infra/ansible-role-nginx
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git-ssh.notandy.de:2222/ansible/roles/nginx

Browse source
This commit is contained in:
nd 2021-10-23 17:06:44 +02:00
commit e6a42e31a4
No known key found for this signature in database
GPG key ID: 21B5CD4DEE3670E9
6 changed files with 53 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
defaults/main.yml
View file

@ -1,5 +1,6 @@
nginx: nginx:
add_headers: [] add_headers: []
real_ip_header: "X-Forwarded-For"
real_ip_from: real_ip_from:
"127.0.0.1": {} "127.0.0.1": {}
"::1": {} "::1": {}
@ -9,6 +10,7 @@ nginx:
snakeoil_default: false snakeoil_default: false
upstreams: {} upstreams: {}
vhosts: {} vhosts: {}
streams: {}
maps: {} maps: {}
resolver: resolver:
- 8.8.8.8 - 8.8.8.8
@ -44,6 +46,13 @@ nginx_vhosts_defaults:
hide_proxy_headers: {} hide_proxy_headers: {}
backend: ~ backend: ~
nginx_streams_defaults:
listen:
custom: []
includes: []
proxy_pass: ~
proxy_protocol: "off"
nginx_forcessl_vhost: nginx_forcessl_vhost:
"https-redirect": "https-redirect":
listen: listen:

7
files/config/nginx.conf
View file

@ -3,6 +3,7 @@ worker_processes auto;
pid /run/nginx.pid; pid /run/nginx.pid;
load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so; load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
load_module /usr/lib/nginx/modules/ngx_stream_module.so;
events { events {
use epoll; use epoll;
@ -22,6 +23,7 @@ http {
types_hash_max_size 2048; types_hash_max_size 2048;
server_tokens off; server_tokens off;
reset_timedout_connection on; reset_timedout_connection on;
large_client_header_buffers 4 32k;
server_names_hash_bucket_size 64; server_names_hash_bucket_size 64;
map_hash_bucket_size 64; map_hash_bucket_size 64;
@ -36,3 +38,8 @@ http {
## ##
include /etc/nginx/sites-enabled/*; include /etc/nginx/sites-enabled/*;
} }
stream {
include /etc/nginx/conf.d/upstreams.conf;
include /etc/nginx/streams/*;
}

12
tasks/main.yml
View file

@ -22,6 +22,7 @@
pkg: pkg:
- nginx - nginx
- libnginx-mod-http-headers-more-filter - libnginx-mod-http-headers-more-filter
- libnginx-mod-stream
- goaccess - goaccess
notify: notify:
- delete nginx index.nginx-debian.html - delete nginx index.nginx-debian.html
@ -83,6 +84,17 @@
notify: notify:
- restart nginx - restart nginx
- name: create and enable nginx streams
template:
src: stream.conf.j2
dest: "/etc/nginx/streams/{{ item.key }}"
owner: root
group: root
mode: 0644
with_dict: "{{ {}|combine(nginx.streams, recursive=True) }}"
notify:
- restart nginx
- name: delete nginx default config - name: delete nginx default config
file: path=/etc/nginx/sites-enabled/default state=absent file: path=/etc/nginx/sites-enabled/default state=absent

2
templates/proxy.conf.j2
View file

@ -1,5 +1,5 @@
{% for ip in nginx.real_ip_from %} {% for ip in nginx.real_ip_from %}
set_real_ip_from {{ ip }}; set_real_ip_from {{ ip }};
{% endfor %} {% endfor %}
real_ip_header X-Forwarded-For; real_ip_header {{ nginx.real_ip_header }};
real_ip_recursive on; real_ip_recursive on;

22
templates/stream.conf.j2 Normal file
View file

@ -0,0 +1,22 @@
#jinja2:lstrip_blocks: True
{% set stream = {}|combine(nginx_streams_defaults, item.value, recursive=True) %}
{% set stream_name = item.key %}
server {
{% for i in stream.listen.custom %}
listen {{ i }};
{% endfor %}
proxy_pass {{ stream.proxy_pass }};
proxy_protocol {{ stream.proxy_protocol }};
{% for c in stream.custom|default([]) %}
{{ c }};
{% endfor %}
{% for include in stream.includes %}
include {{ include }};
{% endfor %}
}

2
templates/vhost.conf.j2
View file

@ -47,6 +47,8 @@ server {
{% if location.backend|d(False) %} {% if location.backend|d(False) %}
proxy_pass {{ location.backend }}; proxy_pass {{ location.backend }};
proxy_buffering off;
# add proxy headers # add proxy headers
proxy_set_header Host {{ vhost.host }}; proxy_set_header Host {{ vhost.host }};
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;