
||||
|
||||
jobs:
|
||||
|
||||
lint:
|
||||
name: Lint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out the codebase.
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: 'geerlingguy.nginx'
|
||||
|
||||
- name: Set up Python 3.
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install test dependencies.
|
||||
run: pip3 install yamllint
|
||||
|
||||
- name: Lint code.
|
||||
run: |
|
||||
yamllint .
|
||||
|
||||
molecule:
|
||||
name: Molecule
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
distro:
|
||||
- rockylinux9
|
||||
- ubuntu2204
|
||||
- debian12
|
||||
- opensuseleap15
|
||||
|
||||
steps:
|
||||
- name: Check out the codebase.
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: 'geerlingguy.nginx'
|
||||
|
||||
- name: Set up Python 3.
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install test dependencies.
|
||||
run: pip3 install ansible molecule molecule-plugins[docker] docker
|
||||
|
||||
- name: Run Molecule tests.
|
||||
run: molecule test
|
||||
env:
|
||||
PY_COLORS: '1'
|
||||
ANSIBLE_FORCE_COLOR: '1'
|
||||
MOLECULE_DISTRO: ${{ matrix.distro }}
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
|
||||
# repository or organization.
|
||||
#
|
||||
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
|
||||
# See: https://github.com/ansible/galaxy/issues/46
|
||||
|
||||
name: Release
|
||||
'on':
|
||||
push:
|
||||
tags:
|
||||
- '*'
|
||||
|
||||
defaults:
|
||||
run:
|
||||
working-directory: 'geerlingguy.nginx'
|
||||
|
||||
jobs:
|
||||
|
||||
release:
|
||||
name: Release
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out the codebase.
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: 'geerlingguy.nginx'
|
||||
|
||||
- name: Set up Python 3.
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install Ansible.
|
||||
run: pip3 install ansible-core
|
||||
|
||||
- name: Trigger a new import on Galaxy.
|
||||
run: >-
|
||||
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
|
||||
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
name: Close inactive issues
|
||||
'on':
|
||||
schedule:
|
||||
- cron: "55 18 * * 6" # semi-random time
|
||||
|
||||
jobs:
|
||||
close-issues:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
steps:
|
||||
- uses: actions/stale@v8
|
||||
with:
|
||||
days-before-stale: 120
|
||||
days-before-close: 60
|
||||
exempt-issue-labels: bug,pinned,security,planned
|
||||
exempt-pr-labels: bug,pinned,security,planned
|
||||
stale-issue-label: "stale"
|
||||
stale-pr-label: "stale"
|
||||
stale-issue-message: |
|
||||
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
|
||||
|
||||
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
|
||||
close-issue-message: |
|
||||
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
|
||||
stale-pr-message: |
|
||||
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
|
||||
|
||||
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
|
||||
close-pr-message: |
|
||||
This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -1,3 +1,7 @@
|
|||
*.retry
|
||||
*/__pycache__
|
||||
*.pyc
|
||||
.cache
|
||||
|
||||
venv/
|
||||
.vscode/
|
||||
|
|
29
.travis.yml
29
.travis.yml
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
language: python
|
||||
services: docker
|
||||
|
||||
env:
|
||||
global:
|
||||
- ROLE_NAME: nginx
|
||||
matrix:
|
||||
- MOLECULE_DISTRO: centos7
|
||||
- MOLECULE_DISTRO: ubuntu1804
|
||||
- MOLECULE_DISTRO: ubuntu1604
|
||||
- MOLECULE_DISTRO: debian9
|
||||
|
||||
install:
|
||||
# Install test dependencies.
|
||||
- pip install molecule docker
|
||||
|
||||
before_script:
|
||||
# Use actual Ansible Galaxy role name for the project directory.
|
||||
- cd ../
|
||||
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
|
||||
- cd geerlingguy.$ROLE_NAME
|
||||
|
||||
script:
