Merge branch 'master' of https://git.cccv.de/infra/ansible/roles/nginx

2023-09-01 23:48:25 +02:00 · 2023-09-01 23:48:25 +02:00 · f18e26456c
commit f18e26456c
parent 70cd552c1c 48bfecda7e
8 changed files with 61 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -26,6 +26,9 @@ vhosts: {}
 # name: *mapsconfig*, see below for definition
 maps: {}

+# name: *cacheconfig*, see below for definition
+caches: {}
+
 # force all traffic on ssl, except letsencrypt challenges
 force_ssl: True

@ -117,6 +120,9 @@ alias: None

 # Array of custom config strings to add to the vhost config, the ";" is added after every entry
 custom: []
+
+# name of the cache to use, only set if not none
+cache: None
 ```

 **authconfig**
@ -148,7 +154,16 @@ data: {}

 **phpconfig**:
 ```
+# If set, fpm forks exactly the number of worker processes specified (pm=static, pm.max_children=COUNT)
+fpm_process_count: 5
 ini:
 	post_max_size: 64M
 	upload_max_filesize: 64M
 ```
+
+**cacheconfig**:
+```
+keys_zone_size: "10m"
+cache_size: "1g"
+inactive_time: "10m"
+```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -12,6 +12,7 @@ nginx:
  vhosts: {}
  streams: {}
  maps: {}
+  caches: {}
  resolver:
    - 8.8.8.8
    - 8.8.4.4
@ -57,6 +58,11 @@ nginx_streams_defaults:
  proxy_connect_timeout: "2s"
  proxy_next_upstream_tries: 2

+nginx_caches_defaults:
+  keys_zone_size: "10m"
+  cache_size: "1g"
+  inactive_time: "60m"
+
 nginx_forcessl_vhost:
  "https-redirect":
    listen:
@ -78,3 +84,5 @@ phpinidefault:
  upload_max_filesize: 64M
  memory_limit: 128M
  date_timezone: UTC
+  session_gc_maxlifetime: 1440
+  syslog: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -42,6 +42,15 @@
  notify:
  - restart nginx

+- name: create cache directories
+  with_dict: "{{ nginx.caches }}"
+  file:
+    path: "/var/cache/nginx/{{ item.key }}"
+    state: directory
+    mode: '0755'
+    owner: www-data
+    recurse: True
+
 - name: execute ssl template
  template:
    src: ssl_files.conf.j2
@ -58,6 +67,7 @@
    - upstreams.conf
    - proxy.conf
    - maps.conf
+    - caches.conf
  template:
    src: "{{ item }}.j2"
    dest: "/etc/nginx/conf.d/{{ item }}"
--- a/tasks/php-fpm.yml
+++ b/tasks/php-fpm.yml
@ -8,6 +8,7 @@
    - php-ldap
    - php-gd
    - php-imagick
+    - libmagickcore-6.q16-6-extra # SVG support for php-imagick
    - php-xml
    - php-mbstring
    - php-opcache
--- a/templates/caches.conf.j2
+++ b/templates/caches.conf.j2
@ -0,0 +1,6 @@
+{% for cache in nginx.caches %}
+{% set c = {}|combine(nginx_caches_defaults, nginx.caches[cache], recursive=True) %}
+# {{ cache }}
+proxy_cache_path /var/cache/nginx/{{ cache }} levels=1:2 keys_zone={{ cache }}:{{ c.keys_zone_size }} max_size={{ c.cache_size }} inactive={{ c.inactive_time }} use_temp_path=off;
+
+{% endfor %}
--- a/templates/php-fpm/php.ini.j2
+++ b/templates/php-fpm/php.ini.j2
@ -571,7 +571,9 @@ html_errors = On
 ; Example:
 ;error_log = php_errors.log
 ; Log errors to syslog (Event Log on Windows).
-;error_log = syslog
+{% if phpini.syslog %}
+error_log = syslog
+{% endif %}

 ;windows.show_crt_warning
 ; Default value: 0
@ -1422,7 +1424,7 @@ session.gc_divisor = 1000
 ; After this number of seconds, stored data will be seen as 'garbage' and
 ; cleaned up by the garbage collection process.
 ; http://php.net/session.gc-maxlifetime
-session.gc_maxlifetime = 1440
+session.gc_maxlifetime = {{ phpini.session_gc_maxlifetime }}

 ; NOTE: If you are using the subdirectory option for storing session files
 ;       (see session.save_path above), then garbage collection does *not*
--- a/templates/php-fpm/www.conf.j2
+++ b/templates/php-fpm/www.conf.j2
@ -99,7 +99,11 @@ listen.group = www-data
 ;             pm.process_idle_timeout   - The number of seconds after which
 ;                                         an idle process will be killed.
 ; Note: This value is mandatory.
+{% if nginx.php.fpm_process_count|d(False) %}
+pm = static
+{% else %}
 pm = dynamic
+{% endif %}

 ; The number of child processes to be created when pm is set to 'static' and the
 ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
@ -110,7 +114,7 @@ pm = dynamic
 ; forget to tweak pm.* to fit your needs.
 ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 ; Note: This value is mandatory.
-pm.max_children = 50
+pm.max_children = {{ nginx.php.fpm_process_count|d(50) }}

 ; The number of child processes created on startup.
 ; Note: Used only when pm is set to 'dynamic'
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@ -47,7 +47,19 @@ server {
 		{% if location.backend|d(False) %}
 		proxy_pass {{ location.backend }};

+		{% if location.cache|d(False) %}
+		proxy_cache                             {{ location.cache }};
+		proxy_cache_revalidate                  on;
+		proxy_cache_lock                        on;
+		proxy_cache_use_stale                   error timeout http_500 http_502 http_503 http_504;
+		proxy_cache_background_update           on;
+		# use actual host instead of proxy host for cache key
+		proxy_cache_key 						$scheme$host$uri$is_args$args;
+		# for debugging purposes, add the following header
+		#add_header X-Cache-Status $upstream_cache_status;
+		{% else %}
 		proxy_buffering off;
+		{% endif %}

 		# add proxy headers
 		proxy_set_header Host			{{ location.host|d(vhost.host) }};