mirror of
https://github.com/DO1JLR/ansible_role_nginx.git
synced 2024-08-16 16:19:48 +02:00
create option for logging
create option for logging add new ansible prefix
This commit is contained in:
parent
c0bd7476c0
commit
0144eb1c02
GPG key ID:
CD08445BFF4313D1
10 changed files with 57 additions and 49 deletions
|
|
@ -5,17 +5,18 @@ submodules_versioncheck: false
|
|||
nginx_sites: {}
|
||||
|
||||
# nginx_sites:
|
||||
# - name: 'example.org'
|
||||
# altnames:
|
||||
# - name: 'example.org' # required
|
||||
# altnames: # Optional alternative names
|
||||
# - 'www.example.org'
|
||||
# - 'ftp.example.org'
|
||||
# robots: 'robots_allow_all.txt' Optional, unimplemented
|
||||
# htaccess: 'htpasswd.example.org' Optional, unimplemented
|
||||
# webroot: Optional, for use with 'webhost' role
|
||||
# path Optional, for use with 'webhost' role
|
||||
# user Optional, for use with 'webhost' role
|
||||
# group Optional, for use with 'webhost' role
|
||||
# mode Optional, for use with 'webhost' role
|
||||
# logging: false # Optional enable nginx logging
|
||||
# robots: 'robots_allow_all.txt' # Optional, unimplemented
|
||||
# htaccess: 'htpasswd.example.org' # Optional, unimplemented
|
||||
# webroot: # Optional, for use with 'webhost' role
|
||||
# path # Optional, for use with 'webhost' role
|
||||
# user # Optional, for use with 'webhost' role
|
||||
# group # Optional, for use with 'webhost' role
|
||||
# mode # Optional, for use with 'webhost' role
|
||||
|
||||
nginx__snippet_path: 'files/nginx/snippets/'
|
||||
nginx__snippet_files:
|
||||
|
|
@ -25,6 +26,8 @@ nginx__snippet_files:
|
|||
|
||||
# default_robots_file: 'robots_disallow_all.txt'
|
||||
|
||||
# nginx logging default for all sites
|
||||
nginx__default_enable_logging: false
|
||||
|
||||
nginx__dhparam_size: 4096
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
error_log /var/log/nginx/log_{{ site.name }}.error.log;
|
||||
|
||||
#access_log /var/log/nginx/log_{{ site.name }}.access.log;
|
||||
access_log off;
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
- name: Create default site tls https configuration
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'templates/nginx/sites-available/default_tls.j2'
|
||||
dest: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
|
||||
owner: root
|
||||
|
|
@ -23,7 +23,7 @@
|
|||
|
||||
- name: Enable default site plain http configuration
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: '/etc/nginx/sites-available/{{ inventory_hostname }}_http'
|
||||
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_http'
|
||||
state: link
|
||||
|
|
@ -33,7 +33,7 @@
|
|||
# Note: Done by acmetool after sucessfully obtaining a suitable certificate
|
||||
- name: Enable default site configuration
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: '/etc/nginx/sites-available/{{ inventory_hostname }}_tls'
|
||||
dest: '/etc/nginx/sites-enabled/{{ inventory_hostname }}_tls'
|
||||
state: link
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Update apt cache
|
||||
become: true
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
cache_valid_time: 3600
|
||||
update_cache: true
|
||||
when:
|
||||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
- name: Install nginx
|
||||
become: true
|
||||
package:
|
||||
ansible.builtin.package:
|
||||
name:
|
||||
- 'nginx'
|
||||
state: "{{ nxinx__state }}"
|
||||
|
|
|
|||
|
|
@ -1,13 +1,13 @@
|
|||
---
|
||||
- name: simple versionscheck
|
||||
include_tasks: versioncheck.yml
|
||||
ansible.builtin.include_tasks: versioncheck.yml
|
||||
when: submodules_versioncheck | bool
|
||||
|
||||
- name: Install nginx
|
||||
include_tasks: installation.yml
|
||||
ansible.builtin.include_tasks: installation.yml
|
||||
|
||||
- name: Configure nginx
|
||||