|
||||
# Run tests.
|
||||
- molecule test
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
|
@ -1,6 +1,10 @@
|
|||
---
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
line-length:
|
||||
max: 120
|
||||
level: warning
|
||||
|
||||
ignore: |
|
||||
.github/workflows/stale.yml
|
13
README.md
13
README.md
|
@ -1,6 +1,6 @@
|
|||
# Ansible Role: Nginx
|
||||
|
||||
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
|
||||
[![CI](https://github.com/geerlingguy/ansible-role-nginx/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-nginx/actions?query=workflow%3ACI)
|
||||
|
||||
**Note:** Please consider using the official [NGINX Ansible role](https://github.com/nginxinc/ansible-role-nginx) from NGINX, Inc.
|
||||
|
||||
|
@ -16,6 +16,11 @@ None.
|
|||
|
||||
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||
|
||||
|
||||
nginx_listen_ipv6: true
|
||||
|
||||
Whether or not to listen on IPv6 (applied to all vhosts managed by this role).
|
||||
|
||||
nginx_vhosts: []
|
||||
|
||||
A list of vhost definitions (server blocks) for Nginx virtual hosts. Each entry will create a separate config file named by `server_name`. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
|
||||
|
@ -77,7 +82,7 @@ The user under which Nginx will run. Defaults to `nginx` for RedHat, `www-data`
|
|||
`nginx_worker_processes` should be set to the number of cores present on your machine (if the default is incorrect, find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). You can set `nginx_multi_accept` to `on` if you want Nginx to accept all connections immediately.
|
||||
|
||||
nginx_error_log: "/var/log/nginx/error.log warn"
|
||||
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
|
||||
nginx_access_log: "/var/log/nginx/access.log main buffer=16k flush=2m"
|
||||
|
||||
Configuration of the default error and access logs. Set to `off` to disable a log entirely.
|
||||
|
||||
|
@ -150,6 +155,10 @@ Configures Nginx's [`log_format`](http://nginx.org/en/docs/http/ngx_http_log_mod
|
|||
|
||||
(For RedHat/CentOS only) Set this to `false` to disable the installation of the `nginx` yum repository. This could be necessary if you want the default OS stable packages, or if you use Satellite.
|
||||
|
||||
nginx_zypper_repo_enabled: true
|
||||
|
||||
(For Suse only) Set this to `false` to disable the installation of the `nginx` zypper repository. This could be necessary if you want the default OS stable packages, or if you use Suse Manager.
|
||||
|
||||
nginx_service_state: started
|
||||
nginx_service_enabled: yes
|
||||
|
||||
|
|
|
@ -5,6 +5,9 @@ nginx_default_release: ""
|
|||
# Used only for Redhat installation, enables source Nginx repo.
|
||||
nginx_yum_repo_enabled: true
|
||||
|
||||
# Used only for Suse installation, enables source Nginx repo.
|
||||
nginx_zypper_repo_enabled: true
|
||||
|
||||
# Use the official Nginx PPA for Ubuntu, and the version to use if so.
|
||||
nginx_ppa_use: false
|
||||
nginx_ppa_version: stable
|
||||
|
@ -30,8 +33,8 @@ nginx_sendfile: "on"
|
|||
nginx_tcp_nopush: "on"
|
||||
nginx_tcp_nodelay: "on"
|
||||
|
||||
nginx_keepalive_timeout: "65"
|
||||
nginx_keepalive_requests: "100"
|
||||
nginx_keepalive_timeout: "75"
|
||||
nginx_keepalive_requests: "600"
|
||||
|
||||
nginx_server_tokens: "on"
|
||||
|
||||
|
@ -57,6 +60,10 @@ nginx_extra_http_options: ""
|
|||
# proxy_set_header Host $http_host;
|
||||
|
||||
nginx_remove_default_vhost: false
|
||||
|
||||
# Listen on IPv6 (default: true)
|
||||
nginx_listen_ipv6: true
|
||||
|
||||
nginx_vhosts: []
|
||||
# Example vhost below, showing all available options:
|
||||
# - listen: "80" # default: "80"
|
||||
|
@ -78,11 +85,10 @@ nginx_upstreams: []
