Compare commits
42 Commits
Author | SHA1 | Date |
---|---|---|
Jeff Geerling | dbd7d57194 | |
jon4hz | 016415bdaf | |
Jeff Geerling | 01381ec321 | |
Jeff Geerling | 3e4db55e8e | |
Jeff Geerling | db216a2076 | |
Jeff Geerling | a2e99e7053 | |
Jeff Geerling | 13b29b765d | |
Jeff Geerling | bb6ee693ab | |
Jeff Geerling | 029d62ee83 | |
Jeff Geerling | f2690e01fc | |
Andrii Podanenko | cd0a5f5a90 | |
Andrii Podanenko | 75c34686a7 | |
Perriguey Thomas | fe4dfd9ed7 | |
Jeff Geerling | 500c28789b | |
Damien TOURDE | d05e5024d7 | |
Jeff Geerling | e4a2b6300a | |
Jeff Geerling | efe506da2b | |
XaTTa6bl4 | ecd9d2e697 | |
Jeff Geerling | e1269f9a16 | |
Jeff Geerling | 4387e27a08 | |
Jeff Geerling | 179f26a45f | |
Stefan Hornburg (Racke) | 2c430d34ac | |
Jeff Geerling | 552382318b | |
Jeff Geerling | ce3d3357b0 | |
glaszig | cbf2aea6fe | |
glaszig | 9f1b7e9ce7 | |
glaszig | cee3ac6eed | |
Jeff Geerling | 48633acdae | |
Jeff Geerling | 1820e90b4c | |
Jeff Geerling | e533fbab36 | |
Robert O'Connor | 2aa9dd5f06 | |
Jeff Geerling | d3baaf9908 | |
Jeff Geerling | f91f3dc631 | |
Jeff Geerling | 3e0b830f84 | |
Jeff Geerling | 28c3d9458d | |
Jeff Geerling | 73b0585715 | |
Jeff Geerling | 2e07c1cae4 | |
Jeff Geerling | 227d1326ca | |
Jeff Geerling | 78c46c4972 | |
Jeff Geerling | 485cc835f1 | |
Michael Lynch | 2fde446202 | |
Jeff Geerling | 9ae8584281 |
|
@ -0,0 +1,3 @@
|
|||
skip_list:
|
||||
- 'yaml'
|
||||
- 'role-name'
|
|
@ -1,56 +0,0 @@
|
|||
# Configuration for probot-stale - https://github.com/probot/stale
|
||||
|
||||
# Number of days of inactivity before an Issue or Pull Request becomes stale
|
||||
daysUntilStale: 90
|
||||
|
||||
# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
|
||||
# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
|
||||
daysUntilClose: 30
|
||||
|
||||
# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled)
|
||||
onlyLabels: []
|
||||
|
||||
# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
|
||||
exemptLabels:
|
||||
- pinned
|
||||
- security
|
||||
- planned
|
||||
|
||||
# Set to true to ignore issues in a project (defaults to false)
|
||||
exemptProjects: false
|
||||
|
||||
# Set to true to ignore issues in a milestone (defaults to false)
|
||||
exemptMilestones: false
|
||||
|
||||
# Set to true to ignore issues with an assignee (defaults to false)
|
||||
exemptAssignees: false
|
||||
|
||||
# Label to use when marking as stale
|
||||
staleLabel: stale
|
||||
|
||||
# Limit the number of actions per hour, from 1-30. Default is 30
|
||||
limitPerRun: 30
|
||||
|
||||
pulls:
|
||||
markComment: |-
|
||||
This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution!
|
||||
|
||||
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale.
|
||||
|
||||
unmarkComment: >-
|
||||
This pull request is no longer marked for closure.
|
||||
|
||||
closeComment: >-
|
||||
This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details.
|
||||
|
||||
issues:
|
||||
markComment: |-
|
||||
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
|
||||
|
||||
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
|
||||
|
||||
unmarkComment: >-
|
||||
This issue is no longer marked for closure.
|
||||
|
||||
closeComment: >-
|
||||
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
|
|
@ -0,0 +1,68 @@
|
|||
---
|
||||
name: CI
|
||||
'on':
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
schedule:
|
||||
- cron: "0 6 * * 3"
|
||||
|
||||
defaults:
|
||||
run:
|
||||
working-directory: 'geerlingguy.nginx'
|
||||
|
||||
jobs:
|
||||
|
||||
lint:
|
||||
name: Lint
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out the codebase.