include_tasks: nginx.yml
|
||||
ansible.builtin.include_tasks: nginx.yml
|
||||
|
||||
- name: start nginx webserver
|
||||
ansible.builtin.systemd:
|
||||
|
|
@ -16,19 +16,19 @@
|
|||
enabled: true
|
||||
|
||||
- name: configure nginx default site
|
||||
include_tasks: default_site.yml
|
||||
ansible.builtin.include_tasks: default_site.yml
|
||||
when: nginx__infrastructure_domain__enabled | bool
|
||||
|
||||
- name: Configure nginx sites
|
||||
include_tasks: single_site.yml
|
||||
ansible.builtin.include_tasks: single_site.yml
|
||||
with_items: '{{ nginx_sites }}'
|
||||
loop_control:
|
||||
loop_var: site
|
||||
|
||||
# Restart nginx before doing acme stuff
|
||||
- name: Flush handlers to restart nginx now
|
||||
meta: flush_handlers
|
||||
ansible.builtin.meta: flush_handlers
|
||||
|
||||
- name: Configure acmetool and obtain certificates
|
||||
include_tasks: acme.yml
|
||||
ansible.builtin.include_tasks: acme.yml
|
||||
when: nginx__acmetool_enabled
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Copy main nginx configuration file
|
||||
become: true
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: 'nginx/nginx.conf'
|
||||
dest: '/etc/nginx/'
|
||||
owner: root
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
- name: Create 'private' directory
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '/etc/nginx/private'
|
||||
state: directory
|
||||
owner: root
|
||||
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
- name: Create new dhparam of size '{{ nginx__dhparam_size }}'
|
||||
become: true
|
||||
openssl_dhparam:
|
||||
community.crypto.openssl_dhparam:
|
||||
path: '/etc/nginx/private/dhparam.pem'
|
||||
size: '{{ nginx__dhparam_size | mandatory }}'
|
||||
notify:
|
||||
|
|
@ -29,7 +29,7 @@
|
|||
|
||||
- name: Create 'sites-available' directory
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '/etc/nginx/sites-available'
|
||||
state: directory
|
||||
owner: root
|
||||
|
|
@ -38,7 +38,7 @@
|
|||
|
||||
- name: Create 'sites-enabled' directory
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '/etc/nginx/sites-enabled'
|
||||
state: directory
|
||||
owner: root
|
||||
|
|
@ -48,7 +48,7 @@
|
|||
# Todo: Reconsider best practices
|
||||
- name: Remove default site config from package installation
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '{{ item }}'
|
||||
state: absent
|
||||
with_items:
|
||||
|
|
@ -57,7 +57,7 @@
|
|||
|
||||
- name: Create 'snippets' directory
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '/etc/nginx/snippets'
|
||||
state: directory
|
||||
owner: root
|
||||
|
|
@ -66,7 +66,7 @@
|
|||
|
||||
- name: Copy nginx snippet files
|
||||
become: true
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: '{{ nginx__snippet_path }}{{ item }}'
|
||||
dest: '/etc/nginx/snippets/{{ item }}'
|
||||
owner: root
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Create '{{ site.name }}' site plain http configuration
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'templates/nginx/sites-available/http_plain_redirect.conf.j2'
|
||||
dest: '/etc/nginx/sites-available/{{ site.name }}_http'
|
||||
owner: root
|
||||
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
- name: Create '{{ site.name }}' site tls https configuration
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'files/nginx/sites/{{ site.name }}_tls.conf'
|
||||
dest: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
||||
owner: root
|
||||
|
|
@ -23,7 +23,7 @@
|
|||
|
||||
- name: Create '{{ site.name }}' site tls parameter configuration
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'files/nginx/snippets/tls_parameters.snippet.conf'
|
||||
dest: '/etc/nginx/snippets/tls_parameters_{{ site.name }}.snippet.conf'
|
||||
owner: root
|
||||
|
|
@ -34,7 +34,7 @@
|