|
|||
# - name: myapp1
|
||||
# strategy: "ip_hash" # "least_conn", etc.
|
||||
# keepalive: 16 # optional
|
||||
# servers: {
|
||||
# "srv1.example.com",
|
||||
# "srv2.example.com weight=3",
|
||||
# "srv3.example.com"
|
||||
# }
|
||||
# servers:
|
||||
# - "srv1.example.com"
|
||||
# - "srv2.example.com weight=3"
|
||||
# - "srv3.example.com"
|
||||
|
||||
nginx_log_format: |-
|
||||
'$remote_addr - $remote_user [$time_local] "$request" '
|
||||
|
|
|
@ -8,3 +8,4 @@
|
|||
|
||||
- name: reload nginx
|
||||
service: name=nginx state=reloaded
|
||||
when: nginx_service_state == "started"
|
||||
|
|
|
@ -2,16 +2,13 @@
|
|||
dependencies: []
|
||||
|
||||
galaxy_info:
|
||||
role_name: nginx
|
||||
author: geerlingguy
|
||||
description: Nginx installation for Linux, FreeBSD and OpenBSD.
|
||||
company: "Midwestern Mac, LLC"
|
||||
license: "license (BSD, MIT)"
|
||||
min_ansible_version: 2.4
|
||||
min_ansible_version: 2.10
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
|
@ -19,6 +16,7 @@ galaxy_info:
|
|||
versions:
|
||||
- trusty
|
||||
- xenial
|
||||
- focal
|
||||
- name: Archlinux
|
||||
versions:
|
||||
- all
|
||||
|
|
|
@ -1,29 +1,21 @@
|
|||
---
|
||||
role_name_check: 1
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
ignore-errors: true
|
||||
driver:
|
||||
name: docker
|
||||
lint:
|
||||
name: yamllint
|
||||
options:
|
||||
config-file: molecule/default/yaml-lint.yml
|
||||
platforms:
|
||||
- name: instance
|
||||
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
|
||||
image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||
cgroupns_mode: host
|
||||
privileged: true
|
||||
pre_build_image: true
|
||||
provisioner:
|
||||
name: ansible
|
||||
lint:
|
||||
name: ansible-lint
|
||||
playbooks:
|
||||
converge: ${MOLECULE_PLAYBOOK:-playbook.yml}
|
||||
scenario:
|
||||
name: default
|
||||
verifier:
|
||||
name: testinfra
|
||||
lint:
|
||||
name: flake8
|
||||
converge: ${MOLECULE_PLAYBOOK:-converge.yml}
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
# Setup/install tasks.
|
||||
- include_tasks: setup-RedHat.yml
|
||||
when: ansible_os_family == 'RedHat'
|
||||
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky' or ansible_os_family == 'AlmaLinux'
|
||||
|
||||
- include_tasks: setup-Ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
@ -27,6 +27,9 @@
|
|||
- include_tasks: setup-Archlinux.yml
|
||||
when: ansible_os_family == 'Archlinux'
|
||||
|
||||
- include_tasks: setup-Suse.yml
|
||||
when: ansible_os_family == 'Suse'
|
||||
|
||||
# Vhost configuration.
|
||||
- import_tasks: vhosts.yml
|
||||
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
- name: Update pkg cache.
|
||||
command: pkg update -f
|
||||
environment:
|
||||
ASSUME_ALWAYS_YES: "yes"
|
||||
tags: ['skip_ansible_lint']
|
||||
|
||||
- name: Ensure nginx is installed.
|
||||
|
@ -12,3 +14,4 @@
|
|||
file:
|
||||
path: /var/log/nginx
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
|
|
@ -8,3 +8,4 @@
|
|||
file:
|
||||
path: /var/log/nginx
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: Enable nginx repo.