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: 'geerlingguy.nginx'
|
||||
|
||||
- name: Set up Python 3.
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install test dependencies.
|
||||
run: pip3 install yamllint
|
||||
|
||||
- name: Lint code.
|
||||
run: |
|
||||
yamllint .
|
||||
|
||||
molecule:
|
||||
name: Molecule
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
distro:
|
||||
- rockylinux9
|
||||
- ubuntu2204
|
||||
- debian12
|
||||
- opensuseleap15
|
||||
|
||||
steps:
|
||||
- name: Check out the codebase.
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: 'geerlingguy.nginx'
|
||||
|
||||
- name: Set up Python 3.
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install test dependencies.
|
||||
run: pip3 install ansible molecule molecule-plugins[docker] docker
|
||||
|
||||
- name: Run Molecule tests.
|
||||
run: molecule test
|
||||
env:
|
||||
PY_COLORS: '1'
|
||||
ANSIBLE_FORCE_COLOR: '1'
|
||||
MOLECULE_DISTRO: ${{ matrix.distro }}
|
|
@ -0,0 +1,40 @@
|
|||
---
|
||||
# This workflow requires a GALAXY_API_KEY secret present in the GitHub
|
||||
# repository or organization.
|
||||
#
|
||||
# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy
|
||||
# See: https://github.com/ansible/galaxy/issues/46
|
||||
|
||||
name: Release
|
||||
'on':
|
||||
push:
|
||||
tags:
|
||||
- '*'
|
||||
|
||||
defaults:
|
||||
run:
|
||||
working-directory: 'geerlingguy.nginx'
|
||||
|
||||
jobs:
|
||||
|
||||
release:
|
||||
name: Release
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out the codebase.
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
path: 'geerlingguy.nginx'
|
||||
|
||||
- name: Set up Python 3.
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: '3.x'
|
||||
|
||||
- name: Install Ansible.
|
||||
run: pip3 install ansible-core
|
||||
|
||||
- name: Trigger a new import on Galaxy.
|
||||
run: >-
|
||||
ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }}
|
||||
$(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2)
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
name: Close inactive issues
|
||||
'on':
|
||||
schedule:
|
||||
- cron: "55 18 * * 6" # semi-random time
|
||||
|
||||
jobs:
|
||||
close-issues:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
steps:
|
||||
- uses: actions/stale@v8
|
||||
with:
|
||||
days-before-stale: 120
|
||||
days-before-close: 60
|
||||
exempt-issue-labels: bug,pinned,security,planned
|
||||
exempt-pr-labels: bug,pinned,security,planned
|
||||
stale-issue-label: "stale"
|
||||
stale-pr-label: "stale"
|
||||
stale-issue-message: |
|
||||
This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
|
||||
|
||||
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
|
||||
close-issue-message: |
|
||||
This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
|
||||
stale-pr-message: |
|
||||
This pr has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution!
|
||||
|
||||
Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale.
|
||||
close-pr-message: |
|
||||
This pr has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details.