|||
|
||||
- name: Create '{{ site.name }}' site tls certificate configuration
|
||||
become: true
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: 'files/nginx/snippets/tls_certificate.snippet.conf'
|
||||
dest: '/etc/nginx/snippets/tls_certificate_{{ site.name }}.snippet.conf'
|
||||
owner: root
|
||||
|
|
@ -45,8 +45,8 @@
|
|||
|
||||
- name: Create '{{ site.name }}' site logging configuration
|
||||
become: true
|
||||
template:
|
||||
src: 'files/nginx/snippets/logging.snippet.conf'
|
||||
ansible.builtin.template:
|
||||
src: 'templates/nginx/snippets/logging.snippet.conf.j2'
|
||||
dest: '/etc/nginx/snippets/logging_{{ site.name }}.snippet.conf'
|
||||
owner: root
|
||||
group: root
|
||||
|
|
@ -56,7 +56,7 @@
|
|||
|
||||
- name: Enable '{{ site.name }}' site plain http configuration
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: '/etc/nginx/sites-available/{{ site.name }}_http'
|
||||
dest: '/etc/nginx/sites-enabled/{{ site.name }}_http'
|
||||
state: link
|
||||
|
|
@ -67,7 +67,7 @@
|
|||
# Note: done by acmetool after sucessfully obtaining a suitable certificate
|
||||
- name: Enable '{{ site.name }}' site tls configuration
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
src: '/etc/nginx/sites-available/{{ site.name }}_tls'
|
||||
dest: '/etc/nginx/sites-enabled/{{ site.name }}_tls'
|
||||
state: link
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- name: Create directory for versionscheck
|
||||
become: true
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: '/etc/.ansible-version'
|
||||
state: directory
|
||||
mode: 0755
|
||||
|
|
@ -9,7 +9,7 @@
|
|||
|
||||
- name: check playbook version
|
||||
become: true
|
||||
slurp:
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/.ansible-version/{{ playbook_version_path }}"
|
||||
register: playbook_version
|
||||
when: submodules_versioncheck|bool
|
||||
|
|
@ -17,29 +17,29 @@
|
|||
failed_when: false
|
||||
|
||||
- name: Print remote role version
|
||||
debug:
|
||||
ansible.builtin.debug:
|
||||
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
|
||||
when: submodules_versioncheck|bool
|
||||
|
||||
- name: Print locale role version
|
||||
debug:
|
||||
ansible.builtin.debug:
|
||||
msg: "Local role version: '{{ playbook_version_number|string }}'."
|
||||
when: submodules_versioncheck|bool
|
||||
|
||||
- name: Check if your version is outdated
|
||||
fail:
|
||||
ansible.builtin.fail:
|
||||
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
|
||||
when:
|
||||
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
|
||||
|
||||
- name: check if '/etc/ansible-version/' is empty
|
||||
find:
|
||||
ansible.builtin.find:
|
||||
paths: '/etc/ansible-version/'
|
||||
register: filesFound
|
||||
|
||||
- name: write new version to remote disk
|
||||
become: true
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
content: "{{ playbook_version_number }}"
|
||||
dest: "/etc/.ansible-version/{{ playbook_version_path }}"
|
||||
mode: '0644'
|
||||
|
|
|
|||
9
templates/nginx/snippets/logging.snippet.conf.j2
Normal file
9
templates/nginx/snippets/logging.snippet.conf.j2
Normal file
|
|
@ -0,0 +1,9 @@
|
|||
error_log /var/log/nginx/log_{{ site.name }}.error.log;
|
||||
|
||||
{% if site.logging | default( nginx__default_enable_logging ) -%}
|
||||
access_log /var/log/nginx/log_{{ site.name }}.access.log;
|
||||
access_log on;
|
||||
{% else %}
|
||||
# access_log /var/log/nginx/log_{{ site.name }}.access.log;
|
||||
access_log off;
|
||||
{% endif %}
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
---
|
||||
playbook_version_number: 22 # should be int
|
||||
playbook_version_number: 23 # should be int
|
||||
playbook_version_path: 'do1jlr.nginx_roles-ansible.version'
|
||||
|
|
|
|||
Loading…
Reference in a new issue