|
||||
zypper_repository:
|
||||
name: nginx
|
||||
repo: http://nginx.org/packages/sles/{{ ansible_distribution_major_version }}
|
||||
state: present
|
||||
disable_gpg_check: true
|
||||
autorefresh: true
|
||||
when: nginx_zypper_repo_enabled | bool
|
||||
|
||||
- name: Ensure nginx is installed.
|
||||
package:
|
||||
name: "{{ nginx_package_name }}"
|
||||
state: present
|
|
@ -1,5 +1,10 @@
|
|||
---
|
||||
- name: Add PPA for Nginx.
|
||||
- name: Ensure dirmngr is installed (gnupg dependency).
|
||||
apt:
|
||||
name: dirmngr
|
||||
state: present
|
||||
|
||||
- name: Add PPA for Nginx (if configured).
|
||||
apt_repository:
|
||||
repo: 'ppa:nginx/{{ nginx_ppa_version }}'
|
||||
state: present
|
||||
|
@ -9,7 +14,7 @@
|
|||
|
||||
- name: Ensure nginx will reinstall if the PPA was just added.
|
||||
apt:
|
||||
name: nginx
|
||||
name: "{{ nginx_package_name }}"
|
||||
state: absent
|
||||
when: nginx_ppa_added.changed
|
||||
when: nginx_ppa_added is changed
|
||||
tags: ['skip_ansible_lint']
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
file:
|
||||
path: "{{ nginx_vhost_path }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
notify: reload nginx
|
||||
|
||||
- name: Add managed vhost config files.
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
{% if item.server_name_redirect is defined %}
|
||||
server {
|
||||
listen {{ item.listen | default('80') }};
|
||||
{% if nginx_listen_ipv6 %}
|
||||
listen [::]:{{item.listen | default('80') }};
|
||||
{% endif %}
|
||||
server_name {{ item.server_name_redirect }};
|
||||
return 301 $scheme://{{ item.server_name.split(' ')[0] }}$request_uri;
|
||||
}
|
||||
|
@ -13,6 +16,9 @@ server {
|
|||
|
||||
{% block server_basic -%}
|
||||
listen {{ item.listen | default('80') }};
|
||||
{% if nginx_listen_ipv6 %}
|
||||
listen [::]:{{item.listen | default('80') }};
|
||||
{% endif %}
|
||||
|
||||
{% if item.server_name is defined %}
|
||||
server_name {{ item.server_name }};
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
root_group: root
|
||||
nginx_conf_path: /etc/nginx/conf.d
|
||||
nginx_conf_file_path: /etc/nginx/nginx.conf
|
||||
nginx_mime_file_path: /etc/nginx/mime.types
|
||||
nginx_pidfile: /var/run/nginx.pid
|
||||
nginx_vhost_path: /etc/nginx/conf.d
|
||||
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
|
||||
__nginx_user: "nginx"
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
root_group: root
|
||||
nginx_conf_path: /etc/nginx/conf.d
|
||||
nginx_conf_file_path: /etc/nginx/nginx.conf
|
||||
nginx_mime_file_path: /etc/nginx/mime.types
|
||||
nginx_pidfile: /var/run/nginx.pid
|
||||
nginx_vhost_path: /etc/nginx/conf.d
|
||||
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
|
||||
__nginx_user: "nginx"
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
root_group: root
|
||||
nginx_conf_path: /etc/nginx/conf.d
|
||||
nginx_conf_file_path: /etc/nginx/nginx.conf
|
||||
nginx_mime_file_path: /etc/nginx/mime.types
|
||||
nginx_pidfile: /var/run/nginx.pid
|
||||
nginx_vhost_path: /etc/nginx/conf.d
|
||||
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
|
||||
__nginx_user: "nginx"
|
Loading…
Reference in New Issue