|
||||
repo-token: ${{ secrets.GITHUB_TOKEN }}
|
|
@ -1,3 +1,7 @@
|
|||
*.retry
|
||||
*/__pycache__
|
||||
*.pyc
|
||||
.cache
|
||||
|
||||
venv/
|
||||
.vscode/
|
||||
|
|
29
.travis.yml
29
.travis.yml
|
@ -1,29 +0,0 @@
|
|||
---
|
||||
language: python
|
||||
services: docker
|
||||
|
||||
env:
|
||||
global:
|
||||
- ROLE_NAME: nginx
|
||||
matrix:
|
||||
- MOLECULE_DISTRO: centos8
|
||||
- MOLECULE_DISTRO: ubuntu2004
|
||||
- MOLECULE_DISTRO: ubuntu1804
|
||||
- MOLECULE_DISTRO: debian10
|
||||
|
||||
install:
|
||||
# Install test dependencies.
|
||||
- pip install molecule yamllint ansible-lint docker
|
||||
|
||||
before_script:
|
||||
# Use actual Ansible Galaxy role name for the project directory.
|
||||
- cd ../
|
||||
- mv ansible-role-$ROLE_NAME geerlingguy.$ROLE_NAME
|
||||
- cd geerlingguy.$ROLE_NAME
|
||||
|
||||
script:
|
||||
# Run tests.
|
||||
- molecule test
|
||||
|
||||
notifications:
|
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/
|
|
@ -1,6 +1,10 @@
|
|||
---
|
||||
extends: default
|
||||
|
||||
rules:
|
||||
line-length:
|
||||
max: 120
|
||||
level: warning
|
||||
|
||||
ignore: |
|
||||
.github/workflows/stale.yml
|
||||
|
|
13
README.md
13
README.md
|
@ -1,6 +1,6 @@
|
|||
# Ansible Role: Nginx
|
||||
|
||||
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
|
||||
[![CI](https://github.com/geerlingguy/ansible-role-nginx/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-nginx/actions?query=workflow%3ACI)
|
||||
|
||||
**Note:** Please consider using the official [NGINX Ansible role](https://github.com/nginxinc/ansible-role-nginx) from NGINX, Inc.
|
||||
|
||||
|
@ -16,6 +16,11 @@ None.
|
|||
|
||||
Available variables are listed below, along with default values (see `defaults/main.yml`):
|
||||
|
||||
|
||||
nginx_listen_ipv6: true
|
||||
|
||||
Whether or not to listen on IPv6 (applied to all vhosts managed by this role).
|
||||
|
||||
nginx_vhosts: []
|
||||
|
||||
A list of vhost definitions (server blocks) for Nginx virtual hosts. Each entry will create a separate config file named by `server_name`. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
|
||||
|
@ -77,7 +82,7 @@ The user under which Nginx will run. Defaults to `nginx` for RedHat, `www-data`
|
|||
`nginx_worker_processes` should be set to the number of cores present on your machine (if the default is incorrect, find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). You can set `nginx_multi_accept` to `on` if you want Nginx to accept all connections immediately.
|
||||
|
||||
nginx_error_log: "/var/log/nginx/error.log warn"
|
||||
nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
|
||||
nginx_access_log: "/var/log/nginx/access.log main buffer=16k flush=2m"
|
||||
|
||||
Configuration of the default error and access logs. Set to `off` to disable a log entirely.
|
||||
|
||||
|
@ -150,6 +155,10 @@ Configures Nginx's [`log_format`](http://nginx.org/en/docs/http/ngx_http_log_mod
|
|||
|
||||
(For RedHat/CentOS only) Set this to `false` to disable the installation of the `nginx` yum repository. This could be necessary if you want the default OS stable packages, or if you use Satellite.
|
||||
|
||||
nginx_zypper_repo_enabled: true
|
||||
|
||||
(For Suse only) Set this to `false` to disable the installation of the `nginx` zypper repository. This could be necessary if you want the default OS stable packages, or if you use Suse Manager.
|
||||
|
||||
nginx_service_state: started
|
||||
nginx_service_enabled: yes
|
||||
|
||||
|
|
|
@ -5,6 +5,9 @@ nginx_default_release: ""
|
|||
# Used only for Redhat installation, enables source Nginx repo.
|
||||
nginx_yum_repo_enabled: true
|
||||
|
||||
# Used only for Suse installation, enables source Nginx repo.
|
||||
nginx_zypper_repo_enabled: true
|
||||
|
||||
# Use the official Nginx PPA for Ubuntu, and the version to use if so.
|
||||
nginx_ppa_use: false
|
||||
nginx_ppa_version: stable
|
||||
|
@ -30,8 +33,8 @@ nginx_sendfile: "on"
|
|||
nginx_tcp_nopush: "on"
|
||||
nginx_tcp_nodelay: "on"
|
||||
|
||||
nginx_keepalive_timeout: "65"
|
||||
nginx_keepalive_requests: "100"
|
||||
nginx_keepalive_timeout: "75"
|
||||
nginx_keepalive_requests: "600"
|
||||
|
||||
nginx_server_tokens: "on"
|
||||
|
||||
|
@ -57,6 +60,10 @@ nginx_extra_http_options: ""
|
|||
# proxy_set_header Host $http_host;
|
||||
|
||||
nginx_remove_default_vhost: false
|
||||
|
||||
# Listen on IPv6 (default: true)
|
||||
nginx_listen_ipv6: true
|
||||
|
||||
nginx_vhosts: []
|
||||
# Example vhost below, showing all available options:
|
||||
# - listen: "80" # default: "80"
|
||||
|
@ -78,11 +85,10 @@ nginx_upstreams: []
|
|||
# - name: myapp1
|
||||
# strategy: "ip_hash" # "least_conn", etc.
|
||||
# keepalive: 16 # optional
|
||||
# servers: {
|
||||
# "srv1.example.com",
|
||||
# "srv2.example.com weight=3",
|
||||
# "srv3.example.com"
|
||||
# }
|
||||
# servers:
|
||||
# - "srv1.example.com"
|
||||
# - "srv2.example.com weight=3"
|
||||
# - "srv3.example.com"
|
||||
|
||||
nginx_log_format: |-
|
||||
'$remote_addr - $remote_user [$time_local] "$request" '
|
||||
|
|
|
@ -8,3 +8,4 @@
|
|||
|
||||
- name: reload nginx
|
||||
service: name=nginx state=reloaded
|
||||
when: nginx_service_state == "started"
|
||||
|
|
|
@ -7,13 +7,8 @@ galaxy_info:
|
|||
description: Nginx installation for Linux, FreeBSD and OpenBSD.
|
||||
company: "Midwestern Mac, LLC"
|
||||
license: "license (BSD, MIT)"
|
||||
min_ansible_version: 2.4
|
||||
min_ansible_version: 2.10
|
||||
platforms:
|
||||
- name: EL
|
||||
versions:
|
||||
- 6
|
||||
- 7
|
||||
- 8
|
||||
- name: Debian
|
||||
versions:
|
||||
- all
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
---
|
||||
role_name_check: 1
|
||||
dependency:
|
||||
name: galaxy
|
||||
options:
|
||||
ignore-errors: true
|
||||
driver:
|
||||
name: docker
|
||||
lint: |
|
||||
set -e
|
||||
yamllint .
|
||||
ansible-lint
|
||||
platforms:
|
||||
- name: instance
|
||||
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest"
|
||||
image: "geerlingguy/docker-${MOLECULE_DISTRO:-rockylinux8}-ansible:latest"
|
||||
command: ${MOLECULE_DOCKER_COMMAND:-""}
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:rw
|
||||
cgroupns_mode: host
|
||||
privileged: true
|
||||
pre_build_image: true
|
||||
provisioner:
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
# Setup/install tasks.
|
||||
- include_tasks: setup-RedHat.yml
|
||||
when: ansible_os_family == 'RedHat'
|
||||
when: ansible_os_family == 'RedHat' or ansible_os_family == 'Rocky' or ansible_os_family == 'AlmaLinux'
|
||||
|
||||
- include_tasks: setup-Ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
@ -27,6 +27,9 @@
|
|||
- include_tasks: setup-Archlinux.yml
|
||||
when: ansible_os_family == 'Archlinux'
|
||||
|
||||
- include_tasks: setup-Suse.yml
|
||||
when: ansible_os_family == 'Suse'
|
||||
|
||||
# Vhost configuration.
|
||||
- import_tasks: vhosts.yml
|
||||
|
||||
|
|
|
@ -14,3 +14,4 @@
|
|||
file:
|
||||
path: /var/log/nginx
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
|
|
@ -8,3 +8,4 @@
|
|||
file:
|
||||
path: /var/log/nginx
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
- name: Enable nginx repo.
|
||||
zypper_repository:
|
||||
name: nginx
|
||||
repo: http://nginx.org/packages/sles/{{ ansible_distribution_major_version }}
|
||||
state: present
|
||||
disable_gpg_check: true
|
||||
autorefresh: true
|
||||
when: nginx_zypper_repo_enabled | bool
|
||||
|
||||
- name: Ensure nginx is installed.
|
||||
package:
|
||||
name: "{{ nginx_package_name }}"
|
||||
state: present
|
|
@ -4,7 +4,7 @@
|
|||
name: dirmngr
|
||||
state: present
|
||||
|
||||
- name: Add PPA for Nginx.
|
||||
- name: Add PPA for Nginx (if configured).
|
||||
apt_repository:
|
||||
repo: 'ppa:nginx/{{ nginx_ppa_version }}'
|
||||
state: present
|
||||
|
@ -14,7 +14,7 @@
|
|||
|
||||
- name: Ensure nginx will reinstall if the PPA was just added.
|
||||
apt:
|
||||
name: nginx
|
||||
name: "{{ nginx_package_name }}"
|
||||
state: absent
|
||||
when: nginx_ppa_added is changed
|
||||
tags: ['skip_ansible_lint']
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
file:
|
||||
path: "{{ nginx_vhost_path }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
notify: reload nginx
|
||||
|
||||
- name: Add managed vhost config files.
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
{% if item.server_name_redirect is defined %}
|
||||
server {
|
||||
listen {{ item.listen | default('80') }};
|
||||
{% if nginx_listen_ipv6 %}
|
||||
listen [::]:{{item.listen | default('80') }};
|
||||
{% endif %}
|
||||
server_name {{ item.server_name_redirect }};
|
||||
return 301 $scheme://{{ item.server_name.split(' ')[0] }}$request_uri;
|
||||
}
|
||||
|
@ -13,6 +16,9 @@ server {
|
|||
|
||||
{% block server_basic -%}
|
||||
listen {{ item.listen | default('80') }};
|
||||
{% if nginx_listen_ipv6 %}
|
||||
listen [::]:{{item.listen | default('80') }};
|
||||
{% endif %}
|
||||
|
||||
{% if item.server_name is defined %}
|
||||
server_name {{ item.server_name }};
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
root_group: root
|
||||
nginx_conf_path: /etc/nginx/conf.d
|
||||
nginx_conf_file_path: /etc/nginx/nginx.conf
|
||||
nginx_mime_file_path: /etc/nginx/mime.types
|
||||
nginx_pidfile: /var/run/nginx.pid
|
||||
nginx_vhost_path: /etc/nginx/conf.d
|
||||
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
|
||||
__nginx_user: "nginx"
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
root_group: root
|
||||
nginx_conf_path: /etc/nginx/conf.d
|
||||
nginx_conf_file_path: /etc/nginx/nginx.conf
|
||||
nginx_mime_file_path: /etc/nginx/mime.types
|
||||
nginx_pidfile: /var/run/nginx.pid
|
||||
nginx_vhost_path: /etc/nginx/conf.d
|
||||
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
|
||||
__nginx_user: "nginx"
|
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
root_group: root
|
||||
nginx_conf_path: /etc/nginx/conf.d
|
||||
nginx_conf_file_path: /etc/nginx/nginx.conf
|
||||
nginx_mime_file_path: /etc/nginx/mime.types
|
||||
nginx_pidfile: /var/run/nginx.pid
|
||||
nginx_vhost_path: /etc/nginx/conf.d
|
||||
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf
|
||||
__nginx_user: "nginx"
|
Loading…
Reference in New Issue